A|S
DATA EXTREMES
HomeLab HQ.hub

Pi-hole + Unbound

Run Pi-hole with Unbound for recursive DNS, ad-blocking, and clean local resolution.

Build Steps

  1. Install Pi-hole on a small VM or container; set static IP.
  2. Install Unbound and configure as a recursive resolver on 127.0.0.1#5335.
  3. Point Pi-hole upstream DNS to Unbound (Custom 1: 127.0.0.1#5335).
  4. Enable DNSSEC in Pi-hole; keep logging on but trimmed.
  5. Add local DNS records for lab services (A/AAAA + optional CNAMEs).

Network Notes

  • Reserve the IP in DHCP and point your router DHCP to Pi-hole.
  • Dual Pi-hole? Use keepalived or DHCP failover with two IPs.
  • Allow only LAN subnets to query DNS; block WAN queries.

Validation Checklist

  • DNS leaks test shows your IP and not a public resolver.
  • Gravity updates succeed; ad lists refresh without errors.
  • Local hostnames resolve for lab services; reverse lookups work.
  • Upstream latency stable; no SERVFAIL storms in Pi-hole logs.