Pi-hole DNS Blocking

The Pi-hole project is a “DNS sinkhole” that protects your devices from unwanted content, without installing any client-side software.

Pi-hole is a perfect example to use with AstLinux within a LXC.

Resource Usage: (minimum)

  • Memory: 50 MB
  • Storage: 0.7 GB


First, it is assumed the lxcbr0 interface is setup per the Quick Start Guide → Enable LXC Support.

Then from the CLI:

lxc-create -t download -n pi-hole -- -d debian -r buster -a amd64 --no-validate
service lxc restart
lxc-attach pi-hole
  passwd
  apt update
  apt install openssh-server iputils-ping curl
  ...
  exit

Tip → Optionally you may want to also…

  apt install sudo nano

Tip → Set PermitRootLogin yes for sshd and restart sshd. Type exit to leave the container and do the rest via ssh.


Install Pi-hole:

Either with lxc-attach pi-hole or ssh root@pi-hole_ip_address

curl -sSL https://install.pi-hole.net -o pihole.sh
# Comment out the "set -e" in pihole.sh, then
bash pihole.sh

Follow the dialogs and answer the questions.

Change Pi-hole WebGUI password:

/usr/local/bin/pihole -a -p


Tip → If lighttpd is not started after the Pi-hole installation (⇒ netstat -tlp):

apt remove lighttpd
bash pihole.sh
# choose "Update"


Related Info → LXC container in AstLinux


Override default DHCP dns-server option

By default, the DHCP server (dnsmasq) offers the dns-server IP address using the gateway address for that subnet. With Pi-hole you may want all DHCP clients in a subnet to use the Pi-hole server for DNS. You can override the default settings by editing your /mnt/kd/dnsmasq.static file with the following:

## Override default dns-server option
dhcp-option=lan,option:dns-server,192.168.200.10
#dhcp-option=lan2,option:dns-server,192.168.200.10
#dhcp-option=lan3,option:dns-server,192.168.200.10
#dhcp-option=lan4,option:dns-server,192.168.200.10
#dhcp-option=dmz,option:dns-server,192.168.200.10

Replace the 192.168.200.10 IP address with your Pi-hole server's static address and uncomment for each subnet you want it to apply. In the web interface, select “Restart DNS & DHCP” to apply the change to the dnsmasq configuration.