PiHole on TrueNAS Core 12.0

muzmurray

Cadet
Joined
Jan 21, 2021
Messages
3
Hi, first post from a Freenas/TrueNAS noob, apologies if I'm in the wrong section!

I have been running the PiHole adblocker for a year or so on a Raspberry Pi attached to my network, I would like to clear up the hardware excess and run it on my TrueNAS Core server. I have some experience with Linux of various types, but TrueNAS is completely new to me.
After a lot of research on G**gle and Y*uT*be, I have found and tried several different approaches from Ubuntu in a VM to Docker.
I haven't had much luck as there seems to be no instructions ou tthere for TrueNAS 12.0, and every attempt I make using instructions for FreeNAS do not work.

Could anyone give a TrueNAS noob a helping hand?
Which is the "best" way - VM, Docker, or something else?
I have tried several times to install Ubuntu (18LTS and 20LTS) in a VM, it seems to go well with no problems, but when I start the VM I have no access via VNC or Serial.

Help please!
Thanks in advance
 

hervon

Patron
Joined
Apr 23, 2012
Messages
353
Search in your friend.
 

vanastasis

Cadet
Joined
Sep 18, 2020
Messages
5
are you able to install ubuntu and complete setup via vnc in bhyve ?
 
Last edited:

gt2416

Patron
Joined
Feb 4, 2018
Messages
262
The topic is here:

Im trying to get it to work natively. If you want something that works today without a vm you can use adguard home. They have a freebsd build.
Hopefully someone with more freebsd knowledge than me can help, I believe it is possible to run pihole in a FreeNAS jail.
Someone already got the main DNS service to work on FreeBSD, it builds and appears to run at least.


This is how far I got
1625845077485.png
 

Sokonomi

Contributor
Joined
Jul 15, 2018
Messages
115
Have you made progress on this? I'm quite interested. :P
 

gt2416

Patron
Joined
Feb 4, 2018
Messages
262
Sadly no. Pi-hole uses its own dns service (pinhole-FTL), someone else made it work for FreeBSD quite some time back. Sadly he said he won’t actively work on it and that version while it runs on FreeBSD has some issues. It keeps 1 cpu core pinned at 100% which is not ideal.
I really thought initially this would be a few dependencies and a lamp server. Unfortunately till someone is willing to maintain pi-FTL this is a no go. That thread has been open for years and no one from the FreeBSD community, with the expertise needed has helped that one user.
Since he did manage to get it to compile, at least some base work has been done.
 

GChuck

Dabbler
Joined
Jan 7, 2020
Messages
41
GT2416, I too have been working hard to try and get Pi-Hole working in a VM under TrueNAS 12.0-U4.1 with mixed results. However, I think I did it a little different than you.

First, instead of Ubuntu, I used Debian 10.9.0 as that is what the current version of Raspian is based upon. I created a virtual machine with 1gb memory, 10gb disk and 2 cores with 2 threads. The amount of memory and disk are no-brainers, but I just guessed at the number of cores and threads to throw at it. As the Raspberry Pi I was trying to replace had 4 cores, I thought 2 cores and 2 threads each should be enough.

I installed Debian with only a couple of small problems. I had to make sure that the VNC device was set to 800x600 during the install, otherwise the screen ended up garbled. And Debian wouldn't boot after the install but this was a known problem with bhyve which required a simple fix. When the boot fails, let it time out (about 90 seconds) and then the UEFI Shell appears. At the "Shell>" prompt, type "exit" to start the Boot Manager then select "Boot Maintenance Manager", the "Boot from File" and select the first item listed, then select "<EFI>" then "<debian>" and finally "grubx64.efi". The system should now boot normally.

Once the system has booted, you must login as root then "cd /boot/efi/EFI", "mkdir BOOT", "cd BOOT", "cp ../debian/* ." and finally "cp grubx64.efi bootx64.efi". Doing this will now allow your new Debian VM to boot normally every time, but the same steps may be required anytime you update the Grub boot loader. This is a bhyve problem and not a Debian problem.

