The pihole is a combined DNS and DHCP server which also block DNS requests for ads. Originally built for Raspberry Pi, it can also be used on debian systems, such as a Debian Buster running as a VSERVER guest. But it takes som epoking around to get it to work.


Base system install.

The host, running the guest servers, is also a Debian buster system with a special kernel. See Installing VSERVER on Buster and running buster guest(s).

I already have a VSERVER template for Buster, so I'll use that. I know it might be tricky to get those images from the first place (you'd just love to have them at a download link) but you can contact me by email if you need it desperately.

I have a script I usually edit when setting up a new server, since it's a lot of fields to set (like IP, name etc). The script for "pihole" looks like this:



# Build from template
vserver $XNAME build -m template \
 --context $XCTX --hostname $ --interface enp4s0:$XIP/24 -- -d buster \
 -t $XTMPL

echo "$XNAME" > $XSRV_PATH/$XNAME/etc/hostname
echo "$XIP $ $XNAME" >> $XSRV_PATH/$XNAME/etc/hosts
cp $XSRV_PATH/.templates/etc/resolv.conf $XSRV_PATH/$XNAME/etc
cp $XSRV_PATH/.templates/etc/rsyslog-j2.conf $XSRV_PATH/$XNAME/etc/rsyslog.d

# Remove restriction on tmp
sed -i "s/size=16m,//g"  /etc/vservers/$XNAME/fstab

# Remove restrictions on network
echo "CAP_NET_RAW" > /etc/vservers/$XNAME/bcapabilities
echo"SYS_ADMIN" >> /etc/vservers/$XNAME/bcapabilities
echo"NET_ADMIN" >> /etc/vservers/$XNAME/bcapabilities
echo"CAP_SYS_RESOURCE" >> /etc/vservers/$XNAME/bcapabilities

vserver $XNAME start
vserver $XNAME exec apt-get update
vserver $XNAME exec apt-get -y upgrade
vserver $XNAME exec apt-get -y install sudo


The .templates/etc/resolv.conf contains my default set-up for name servers:

domain my.local.domain
search my.local.domain

 (this has to be changed later, when pihole installation is done)

The .templates/etc/rsyslog.conf is simply a file redirecting logs to my central logging server:

*.*     @


All that stuff in the bcapabilities file is to let pihole edit the arp cache, or some clients might not get ip addresses from the dhcp server.
I just threw in a bunch of flags and it worked. Feel free to remove the ones that are not needed.

The arp cache problem can be seen in the "Tail pihole.log": it shows things like

Oct 10 13:02:22 dnsmasq-dhcp[5778]: ARP-cache injection failed: Operation not permitted

This is solved by adding the bcapabilities flags above.


Tweaking the pihole vserver.

After running the script above the Vserver guest "pihole" is started. Enter it by

vserver pihole enter

Pihole installer need to know if it can use the "systemctl" command. It can't, because we have booted the guest without systemd as init system. If we enter the command we'll get

root@pihole:/# systemctl
System has not been booted with systemd as init system (PID 1). Can't operate.
Failed to connect to bus: Host is down

That's fine for us but not for the install script. The solution is simple: rename the command so the istall script can't find it. If you don't, the script will crash when trying to start the lighttp server.

So now do this to start the installation:

apt-get -y install curl
mv /usr/bin/systemctl /usr/bin/systemctl.bak
curl -sSL | bash

I used a custom dns but that's up to you.

I changed the "dns ip address" entry in my running dhcp server (on the router) to have the ip address of the pihole guest system. After rebooting (or simply replugging the network cable) for the client it should start to use pihole as a dns.

When installation is done and your clients are using the pihole for dns lookups (which they do if you set it in the dhcp server) you can browse to "http://pi.hole/admin". In my setup, the pihole dhcp server was not enabled initially (probably because I had a router dhcp running). So I turned it off in the router and turned it on in the pihole.


Post installation

There is quite a lot of documentation on pihole on the Internet, so I'll just mention some things nice to know.

To have the guest system to also use pihole for its dns, you need to edit /etc/resolv.conf, to e.g:

domain my.local.domain
search my.local.domain nameserver #nameserver

Don't do this until everything works as it should, or your guest might loose the ability to look up hostnames (and do apt-get install etc).


Fixed ip addresses

The file for this is located in


The format is "mac,ip,name" as in:


Local hostnames

The local hostnames-ip list is in


The format is "ip host" as in


Log flooded with lookups

If you open the pihole web admin page from Firefox, and go to tools - tail pihole.log you will se the log scrolling with repeated queries on the form

Oct 17 06:24:03: query[A] pi.hole from
Oct 17 06:24:03: Pi-hole hostname pi.hole is
Oct 17 06:24:03: query[A] pi.hole from
Oct 17 06:24:03: Pi-hole hostname pi.hole is
Oct 17 06:24:03: query[A] pi.hole from
Oct 17 06:24:03: Pi-hole hostname pi.hole is

where (here) is the pihole ip and is my workstation ip. This is actually caused by Firefox. I don't know why. Try using Edge instead when browsing to pihole admin page.




See also

Errors when starting a guest vserver



Add comment

Security code