Docker + pihole + cloudflared secure private DNS over DoH

0-docker-pihole-doh.md

Create a docker based PiHole server that writes only to memory.

Features

• fully supports ipv6
• portable and private dns server
• no sensitive data written to disk
• uses cloudflare doh as upstream dns source

Steps

1. tweak and save the docker-compose.yml file
2. run docker-compose up to generate the contents of the etc folders
3. log into pihole at http://127.0.0.1:88
4. go to settings > dns then uncheck all upstream dns servers
5. add 172.20.0.10 as custom dns #1
6. update your etc-pihole/pihole-FTL.conf
7. docker-compose restart

1-docker-compose.yml

version: "3"

services:
  pihole:
    container_name: pihole
    restart: unless-stopped
    image: pihole/pihole:latest
    ports:
      - "53:53/tcp"
      - "53:53/udp"
      - "88:80/tcp"
    networks:
      dns:
        ipv4_address: 172.20.0.9
    environment:
      TZ: 'America/Chicago'
      WEBPASSWORD: '[ ... ADD YOUR PASSWORD HERE ... ]'
    volumes:
      - 'ramdisk:/var/log/pihole'
      - './etc-pihole:/etc/pihole'
      - './etc-dnsmasq.d:/etc/dnsmasq.d'

  cloudflare:
    container_name: cloudflare
    restart: unless-stopped
    image: visibilityspots/cloudflared
    networks:
      dns:
        ipv4_address: 172.20.0.10
    expose:
      - '53/tcp'
      - '53/udp'
    environment:
      PORT: 53
      UPSTREAM1: https://1.1.1.1/dns-query
      UPSTREAM2: https://1.0.0.1/dns-query

volumes:
  ramdisk:
    driver_opts:
      type: tmpfs
      device: tmpfs

networks:
  dns:
    ipam:
      config:
        - subnet: 172.20.0.0/24
 

2-pihole-FTL.conf

#; Pi-hole FTL config file
#; Comments should start with #; to avoid issues with PHP and bash reading this file

#; Specify how long to store entries in the pihole-FTL.db file
MAXDBDAYS=1

#; Store the database file in the memory storage
DBFILE=/var/log/pihole/pihole-FTL.db