[SOLVED] Run Pi-Hole as Container or VM?

T

thimplicity

Member
Feb 4, 2022
73
9
13
44
Hi everyone,

I am running pfSense as a VM on proxmox on an AliExpress box and after a lot of stability issues, it seems like I have gotten this thing stabilized - 12 days and counting (knockonwood). Now I would like to add Pihole to the mix again. I had it set up as a container before I turned everything except pfSense off to get the box stable. Despite the fact that pfSense had stability issues, proxmox ran fine and stable. Now I am asking myself, whether it would be better so run Pihole as a container or a VM. I read that a container basically means that it should consume less resources, as it shares those with the proxmox host.

Which one would be a better choice from a stability perspective (in case there is a "better" here)?

Thanks in advance!
 
Hey,

a container is more lightweight, since no CPU, etc. has to be virtualized. So for something like a pihole, I'd recommend using a container. A VM is more isolated than a CT, but that does not seem too relevant for your use case. For stability I'd say using less resources make a system more stable, but other than that there shouldn't be much of a difference stability wise.
 
  • Like
Reactions: thimplicity
Hannes Laimer said:
Hey,

a container is more lightweight, since no CPU, etc. has to be virtualized. So for something like a pihole, I'd recommend using a container. A VM is more isolated than a CT, but that does not seem too relevant for your use case. For stability I'd say using less resources make a system more stable, but other than that there shouldn't be much of a difference stability wise.
Click to expand...
Thanks!
 
I first ran Pihole on VMs but meanwhile switched to LXCs. Pihole shouldn't be public accessible, needs no NFS/SMB shares and is very lightwight. So perfect case for a LXC.
 
Last edited:
  • Like
Reactions: thimplicity
In case you got two hosts I would also recommend to setup two Piholes on different machines. If you don't got two PVE nodes a single PVE node + any cheap Raspberry Pi (even a 12€ Raspberry Pi zero 1/2 W) would work too.
Because otherwise your whole internet at home wouldn't work in case the PVE node or Pihole LXC would fail.
This is especially important as you shouldn't setup a secondary DNS server beside yours Piholes at your machines, as this would bypass any blocking rules Pihole applies.
There is also gravity-sync and keepalived you could setup for synchonization and high availability. That way you will only need to admin a single Pihole but still got redundancy.
 
  • Like
Reactions: kevintm and thimplicity
Dunuin said:
In case you got two hosts I would also recommend to setup two Piholes on different machines. If you don't got two PVE nodes a single PVE node + any cheap Raspberry Pi (even a 12€ Raspberry Pi zero 1/2 W) would work too.
Because otherwise your whole internet at home wouldn't work in case the PVE node or Pihole LXC would fail.
This is especially important as you shouldn't setup a secondary DNS server beside yours Piholes at your machines, as this would bypass any blocking rules Pihole applies.
There is also gravity-sync and keepalived you could setup for synchonization and high availability. That way you will only need to admin a single Pihole but still got redundancy.
Click to expand...
My plan is to run on on the pfSense box and one on my homelab server as a failover
 
I am using sometime a Pi-hole AlpineLinux LXC Container, is a port from the original project. https://gitlab.com/yvelon/pi-hole
Also another LXC just with unbound. I did this approach because else the the Pi-hole LXC itself couldn't update because Unbound is not running port 53, but instead Pi-Hole is, and while updating, Pi-Hole goes offline. I submitted a request to just append a cloudflare IP on /etc/resolv.conf during update, and remove after, which is already applied, but I have sticked with my config. I am creating another PVE and will put other Unbound and Pi-Hole in the other, this way will configure each Pi-Hole to request DNS from the two instances of Unbound in each PVE. This way If a unbound container goes down, I still get replies, also if I needed to reboot any of the PVE servers.
 
  • Like
Reactions: thimplicity
Did you read the documentation on how to install Unbound on the Pi-hole LXC?: https://docs.pi-hole.net/guides/dns/unbound/

Here Pi-hole listens on port 53 and Unbound on port 5353. You could tell your LXC to use 127.0.0.1:5353 as DNS server, then it would always use Unbound and updating Pi-hole should work.

And again, you should setup two Pi-holes for redundancy. Would be no problem then to update a Pi-hole, as DNS resolution still would be working even if one of the Pi-holes isn't running.
 
  • Like
Reactions: banksiaboy
Dunuin said:
Did you read the documentation on how to install Unbound on the Pi-hole LXC?: https://docs.pi-hole.net/guides/dns/unbound/

Here Pi-hole listens on port 53 and Unbound on port 5353. You could tell your LXC to use 127.0.0.1:5353 as DNS server, then it would always use Unbound and updating Pi-hole should work.

And again, you should setup two Pi-holes for redundancy. Would be no problem then to update a Pi-hole, as DNS resolution still would be working even if one of the Pi-holes isn't running.
Click to expand...
/etc/resolv.conf does not support using other port than 53, is how the internet works, no Linux and BSD support it, only exception is OpenBSD, as far I know, since 53 is the Well Known Port assigned to DNS by the IANA - all DNS servers everywhere operate on that port.
For use other port than 53 is needed to do a port redirection using iptables.
 
Last edited:
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back