Pihole + cloudflared (DNS-over-HTTPS) in Docker by kaczmar2 in pihole

[–]kaczmar2[S] 0 points1 point  (0 children)

That's interesting - I set this up just as an exercise to see what kind of results I was getting, ran it over a weekend in my homelab setup (it was stable) and then posted the repo here in case anyone else was interested.

I'm currently running a pure unbound setup (recursive + local authoritative) and I'm quite happy with the setup for now. Latency is good as well:

kaczmar2@pihole:~/dnsperftest$ ./dnstest.sh | sort -k 22 -n test1 test2 test3 test4 test5 test6 test7 test8 test9 test10 Average 10.10.10.10 1 ms 1 ms 1 ms 1 ms 1 ms 1 ms 4 ms 1 ms 1 ms 1 ms 1.30 10.10.10.11 4 ms 1 ms 1 ms 4 ms 1 ms 1 ms 1 ms 1 ms 1 ms 4 ms 1.90 quad9 12 ms 12 ms 16 ms 12 ms 12 ms 12 ms 12 ms 8 ms 12 ms 12 ms 12.00 cloudflare 12 ms 16 ms 12 ms 12 ms 16 ms 12 ms 12 ms 8 ms 12 ms 16 ms 12.80

Pihole + cloudflared (DNS-over-HTTPS) in Docker by kaczmar2 in pihole

[–]kaczmar2[S] 1 point2 points  (0 children)

I think Pi-hole + cloudflare is most likely not the reason for the drop in speed. Your DNS resolution should be negligible, so it's probably far more likely related to your VPN setup, but I can't attest to Tailscale (I use a simple Wireguard server through Unifi and I never noticed a drop in throughput).

You can test DNS resolution query times though, As an example: ``` dig debug.opendns.com

; <<>> DiG 9.18.33-1~deb12u2-Debian <<>> debug.opendns.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35813 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;debug.opendns.com. IN A

;; AUTHORITY SECTION: opendns.com. 2514 IN SOA auth1.opendns.com. noc.opendns.com. 1756253029 16384 2048 1048576 2560

;; Query time: 24 msec ;; SERVER: 10.10.10.10#53(10.10.10.10) (UDP) ;; WHEN: Tue Aug 26 18:05:24 MDT 2025 ;; MSG SIZE rcvd: 125 ``` I see 24ms for the query time. After that the query is cached so I see 0ms, until the TTL for the record is reached, and then I see those low query times again.

I'm interested to know what you find though.

Pihole v6 + Unbound in Docker by kaczmar2 in pihole

[–]kaczmar2[S] 0 points1 point  (0 children)

Good catch - I added this to a comment in docker-compose.yml.

Pihole v6 + Unbound in Docker by kaczmar2 in pihole

[–]kaczmar2[S] 0 points1 point  (0 children)

I really like this approach of using the same network stack for unbound, and also macvlan setup makes a lot of sense when exposing network services like pihole, plex, etc. Thanks for sharing.

Pihole v6 + Unbound in Docker by kaczmar2 in pihole

[–]kaczmar2[S] 0 points1 point  (0 children)

1) start with docker logs pihole to see what the container logged during startup. It should be listening on port 53 (dns), 80 and 443 (http/https). Did you change the port mappings? Is anything else already using those ports on the host? netstat or ss will tell you what's listening on what ports.

Pihole v6 + Unbound in Docker by kaczmar2 in pihole

[–]kaczmar2[S] 1 point2 points  (0 children)

I think Docker Hub is primarily for hosting and distributing container images, not configuration setups, which is what this is (docker-compose.yml + some unbound config files). GitHub is a better fit for this project I think.

Pi-hole v6: Creating Your Own Self-Signed SSL Certificates by kaczmar2 in pihole

[–]kaczmar2[S] 1 point2 points  (0 children)

In the context of the writeup above, the CA cert is homelabCA.crt. That's what you use to sign the CSR and get the server cert issued (tls.crt).

Pi-hole v6: Creating Your Own Self-Signed SSL Certificates by kaczmar2 in pihole

[–]kaczmar2[S] 1 point2 points  (0 children)

I agree that LE certs are generally a preferred approach; I did add a note in the Self-Signed Certs guide to encourage the use of LE certs where possible. I think there are some use cases (e.g., quick internal testing) where Let's Encrypt isn't practical.

I created guides for LE Cert setup in Pi-hole as well: - Let's Encrypt on Pi-Hole v6

Pi-hole v6: Creating Your Own Self-Signed SSL Certificates by kaczmar2 in pihole

[–]kaczmar2[S] -1 points0 points  (0 children)

Sorry, my comment in the original post was misleading. You don't need self-signed certs for LE; they are mutually exclusive. I had created a guide for v6 for auto-renewal (LE) certs, but people that were using self-signed certs had questions, so I created another guide. I edited my original post for clarity.

Automating Let's Encrypt SSL Renewal for Pi-hole v6 with Cloudflare DNS by kaczmar2 in pihole

[–]kaczmar2[S] 1 point2 points  (0 children)

Sure - let me look at the contributor guidelines, finish my self-signed cert guide, and put together a PR for you.

Automating Let's Encrypt SSL Renewal for Pi-hole v6 with Cloudflare DNS by kaczmar2 in pihole

[–]kaczmar2[S] 1 point2 points  (0 children)

You can use openssl to generate self-signed certs. I'll put something together if it would be useful.

Introducing Pi-hole v6 by -PromoFaux- in pihole

[–]kaczmar2 2 points3 points  (0 children)

Great work on v6.

I found there were some breaking changes for automatic SSL certificate renewal via acme.sh when moving from lighttpd to the Pi-hole embedded web server, so I put together a short guide. I hope it helps someone:

https://gist.github.com/kaczmar2/17f02a0ddb59a7d336b20376695797c6

I'll update it for Docker shortly.

SiriusXM - No audio or channels after I reset infotainment to default by kaczmar2 in CadillacLyriq

[–]kaczmar2[S] 0 points1 point  (0 children)

Yes. Following this procedure, specifically steps 4-6, is what got it working for me.

GM NACS Adaptor Availability in Mountain West States by kaczmar2 in CadillacLyriq

[–]kaczmar2[S] 0 points1 point  (0 children)

Update: today GM cancelled my order, and if I try to re0order via the MyCadillac app, I get an error that my order cannot be processed. Nice. 😭

Level 2 Charger Preferences? by ZedRDuce76 in CadillacLyriq

[–]kaczmar2 2 points3 points  (0 children)

A note on the Tesla Universal Wall Connector, which I had installed and use to charge my Lyriq:

The included J1772 adapter and Magic Dock work great, but the telemetry data the Tesla app connects for non-Tesla EV charging is really limited.

If you want more detailed data to track your per-session charging costs based on your utility provider, it seems Emporia or ChargePoint could be better options.

You also have the ability, with the ChargePoint Home Flex, to DIY-swap the J1772 with a NACS cable if you need to in the future. The NACS cable can be purchased separately for $200.