Running Pi-hole on a UDM Pro

calendar March 31, 2022 nav_categories Tech nav_categories Software nav_tags container nav_tags podman nav_tags pihole nav_tags dns nav_tags networking nav_tags udm nav_tags udm pro

I have a Pi-hole Docker container running on my NAS, but DNS functionality is too important to have a single point of failure.

If something were to happen to my NAS, my home network would have no DNS resolution, which brings the network to it's knees.

I had been using a Raspberry Pi as my second DNS server, running Pi-hole, but the Raspberry Pi stopped working.

After discovering that Ubiquiti's Ultimate Dream Machine Pro (UDM Pro) allows you to run containers, and Pi-hole is one of the containers available, I decided to move my second Pi-hole to the UDM Pro.

Steps to configure the UDM Pro as a Pihole DNS blackhole server

Install udm-boot

To survive reboots and firmware updates on the UDM, Boostchicken has a package, udm-boot, that can be installed to automatically run a shell script(s) at S95 anytime your UDM starts / reboots.

  • SSH into your UDM Pro

  • Switch to the UniFi shell

    unifi-os shell

  • Download the boot scripts:

    curl -L https://udm-boot.boostchicken.dev -o udm-boot_1.0.5_all.deb

  • Install the boot scripts:

    dpkg -i udm-boot_1.0.5_all.deb

  • Exit out of the UniFi shell (this is important!):

    exit

Create the network for Pi-Hole

In the UDM Legacy UI web GUI:

  • Name: Pi-Hole VLAN network
  • Purpose: Corporate
  • VLAN: 5
  • Gateway IP/Subnet: 10.0.0.1/24
  • DHCP Mode: None

Creating a Pi-hole network on the UDM

Download and configure dns.conflist file

curl -L https://github.com/boostchicken-dev/udm-utilities/raw/master/cni-plugins/20-dns.conflist -o /mnt/data/podman/cni/dns.conflist

Edit the file to meet your network configuration.

In my network, my main LAN network is 192.168.1.0/24, but I'm using 10.0.0.0/24 for this Pi-hole instance.

My /mnt/data/podman/cni/dns.conflist file:

{
  "cniVersion": "0.4.0",
  "name": "dns",
  "plugins": [
    {
      "type": "macvlan",
      "mode": "bridge",
      "master": "br5",
      "mac": "00:1c:b4:26:51:3d",
      "ipam": {
        "type": "static",
        "addresses": [
          {
            "address": "10.0.0.5/24",
            "gateway": "10.0.0.1"
          }
        ],
        "routes": [
          {"dst": "0.0.0.0/0"}
        ]
      }
    }
  ]
}

> I changed the MAC address for this post.



### Download and run *05-install-cni-plugins.sh* script ###

```bash {.root}
curl -L https://raw.githubusercontent.com/boostchicken-dev/udm-utilities/master/cni-plugins/05-install-cni-plugins.sh -o /mnt/data/on_boot.d/05-install-cni-plugins.sh

chmod +x /mnt/data/on_boot.d/05-install-cni-plugins.sh

/mnt/data/on_boot.d/05-install-cni-plugins.sh
Downloading https://github.com/containernetworking/plugins/releases/download/v1.0.1/cni-plugins-linux-arm64-v1.0.1.tgz.sha256
Downloading https://github.com/containernetworking/plugins/releases/download/v1.0.1/cni-plugins-linux-arm64-v1.0.1.tgz
Pouring /mnt/data/.cache/cni-plugins/cni-plugins-linux-arm64-v1.0.1.tgz

Use podmanto create the dns network

podman network create dns

Download, configure, and run the 10-dns.sh script

curl -L https://raw.githubusercontent.com/boostchicken-dev/udm-utilities/master/dns-common/on_boot.d/10-dns.sh -o /mnt/data/on_boot.d/10-dns.sh

Edit the /mnt/data/on_boot.d/10-dns.sh file to meet your needs.

The only changes I made:

IPV4_IP="10.0.0.5"
IPV4_GW="10.0.0.1/24"

chmod +x /mnt/data/on_boot.d/10-dns.sh

/mnt/data/on_boot.d/10-dns.sh

Create the directory structure for persistent Pi-hole configuration

mkdir -p /mnt/data/etc-pihole

mkdir -p /mnt/data/pihole/etc-dnsmasq.d

Create and run the Pi-hole Docker container

podman run -d --network dns --restart always \
  --name pihole \
  -e TZ="America/Denver" \
  -v "/mnt/data/etc-pihole/:/etc/pihole/" \
  -v "/mnt/data/pihole/etc-dnsmasq.d/:/etc/dnsmasq.d/" \
  --dns=127.0.0.1 \
  --dns=1.1.1.1 \
  --hostname pi.hole \
  -e VIRTUAL_HOST="pi.hole" \
  -e PROXY_LOCATION="pi.hole" \
  -e ServerIP="10.0.0.5" \
  -e IPv6="False" \
  pihole/pihole:latest

If you get these errors, you can ignore them:

ERRO[0022] unable to get systemd connection to add healthchecks: dial unix /run/systemd/private: connect: no such file or directory
ERRO[0022] unable to get systemd connection to start healthchecks: dial unix /run/systemd/private: connect: no such file or directory

Set the Pi-hole password

podman exec -it pihole pihole -a -p MySecretPassword!

Post install changes

  • Update your router or DHCP server, to use the 10.0.0.5 DNS server.

  • You can access the Pi-hole web GUI at http://10.0.0.5

References

github - boostchicken-dev / udm-utilities / run-pihole https://github.com/boostchicken-dev/udm-utilities/tree/master/run-pihole