Skip to content

Pi-hole in Container Manager on a Synology NAS

Last updated on 18 March 2025

Web portal settings

You do not need to enable anything on the ‘Web portal settings’ screen click ‘Next’ again.

On the final screen click ‘Done’ which will begin the download of the container images and once downloaded they will be launched!

The image will now be downloaded and extracted. You should see ‘Code 0’ when it has finished.

You will now see your Pi-hole running and should have a green status on the left-hand side.

Accessing the Web UI

The web interface will now be available via the following methods. If you use the https address you will need to accept the self-signed certificate warning in your browser.

Network ModeAccess method
Hosthttp://nasIP:8000/admin
Bridgehttp://nasIP:8000/admin
https://nasIP:8443/admin
Macvlanhttp://macvlanIP/admin
https://macvlanIP/admin

You can access the UI with the password you specified in the compose.

Update your Router DNS

Now you need to add the appropriate IP address to your router or DHCP Server settings the IP you use will depend on which network method you used to set up Pi-hole

Note: some routers have both WAN and LAN DNS settings, you will just be changing your local LAN setting.

Bridge or Host = Use your NAS IP address.

Macvlan = The address you chose for the container on the line ‘ipv4_address:’

It can take some time for all of your devices to move over the new DNS settings so be patient, and you will gradually start to see your stats begin to start.

Add some block lists

Don’t go crazy with block lists as adding 10 million blocked URLs is largely a waste of time stick to some good quality core lists from these sites

https://firebog.net

https://oisd.nl

That’s it you are now blocking ads network wide!


Looking for some help, join our Discord community

If you are struggling with any steps in the guides or looking to branch out into other containers join our Discord community!

Buy me a beverage!

If you have found my site useful please consider pinging me a tip as it helps cover the cost of running things or just lets me stay hydrated. Plus 10% goes to the devs of the apps I do guides for every year.

Pages: 1 2 3 4 5

Published inAd-Blocking / DNS 7.2DockerSynology

204 Comments

  1. Sladester Sladester

    Followed the guide and it worked perfectly! Now it’s a few weeks later and I went to log into pihole and the password I set and was using does not work. I restarted the project, no luck.

    I tried to reset the password using the instructions the page gives “sudo pihole setpassword” but pihole is not found. I think it’s because I’m logged in as my admin account in a terminal window and I should be the dockerlimited account (which is what I used in the yaml) but am not sure. Any guidance on how to reset the password? Feel really dumb lol.

    • Dr_Frankenstein Dr_Frankenstein

      Hey – We have had this a few times in Discord it feels like its a bug that has carried forward from the initial release..

      Step should be..

      1) Stop the Project and remove the password line from the compose
      2) Build the Project (Save and say Yes to pop up)
      3) Then in Container Manager > Pihole Container > Action > Open Terminal > Create..
      4) Click on the bash window that is created enter the command “pihole setpassword” and it will let you set a password

  2. ZarqEon ZarqEon

    Thanks for this guide!
    i was struggling a bit, but in the end the bridge mode worked for me.
    But I could not figure out why unbound was not complying.

    turned out that unbound and pi hole is running in separate containers. Unbound for me refused to expose port 5335 to anybody, and pi hole was not able to reach the unbound container on either my nas ip (like my own subnet ip: 192.168.0.122 for example), neither on 127.0.0.1.

    what i ended up doing is: since unbound was exposing port 53, and unbound and pi hole was on the same docker network, setting
    unbound#53
    as the only upstream DNS server in the pi hole did the trick.

    i am not sure if i was doing something wrong, or if it is a good idea to do it this way, (i have no idea what i am doing) but at least it is working now.

    • Dr_Frankenstein Dr_Frankenstein

      Thanks for the update – Until I can do some more thorough testing here, I am removing the Unbound element of the guide. I have been really lacking time recently and that has shown in the quality of the guide Unbound element. I usually spend a month or more using in real life before doing guide updates.. You are likely doing this correctly and it’s my error.

