Skip to content

Pi-hole & Unbound in Container Manager on a Synology NAS

Published by Dr_Frankenstein

Last updated on 27 February 2025

Macvlan

Drop the compose below into your Project YAML section, if you are also setting up Unbound copy the additional YAML below the Pi-hole compose

YAML
services:
  pihole:
    image: pihole/pihole:latest
    container_name: pihole-macvlan
    cap_add:
      - CAP_NET_RAW
      - CAP_NET_BIND_SERVICE
      - CAP_CHOWN
#      - CAP_NET_ADMIN #uncomment if you want to use DHCP
      - CAP_SYS_NICE
      - CAP_SYS_TIME
    environment:
      - PIHOLE_UID=1234 #CHANGE_TO_YOUR_UID
      - PIHOLE_GID=65432 #CHANGE_TO_YOUR_GID
      - TZ=Europe/London #CHANGE_TO_YOUR_TZ
      - FTLCONF_webserver_api_password=YOURPASSWORD
      - DNSMASQ_USER=pihole
    volumes:
      - /volume1/docker/pihole:/etc/pihole
    networks:
      macvlan:
        ipv4_address: 192.168.0.129
    labels:
      - com.centurylinklabs.watchtower.enable=false
    restart: always

# if using unbound paste it here before the networks section

networks:
  macvlan:
    name: macvlan
    driver: macvlan
    driver_opts:
      parent: eth0
    ipam:
      config:
        - subnet: "192.168.0.0/24"
          ip_range: "192.168.0.254/24"
          gateway: "192.168.0.1"

YAML
  unbound:
    image: klutchell/unbound
    container_name: unbound
    ports:
      - 5335:53/tcp
      - 5335:53/udp
    volumes:
      - /volume1/docker/unbound:/etc/unbound/custom.conf.d
    restart: unless-stopped

Settings Amendments for the Macvlan

OK we now need to make some further edits to the compose and sort out DNS for DSM

SectionExplanation
PIHOLE_UID=This UID is the one you obtained when setting up your dockerlimited user in the earlier guide at the start of the page. This tells Pi-hole to run under this user rather than root and gives it access to the folders we created.
PIHOLE_GID=As per the above this line will be the GID you obtained earlier.
TZ=You will need to change this line to your own timezone code – you can find the correct list of ones to use on wikipedia.org/wiki/List_of_tz_database_time_zones
FTLCONF_webserver_
api_password=		Change this to the password you would like to use for the Web UI

External DNS for DSM

Containers on a Macvlan cannot be accessed by the host they reside on (without network changes under the hood), this mean DSM cannot use Pi-hole for its own DNS requests. It’s better to put DSM on an external DNS provider to avoid it having any issues connecting to the Internet if your Pi-hole is down.

Go into the DSM Control Panel > Network and then in the ‘Manually configure DNS server’ set two good quality DNS providers such as Quad9 9.9.9.9 and Cloudflare1.1.1.1

Now you can make some edits to the compose information before moving on

SectionExplanation
ipv4_address: 192.168.0.122Change to the IP address you want to use for the container. Make sure this is available and not in use by another device on your network. Don’t forget to go back up and change line 15.
parent: eth0This defines the network interface the container should use, I have used eth0 which will be the first Ethernet port on your NAS. If you want to use a different port change it accordingly.

Note! If you have Virtual Machine Manager installed change this to ovs_eth0
subnet: “192.168.0.0/24”We need to change this in line with your networks’ subnet – in the example I have used 192.168.0.0/24. The super quick way to work out what to use is just take the IP of your NAS and change the final digit before the /24 to 0
ip_range: “192.168.0.254/24”This has to be changed to the highest available IP address within the range of your subnet. Again if your network is in the 192 range the final number used from the subnet above can be changed to 254 and added to this section.
gateway: “192.168.0.1”This will be the IP address of your Router/Gateway/DHCP Server

You can now jump ahead to Page 5 for the final configuration.

Pages: 1 2 3 4 5

Published inAd-Blocking / DNS 7.2DockerSynology

167 Comments

  1. Ryan Ryan

    I’ve used plenty of your guides and today I’ve encountered my first problem — I made my changes to the pihole YAML code, pasted it in and all looked fine, but when I paste the YAML for the unbound portion of the project I get the error “Property unbound is not allowed” and can not progress any further this is on a Synology DS1819+ running DSM 7.2.2.-72806 update 3.

    Given the updated guide was just posted today I’m hoping there might be a minor syntax/formatting issue that I’m just not seeing. Any help you can offer will be appreciated.

    # 27 February 2025 Reply
  2. NeaMielu NeaMielu

    Amazing job, I finally managed to put a pihole on my Synology. Now, quick question. Few days after 6.0 upgrade and reinstall everything from scratch, they updated again to some 6.0.3 build. Following your guide, I used the docker update feature, it worked fine and pihole is working properly, but now I have two containers:
    pihole-pihole-1 pihole/pihole:latest greyed out
    pihole-macvlan pihole/pihole:latest green
    Question is, am I supposed to delete the first one?

    # 21 February 2025 Reply
    • Dr_Frankenstein Dr_Frankenstein

      Hey – So the update should have removed the first install. You can safely delete it.

      # 21 February 2025 Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

drfrankenstein.co.uk – writing Synology Docker Guides since 2016 – Join My Discord!