The pihole is a combined DNS and DHCP server which also block DNS requests for ads. Originally built for Raspberry Pi, it can also be used on debian systems, such as a Debian Buster running as a VSERVER guest. But it takes som epoking around to get it to work.
Base system install.
The host, running the guest servers, is also a Debian buster system with a special kernel. See Installing VSERVER on Buster and running buster guest(s).
I already have a VSERVER template for Buster, so I'll use that. I know it might be tricky to get those images from the first place (you'd just love to have them at a download link) but you can contact me by email if you need it desperately.
I have a script I usually edit when setting up a new server, since it's a lot of fields to set (like IP, name etc). The script for "pihole" looks like this:
# Build from template
vserver $XNAME build -m template \
--context $XCTX --hostname $XNAME.my.local.domain --interface enp4s0:$XIP/24 -- -d buster \
echo "$XNAME" > $XSRV_PATH/$XNAME/etc/hostname
echo "$XIP $XNAME.my.local.domain $XNAME" >> $XSRV_PATH/$XNAME/etc/hosts
cp $XSRV_PATH/.templates/etc/resolv.conf $XSRV_PATH/$XNAME/etc
cp $XSRV_PATH/.templates/etc/rsyslog-j2.conf $XSRV_PATH/$XNAME/etc/rsyslog.d
# Remove restriction on tmp
sed -i "s/size=16m,//g" /etc/vservers/$XNAME/fstab
# Remove restrictions on network
echo "CAP_NET_RAW" > /etc/vservers/$XNAME/bcapabilities
echo"SYS_ADMIN" >> /etc/vservers/$XNAME/bcapabilities
echo"NET_ADMIN" >> /etc/vservers/$XNAME/bcapabilities
echo"CAP_SYS_RESOURCE" >> /etc/vservers/$XNAME/bcapabilities
vserver $XNAME start
vserver $XNAME exec apt-get update
vserver $XNAME exec apt-get -y upgrade
vserver $XNAME exec apt-get -y install sudo
The .templates/etc/resolv.conf contains my default set-up for name servers:
(this has to be changed later, when pihole installation is done)
The .templates/etc/rsyslog.conf is simply a file redirecting logs to my central logging server:
All that stuff in the bcapabilities file is to let pihole edit the arp cache, or some clients might not get ip addresses from the dhcp server.
I just threw in a bunch of flags and it worked. Feel free to remove the ones that are not needed.
The arp cache problem can be seen in the "Tail pihole.log": it shows things like
Oct 10 13:02:22 dnsmasq-dhcp: ARP-cache injection failed: Operation not permitted
This is solved by adding the bcapabilities flags above.
Tweaking the pihole vserver.
After running the script above the Vserver guest "pihole" is started. Enter it by
vserver pihole enter
Pihole installer need to know if it can use the "systemctl" command. It can't, because we have booted the guest without systemd as init system. If we enter the command we'll get
System has not been booted with systemd as init system (PID 1). Can't operate.
Failed to connect to bus: Host is down
That's fine for us but not for the install script. The solution is simple: rename the command so the istall script can't find it. If you don't, the script will crash when trying to start the lighttp server.
So now do this to start the installation:
apt-get -y install curl
mv /usr/bin/systemctl /usr/bin/systemctl.bak
curl -sSL https://install.pi-hole.net | bash
I used a custom dns but that's up to you.
I changed the "dns ip address" entry in my running dhcp server (on the router) to have the ip address of the pihole guest system. After rebooting (or simply replugging the network cable) for the client it should start to use pihole as a dns.
When installation is done and your clients are using the pihole for dns lookups (which they do if you set it in the dhcp server) you can browse to "http://pi.hole/admin". In my setup, the pihole dhcp server was not enabled initially (probably because I had a router dhcp running). So I turned it off in the router and turned it on in the pihole.
There is quite a lot of documentation on pihole on the Internet, so I'll just mention some things nice to know.
To have the guest system to also use pihole for its dns, you need to edit /etc/resolv.conf, to e.g:
search my.local.domain nameserver 127.0.0.1 #nameserver 10.2.10.100
Don't do this until everything works as it should, or your guest might loose the ability to look up hostnames (and do apt-get install etc).
Fixed ip addresses
The file for this is located in
The format is "mac,ip,name" as in:
The local hostnames-ip list is in
The format is "ip host" as in
Log flooded with lookups
If you open the pihole web admin page from Firefox, and go to tools - tail pihole.log you will se the log scrolling with repeated queries on the form
Oct 17 06:24:03: query[A] pi.hole from 192.168.10.72 Oct 17 06:24:03: Pi-hole hostname pi.hole is 192.168.10.20 Oct 17 06:24:03: query[A] pi.hole from 192.168.10.72 Oct 17 06:24:03: Pi-hole hostname pi.hole is 192.168.10.20 Oct 17 06:24:03: query[A] pi.hole from 192.168.10.72 Oct 17 06:24:03: Pi-hole hostname pi.hole is 192.168.10.20 ...
where 192.168.10.20 (here) is the pihole ip and 192.168.10.72 is my workstation ip. This is actually caused by Firefox. I don't know why. Try using Edge instead when browsing to pihole admin page.