41 lines
1.7 KiB
Plaintext
41 lines
1.7 KiB
Plaintext
# =============================================================================
|
|
# DNS Chain: Router(:53) → AdGuard(:53,DOH,DOT) → Pi-hole(:5353) → Unbound(:5335)
|
|
# =============================================================================
|
|
# BE9300 router points to this host on port 53
|
|
# AdGuard handles DOH(443), DOT(853), and standard DNS(53)
|
|
# Pi-hole runs on port 5353 to avoid conflict with AdGuard
|
|
# Unbound provides recursive DNS on 5335 (installed locally)
|
|
# =============================================================================
|
|
|
|
# Step 1: Start Pi-hole on port 5053 (5353 is used by mDNS/Avahi, 53 is AdGuard)
|
|
# Configure upstream to Unbound on 127.0.0.1#5335
|
|
# NOTE: DNS1/DNS2 are deprecated in Pi-hole v6+, use FTLCONF_dns_upstreams instead
|
|
docker run -d \
|
|
--name pihole \
|
|
--network host \
|
|
-e TZ=America/Chicago \
|
|
-e WEBPASSWORD=YOURPASSWORD \
|
|
-e FTLCONF_webserver_enabled=true \
|
|
-e FTLCONF_webserver_port=7300 \
|
|
-e WEB_BIND_ADDR=0.0.0.0 \
|
|
-e FTLCONF_dns_port=5053 \
|
|
-e FTLCONF_dns_upstreams=127.0.0.1#5335 \
|
|
-v pihole_etc:/etc/pihole:rw \
|
|
-v pihole_dnsmasq:/etc/dnsmasq.d:rw \
|
|
--restart=unless-stopped \
|
|
pihole/pihole:latest
|
|
|
|
# Step 2: Start AdGuard Home on port 53 (what router sees)
|
|
# After first run, access http://<host-ip>:3000 to configure:
|
|
# - Upstream DNS: 127.0.0.1:5353 (Pi-hole)
|
|
# - DNS listen: 0.0.0.0:53
|
|
# - Enable DOH (port 443) and DOT (port 853)
|
|
docker run -d \
|
|
--name adguardhome \
|
|
--network host \
|
|
-e TZ=America/Chicago \
|
|
-v adguard_conf:/opt/adguardhome/conf:rw \
|
|
-v adguard_work:/opt/adguardhome/work:rw \
|
|
-v adguard_certs:/opt/adguardhome/conf/certs:ro \
|
|
--restart=unless-stopped \
|
|
adguard/adguardhome:latest |