Pi-Hole, Lancache and Unbound network order

Xeno · July 25, 2020, 12:10am

Hello friends! Long time lurker, first time poster here.

Apologies if this is the incorrect category. If so let me know and I’ll move it if possible.

I’ve been watching the Level1Techs youtube channel for a long time. Haven’t missed an episode for more time than I’d like to admit. I’ve been secretly waiting for Wendell to answer all my questions in one glorious video but my dream has yet to come true so I’m here to ask for advice from the pros.

I’ve recently built myself a media server. I went a little over specifications just in case I dreamt up a few ways to improve my online experience and needed the extra horsepower, so have been delving into this space for some time. So far it looks like the main iterations I want to add to the home server is Pi-Hole, Lancache in Docker-Compose with Unbound but I’d like some advice on the most elegant way to do this. I’m surprised there’s not a lot of hand held info out there already because I’d assume this was a pretty common combination of tools but I am yet to find much on the subject. If I’m mistaken, please point me in the right direction!

I’m assuming Unbound needs to go at the end of the chain, but should Pi-Hole be upstream of Lancache or vice versa? Can anyone foresee any problems from such a setup?

I’m aware there are some pros and cons with each method, for example if Pi-Hole is upstream of Lancache, the Pi-Hole interface will not be able to differentiate between IPs and therefore logging will be inaccurate. This is not a problem for me. Is there anything else?

The main reason I’m doing this project is because I’m moving off-grid with horrid internet caps so need to save on data (and power for that matter) as much as possible. The reduced latency and added speed is just a happy bonus! So if anyone else has some bright ideas on things to do to aid this adventure and add to my servers usefulness then I’m all ears!

Apologies for the ramble and I look forward to discussing this with anyone willing to help.

Regards!

risk · July 25, 2020, 5:52am

Pi hole shouldn’t be blocking anything your LAN cache needs, obviously.

The other consideration is DNS over TLS or over https or dnscrypt similar - whether you want your upstream DNS requests to be hidden from your ISP.

There’s also adguard home https://hub.docker.com/r/adguard/adguardhome - it’s more light weight and has a better ui and it’s easier to configure than pi hole.

With it, you can give everyone except lancache a lancache upstream, that way you get all three - you see individual hosts on the network, you get cache and you get privacy. But then, requests would be passing through it twice.

nx2l · July 25, 2020, 3:48pm

I put my pihole foremost… and use conditional forwarding to point it at my internal dns and steamcache server

Xeno · July 26, 2020, 10:46am

Thanks for the reply @risk!

Yes, DNS encryption is something to consider. I’m assuming that can work alongside Unbound? I’m unsure as I’m still learning my chops here. I’d say DNS caching is a priority over privacy in this instance but if I can have both with low overhead then that seems like a no brainer. I will look into this.

And I will look into adguard also! Thanks for that. As far as configuring it to do all three with some added latency, I’ll have to experiment. As I said earlier, I’m perfectly fine not being able to differentiate machines in the Pi Hole/adguard logs but I’ll try all of the above and see what the effects are.

@nx2l Appreciate your feedback. Seems like a simple solution worth attempting.

Now to figure out how to do this with docker-compose.