  3. Tak Tak

    Thanks for these… I’ve been running Synology pihole (macvlan) for a while and just setup tailscale…

    However once my PC is added to Tailscale, I cannot access webpage or ping pihole

    I can ping everything else on same subnet, just the pihole is not responding

    Synology is set as Exit node
    pihole ip is in the Tailscale DNS

    I’ve also set pihole Settings > DNS > Interface Settings >
    was local
    now permit all origins

    Also tried “allow local network access” on the tailscale menu…

    Once I disconnect the PC from Tailscale, ping/web to pihole works.

    Is there something I missed?

    • Dr_Frankenstein Dr_Frankenstein

      Keep in mind when Pi-hole is in macvlan the Host (your NAS) cannot access it along with anything running on the NAS. To combine with Tailscale you will need to run in Host or Bridge mode.

  4. Siewert Siewert

    Hi,

    I have a little issue i can’t resolve.
    I followed the mcvlan guide and it’s up and running.
    But the issue is the following.
    I’ am able to browse my local network but can’t go outside so no websites are available.
    When i go into the PiHole settings and set google as my dns everything is working.
    I think there is an issue with the unbound in my docker but don’t know where to look.
    Any thoughts?

    • Dr_Frankenstein Dr_Frankenstein

      Hey – let me come back to you shortly, I may have made an error in the combination of both network wise.

        • Dr_Frankenstein Dr_Frankenstein

          Hey snipped your compose – see White Swan’s comment for the fix – I will be adjust the guide very shortly!!

          • Siewert Siewert

            Thx to you two guys for the fix, it’s up and running.
            My DS932+ has something to kill the time and i can rest my Raspberry.
            Only thing i noticed after installation and still monitoring.
            I had to change the port in the custom dns setting from #5335 to #53.
            Don’t know why but did so after still seeing ads and wondered why.
            After changing the port it worked.

      • White Swan White Swan

        Hi

        Your unbound.conf file contains the following

        server:
        interface: 0.0.0.0
        port: 53

        When I set up unbound following the macvlan method for pihole, the dns service does not resolve addresses, and I’ve had to reinstate 1.1.1.1 as my dns provider in pihole.

        I don’t think it’s related, but I had previously set up pihole through macvlan using your tutorial, and I now want to install unbound too.

      • White Swan White Swan

        Hi

        The issue is that Unbound is installed on a bridge network, while Pi-hole is running on a Macvlan network. Containers on Macvlan networks cannot communicate directly with the host (your Synology DSM, in this case).

        I’ve found a workable solution: place Unbound on the same Macvlan network as Pi-hole. This ensures that both Pi-hole and Unbound can communicate with each other directly, as they would both be on the same network segment. This can be done as follows:

        unbound:
        image: klutchell/unbound
        container_name: unbound
        ports:
        – “5335:53/tcp”
        – “5335:53/udp”
        volumes:
        – /volume1/docker/unbound:/etc/unbound/custom.conf.d
        networks:
        macvlan:
        ipv4_address: 192.168.0.130

        of course substituting the desired ip address for your unbound instead of 192.168.0.130

        Then, the instructions for Point Pi-hole at your Unbound instance (Optional) change to:

        Click on Settings, then DNS. You will need to turn off any existing public DNS providers if any are ticked (Usually Google). Then click the Custom DNS drop down and enter your chosen Unbound IP address:

        For example 192.168.0.130

        • Dr_Frankenstein Dr_Frankenstein

          Thank you beat me to the punch, been AFK all day 🙁

          I will get the mistake fixed ASAP.

          • White Swan White Swan

            Happy to contribute; here are some points:

            – In “If you used Macvlan enter the ip you used for the Unbound container followed by #5335” on page 5 – for me #53 works, not #5335

            – In terms of updating the router DNS, I’m using pihole so the router DNS points to the pihole which is on a macvlan, not (for) “Macvlan = The address you chose for the container on the line ‘ipv4_address:’ ” , and the pihole specifies the ip address for Unbound; is there a different way it should be done?

            – The Unbound logs consistently report problems with DNSSEC

            I’d appreciate your input

            • Dr_Frankenstein Dr_Frankenstein

              Hey, see my reply to ZarqEon. – I am pulling the Unbound element of the guide until I can do further tests here.

              Based on our Discord group, the above should have worked with #5353, but something is not right.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

drfrankenstein.co.uk – writing Synology Docker Guides since 2016 – Join My Discord!