This repository provides a detailed guide on setting up Pi-hole with Unbound as a local DNS resolver and PiAlert for network monitoring.
If you're looking for an in-depth guide with additional optimizations, check out my full Pi-hole v6.0 - Comprehensive Guide:
➡ Pi-hole v6.0 - Comprehensive Guide
🔗 Official Resources
GitHub Repository | v6 Migration Guide
Recommended Hardware: Raspberry Pi 4 Kit (8GB) with NVMe SSD via USB 3.0
- Advanced Pi-hole configurations
- Optimized DNS settings
- Blocklist & whitelist management
- Additional performance and privacy tweaks
Feel free to share your feedback and suggestions! If you find any issues or have ideas for improvements, open an Issue or submit a Pull Request.
Pi-hole filters DNS requests to block advertisements across the network.
curl -sSL https://install.pi-hole.net | bashFollow the installation prompts and note down your web interface login credentials.
- Open:
http://pi.hole/admin - Or replace
pi.holewith your Pi-hole server’s IP address.
Update block lists and rules:
pihole -gEnsure Pi-hole starts automatically at boot:
sudo systemctl enable pihole-FTL
sudo systemctl restart pihole-FTLPi.Alert monitors the network and detects new devices.
sudo apt update && sudo apt install git -y
git clone https://github.com/jokob-sk/NetAlertX.git /opt/netalertx
cd /opt/netalertx
chmod +x install/install.debian.sh
sudo ./install/install.debian.shOnce installed, access the web interface at http://<IP>:20211.
Unbound allows independent and secure DNS resolution without third-party services.
sudo apt update && sudo apt install unbound -yCreate the configuration file:
sudo nano /etc/unbound/unbound.conf.d/pi-hole.confAdd the following content:
server:
verbosity: 0
interface: 127.0.0.1
port: 5335
do-ip4: yes
do-ip6: no
do-udp: yes
do-tcp: yes
root-hints: "/var/lib/unbound/root.hints"
harden-glue: yes
harden-dnssec-stripped: yes
use-caps-for-id: no
edns-buffer-size: 1232
prefetch: yes
num-threads: 1
so-rcvbuf: 1m
private-address: 192.168.0.0/16
private-address: 172.16.0.0/12
private-address: 10.0.0.0/8sudo wget -O /var/lib/unbound/root.hints https://www.internic.net/domain/named.cache
sudo chown unbound:unbound /var/lib/unbound/root.hintssudo systemctl restart unbound
sudo systemctl enable unbound- Open the Pi-hole Web Interface (
http://pi.hole/admin). - Navigate to Settings → DNS.
- Disable all external DNS providers (Google, Cloudflare, OpenDNS, etc.).
- Set
127.0.0.1#5335as the upstream DNS. - Save the changes and restart Pi-hole:
pihole restartdnsVerify that Unbound resolves DNS queries correctly:
dig google.com @127.0.0.1 -p 5335If the response contains status: NOERROR, the configuration is working correctly.
Check if Unbound is running:
sudo systemctl status unboundTest Unbound manually:
dig google.com @127.0.0.1 -p 5335- Ensure root server hints are correctly downloaded.
- Disable DNSSEC in Pi-hole (Unbound handles it already).
If IPv6 is required:
- Change
do-ip6: notodo-ip6: yesin the Unbound config file. - Check your network's IPv6 settings.
If Unbound is not responding:
- Ensure the firewall is not blocking port 5335:
sudo ufw allow 5335/tcp
sudo ufw reloadcache-max-ttl: 86400
cache-min-ttl: 3600logfile: "/var/log/unbound.log"Check the log for troubleshooting:
sudo tail -f /var/log/unbound.logdig sigok.verteiltesysteme.net @127.0.0.1 -p 5335If the response includes status: NOERROR, DNSSEC is correctly configured.
With this setup, you achieve a fast, secure, and private DNS system: ✔ Ad-blocking (Pi-hole) for a cleaner browsing experience ✔ Network monitoring (Pi.Alert) for better control ✔ Independent DNS resolution (Unbound) for privacy
For common Pi-hole v6 issues and solutions, check out the Troubleshooting Guide.