Use Docker Compose to run Dohnut and Pi-hole side-by-side on the same host. Dohnut encrypts Pi-hole's upstream DNS queries, adds DNS countermeasures, and supports load balancing across multiple DoH providers for better privacy and/or performance.
This example runs Dohnut and Pi-hole, exposing the DNS resolver on port 53
. It also exposes the Pi-hole web dashboard for monitoring and management at:
Remember to set the WEBPASSWORD
to your preferred password for the dashboard.
Save the YAML file and run both Dohnut and Pi-hole as automatically restarting background services:
$ docker-compose up --detach
./docker-compose.yml
version: "3"
services:
# See: Dohnut (options passed as environment variables)
# https://help.commons.host/dohnut/cli/#options
dohnut:
container_name: dohnut
image: commonshost/dohnut:latest
restart: unless-stopped
networks:
dohnut_pihole:
ipv4_address: 10.0.0.2
environment:
DOHNUT_LISTEN: 10.0.0.2:53000
DOHNUT_BOOTSTRAP: 9.9.9.9 8.8.8.8 1.1.1.1
DOHNUT_DOH: commonshost
DOHNUT_COUNTERMEASURES: spoof-queries spoof-useragent
DOHNUT_CACHE_DIRECTORY: /etc/dohnut
volumes:
- "./etc-dohnut/:/etc/dohnut/"
# See: Docker Pi-hole
# https://github.com/pi-hole/docker-pi-hole
pihole:
depends_on:
- dohnut
container_name: pihole
image: pihole/pihole:latest
restart: unless-stopped
networks:
dohnut_pihole:
ipv4_address: 10.0.0.3
environment:
# WEBPASSWORD: "set a secure password here or it will be random"
DNS1: 10.0.0.2#53000
DNS2: "no"
dns:
- 127.0.0.1
cap_add:
- NET_ADMIN
volumes:
- "./etc-pihole/:/etc/pihole/"
- "./etc-dnsmasq.d/:/etc/dnsmasq.d/"
ports:
- "53:53/tcp"
- "53:53/udp"
- "67:67/udp"
- "80:80/tcp"
- "443:443/tcp"
networks:
dohnut_pihole:
driver: bridge
ipam:
config:
- subnet: 10.0.0.0/24