Pi-hole DNS

Network-wide ad blocking and recursive DNS resolver.

Overview

Property	Value
Host	192.168.1.50 (CT100 “pihole”)
Type	Docker in LXC (Proxmox)
Ports	53 (DNS), 80/443 (web)

Access

• Web UI: http://192.168.1.50/admin
• SSH: ssh root@192.168.1.144 then pct enter 100

Architecture

Network clients → Pi-hole (:53) → Unbound (:5335) → Root servers

Unbound Recursive DNS

• No upstream providers — queries root/TLD/authoritative servers directly
• Privacy — no Quad9/Cloudflare/Google sees your queries
• VPN killswitch compatible — DNS stays on LAN, no external leakage

Configuration Files

File	Location
Pi-hole config	/opt/pihole/etc-pihole/pihole.toml
Unbound config	/etc/unbound/unbound.conf.d/pi-hole.conf

Pi-hole Upstream (recursive)

upstreams = ["127.0.0.1#5335"]  # Local Unbound

Unbound Settings

• Port: 5335
• DNSSEC: enabled
• qname-minimisation: yes
• Prefetch: enabled

Useful Commands

# Inside CT100
docker exec pihole pihole status
docker exec pihole pihole -t        # tail query log
unbound-control stats               # Unbound stats
systemctl status unbound

Related

• Network Overview
• Proxmox Setup
• WireGuard VPN