Last updated on 18 March 2025
Web portal settings
You do not need to enable anything on the ‘Web portal settings’ screen click ‘Next’ again.
On the final screen click ‘Done’ which will begin the download of the container images and once downloaded they will be launched!
The image will now be downloaded and extracted. You should see ‘Code 0’ when it has finished.
You will now see your Pi-hole running and should have a green status on the left-hand side.
Accessing the Web UI
The web interface will now be available via the following methods. If you use the https address you will need to accept the self-signed certificate warning in your browser.
| Network Mode | Access method |
|---|---|
| Host | http://nasIP:8000/admin |
| Bridge | http://nasIP:8000/admin https://nasIP:8443/admin |
| Macvlan | http://macvlanIP/admin https://macvlanIP/admin |
You can access the UI with the password you specified in the compose.
Update your Router DNS
Now you need to add the appropriate IP address to your router or DHCP Server settings the IP you use will depend on which network method you used to set up Pi-hole
Note: some routers have both WAN and LAN DNS settings, you will just be changing your local LAN setting.
Bridge or Host = Use your NAS IP address.
Macvlan = The address you chose for the container on the line ‘ipv4_address:’
It can take some time for all of your devices to move over the new DNS settings so be patient, and you will gradually start to see your stats begin to start.
Add some block lists
Don’t go crazy with block lists as adding 10 million blocked URLs is largely a waste of time stick to some good quality core lists from these sites
That’s it you are now blocking ads network wide!
Looking for some help, join our Discord community
If you are struggling with any steps in the guides or looking to branch out into other containers join our Discord community!
Buy me a beverage!
If you have found my site useful please consider pinging me a tip as it helps cover the cost of running things or just lets me stay hydrated. Plus 10% goes to the devs of the apps I do guides for every year.
Followed the guide and it worked perfectly! Now it’s a few weeks later and I went to log into pihole and the password I set and was using does not work. I restarted the project, no luck.
I tried to reset the password using the instructions the page gives “sudo pihole setpassword” but pihole is not found. I think it’s because I’m logged in as my admin account in a terminal window and I should be the dockerlimited account (which is what I used in the yaml) but am not sure. Any guidance on how to reset the password? Feel really dumb lol.
Hey – We have had this a few times in Discord it feels like its a bug that has carried forward from the initial release..
Step should be..
1) Stop the Project and remove the password line from the compose
2) Build the Project (Save and say Yes to pop up)
3) Then in Container Manager > Pihole Container > Action > Open Terminal > Create..
4) Click on the bash window that is created enter the command “pihole setpassword” and it will let you set a password
Thanks for this guide!
i was struggling a bit, but in the end the bridge mode worked for me.
But I could not figure out why unbound was not complying.
turned out that unbound and pi hole is running in separate containers. Unbound for me refused to expose port 5335 to anybody, and pi hole was not able to reach the unbound container on either my nas ip (like my own subnet ip: 192.168.0.122 for example), neither on 127.0.0.1.
what i ended up doing is: since unbound was exposing port 53, and unbound and pi hole was on the same docker network, setting
unbound#53
as the only upstream DNS server in the pi hole did the trick.
i am not sure if i was doing something wrong, or if it is a good idea to do it this way, (i have no idea what i am doing) but at least it is working now.
Thanks for the update – Until I can do some more thorough testing here, I am removing the Unbound element of the guide. I have been really lacking time recently and that has shown in the quality of the guide Unbound element. I usually spend a month or more using in real life before doing guide updates.. You are likely doing this correctly and it’s my error.
Thanks for these… I’ve been running Synology pihole (macvlan) for a while and just setup tailscale…
However once my PC is added to Tailscale, I cannot access webpage or ping pihole
I can ping everything else on same subnet, just the pihole is not responding
Synology is set as Exit node
pihole ip is in the Tailscale DNS
I’ve also set pihole Settings > DNS > Interface Settings >
was local
now permit all origins
Also tried “allow local network access” on the tailscale menu…
Once I disconnect the PC from Tailscale, ping/web to pihole works.
Is there something I missed?
Keep in mind when Pi-hole is in macvlan the Host (your NAS) cannot access it along with anything running on the NAS. To combine with Tailscale you will need to run in Host or Bridge mode.
Hi,
I have a little issue i can’t resolve.
I followed the mcvlan guide and it’s up and running.
But the issue is the following.
I’ am able to browse my local network but can’t go outside so no websites are available.
When i go into the PiHole settings and set google as my dns everything is working.
I think there is an issue with the unbound in my docker but don’t know where to look.
Any thoughts?
Hey – let me come back to you shortly, I may have made an error in the combination of both network wise.
Thx.
I case it may help to rule out a user error.
Here’s my yaml.
[SNIP]
Hey snipped your compose – see White Swan’s comment for the fix – I will be adjust the guide very shortly!!
Thx to you two guys for the fix, it’s up and running.
My DS932+ has something to kill the time and i can rest my Raspberry.
Only thing i noticed after installation and still monitoring.
I had to change the port in the custom dns setting from #5335 to #53.
Don’t know why but did so after still seeing ads and wondered why.
After changing the port it worked.
See my replies above to similar comments such as ZarqEon.
Hi
Your unbound.conf file contains the following
server:
interface: 0.0.0.0
port: 53
When I set up unbound following the macvlan method for pihole, the dns service does not resolve addresses, and I’ve had to reinstate 1.1.1.1 as my dns provider in pihole.
I don’t think it’s related, but I had previously set up pihole through macvlan using your tutorial, and I now want to install unbound too.
Hi
The issue is that Unbound is installed on a bridge network, while Pi-hole is running on a Macvlan network. Containers on Macvlan networks cannot communicate directly with the host (your Synology DSM, in this case).
I’ve found a workable solution: place Unbound on the same Macvlan network as Pi-hole. This ensures that both Pi-hole and Unbound can communicate with each other directly, as they would both be on the same network segment. This can be done as follows:
unbound:
image: klutchell/unbound
container_name: unbound
ports:
– “5335:53/tcp”
– “5335:53/udp”
volumes:
– /volume1/docker/unbound:/etc/unbound/custom.conf.d
networks:
macvlan:
ipv4_address: 192.168.0.130
of course substituting the desired ip address for your unbound instead of 192.168.0.130
Then, the instructions for Point Pi-hole at your Unbound instance (Optional) change to:
Click on Settings, then DNS. You will need to turn off any existing public DNS providers if any are ticked (Usually Google). Then click the Custom DNS drop down and enter your chosen Unbound IP address:
For example 192.168.0.130
Thank you beat me to the punch, been AFK all day 🙁
I will get the mistake fixed ASAP.
Happy to contribute; here are some points:
– In “If you used Macvlan enter the ip you used for the Unbound container followed by #5335” on page 5 – for me #53 works, not #5335
– In terms of updating the router DNS, I’m using pihole so the router DNS points to the pihole which is on a macvlan, not (for) “Macvlan = The address you chose for the container on the line ‘ipv4_address:’ ” , and the pihole specifies the ip address for Unbound; is there a different way it should be done?
– The Unbound logs consistently report problems with DNSSEC
I’d appreciate your input
Hey, see my reply to ZarqEon. – I am pulling the Unbound element of the guide until I can do further tests here.
Based on our Discord group, the above should have worked with #5353, but something is not right.