Introduce unbound for caching dns and move pihole to macvlan. Use "lan" as local domain name.

networking/docker-compose.yaml

@@ -22,52 +22,58 @@ networks:
     external: true
   internal:
     external: true
+  home:
+    external: false
+    driver: macvlan
+    driver_opts:
+      parent: enp2s0
+    ipam:
+      config:
+        - subnet: 192.168.178.0/24
+          gateway: 192.168.178.1
+          ip_range: 192.168.178.2/30 # .2 and .3
+    name: home
 
 
-services: # check `nslookup google.de` for example and adjust /etc/resolv.conf nameserver to 127.0.0.1
+services:
   pihole:
     image: pihole/pihole
     cap_add:
       - NET_ADMIN
     container_name: pihole
     environment:
+      ServerIP: 192.168.178.2
       TZ: "Europe/Berlin"
       WEBPASSWORD: "lmaa,dw."
+      PIHOLE_DNS_: 192.168.178.3;192.168.178.3
+      VIRTUAL_HOST: pihole.lan
+    hostname: pihole
+    mac_address: d0:ca:ab:cd:ef:01
     networks:
-      - proxy
+      home:
+        ipv4_address: 192.168.178.2
+    ports:
+      - "80:80"
+      - "443:443"
+      - "53:53/tcp"
+      - "53:53/udp"
     restart: unless-stopped
     volumes:
       - pihole:/etc/pihole/
       - dnsmasq:/etc/dnsmasq.d/
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.pihole.entrypoints=web"
-      - "traefik.http.routers.pihole.rule=Host(`pihole.localhost`) || Host(`pihole.local`)"
-      - "traefik.http.services.pihole.loadbalancer.server.port=80"
 
-      # Normal DNS coming in on 53 TCP, no TLS
-      - "traefik.tcp.routers.dns.rule=HostSNI(`pihole.localhost`)"
-      - "traefik.tcp.routers.dns.entrypoints=dns"
-      - "traefik.tcp.routers.dns.service=pihole"
 
-      # recieves traffic from both the TLS and non-TLS traefik routers
-      - "traefik.tcp.services.pihole.loadbalancer.server.port=53"
-
-      # Normal DNS coming in on 53 UDP
-      - "traefik.udp.routers.dns-udp.entrypoints=dns-udp"
-      - "traefik.udp.routers.dns-udp.service=pihole"
-      - "traefik.udp.services.pihole.loadbalancer.server.port=53"
-
-#  unbound:
-#    image: mvance/unbound
-#    container_name: unbound
-#    networks:
-#      - internal
-#      - proxy
-#    ports:
-#      - "5753:53/tcp"
-#      - "5753:53/udp"
-#    restart: always
+  unbound:
+    image: mvance/unbound
+    container_name: unbound
+    hostname: unbound
+    networks:
+      home:
+        ipv4_address: 192.168.178.3
+    ports:
+      - "53:53/tcp"
+      - "53:53/udp"
+    restart: always
 
 
 #  smokeping:
@@ -86,7 +92,7 @@ services: # check `nslookup google.de` for example and adjust /etc/resolv.conf n
 #    labels:
 #      - "traefik.enable=true"
 #      - "traefik.http.routers.smokeping.entrypoints=web"
-#      - "traefik.http.routers.smokeping.rule=Host(`smokeping.localhost`) || Host(`smokeping.local`)"
+#      - "traefik.http.routers.smokeping.rule=Host(`smokeping.lan`)"
 #      - "traefik.http.services.smokeping.loadbalancer.server.port=80"
 #
 #  netdata:
@@ -109,5 +115,5 @@ services: # check `nslookup google.de` for example and adjust /etc/resolv.conf n
 #    labels:
 #      - "traefik.enable=true"
 #      - "traefik.http.routers.netdata.entrypoints=web"
-#      - "traefik.http.routers.netdata.rule=Host(`netdata.localhost`) || Host(`netdata.local`)"
+#      - "traefik.http.routers.netdata.rule=Host(`netdata.lan`)"
 #      - "traefik.http.services.netdata.loadbalancer.server.port=19999"