You should now install sudo and create the pi account (if you didn't do it during the install process) and any other software you may want to use.

Now install the Pi-Hole software as usual using the standard "curl -sSL https://install.pi-hole.net | bash" and go through the normal Pi-hole scripts. If you use "unbound", then that can be added later. When finished installing, use your browser to connect to Pi-Holes admin console and do any further setup that you require.

When the install and setup has been completed, reboot your new Pi-Hole server to make sure everything starts correctly. You should now have a fully running Pi-Hole running in a VM on your TrueNAS server.

As a last step, you will want to make sure that your VM is set to autostart when the server reboots and also make sure that the VNC device is set to "NOT delay VM boot till VNC connects". This should allow the VM to start up without intervention should your server go down. That's what's supposed to happen

But ...

... this is where I'm having problems!

First, during the setup, I chose to use an unused network interface on my server. Plugged a network cable into the interface and into a switch and everything worked great while the system was up. But I wanted to make sure it would restart after a system reboot. So, at a quiet time, I rebooted my server and then all hell broke loose! That network interface started pumping out huge amounts of data and the server became unresponsive. I have yet to figure out what caused this, but I think it might have something to do with the way my network devices are configured. I've read as much documentation as I could find, but nothing stood out. When I got the system stabilized by unplugging the network cable, I restarted the VM and then everything worked great again.

This got me to thinking. My server does not used either the DNS or DHCP from the Pi-Hole. It's network interface is statically defined with address, default gateway and uses the gateway's DNS so no problem there, but all my clients use the Pi-Hole for both their DNS and DHCP. So I'm not sure if somehow they were getting into a race condition which caused the high network traffic.

Anyway, I think I'm close, but just haven't figured out the steps need to get to the finish line. So if you want to try these steps and see if you get any further, I would love to hear back from you. If you still want to go the Ubuntu route, the good luck and I hope you get it working.

Greg ...
 

Patrick M. Hausen

Hall of Famer
Joined
Nov 25, 2013
Messages
7,740
So, at a quiet time, I rebooted my server and then all hell broke loose! That network interface started pumping out huge amounts of data and the server became unresponsive. I have yet to figure out what caused this, but I think it might have something to do with the way my network devices are configured.
You built a bridge interface across two physical interfaces plugged into the same switch. That will generate a broadcast storm and stall your network.

You should assign the pihole VM to your single primary network interface and just use that. If you really must have a separate interface for pihole, it gets more complicated. You need to set up all the bridge interfaces you will need for VMs and/or jails/plugins in advance. The automatic creation of bridges for VMs really relies on the server having only a single interface.

HTH,
Patrick

P.S. I would run AdGuard Home in a jail instead of pihole.
 
Last edited:

adrianwi

Guru
Joined
Oct 15, 2013
Messages
1,231
I've had Pi-hole running for almost 18 months on my FreeNAS/TrueNAS box without any problems. My steps were:
  1. Create a ubuntu server VM with bhyve (1 vCPU and 1GB vRAM)
  2. Set a static IP address with netplan
  3. Install Pi-hole with the following command
Code:
curl -sSL https://install.pi-hole.net | bash


I also set it up as a recursive DNS server with unbound and wrote a small blog about it here. It's worked fine for me, and updates easily every 3-4 months with:

Code:
sudo pihole -up


:smile:
 

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,466
P.S. I would run AdGuard Home in a jail instead of pihole.
I've been recommending Pi-Hole a bit lately just to have configurable local DNS, e.g. for my Nextcloud script. Apparently most home routers are brain-dead and don't let you set up local DNS overrides, so Pi-Hole gives a pretty easy way to provide this service. Oh, and it also blocks ads, which can be helpful.

Unless your focus was on in a jail, in which case disregard...
 
Joined
Jan 4, 2014
Messages
1,644
I've been recommending Pi-Hole a bit lately just to have configurable local DNS
DNSMasq has served me well as a local DNS, but I've just had a look at Pi-hole and it's caught my attention as a GUI alternative. I'll have to give it a spin when I get a chance.

EDIT: Now it's really got my attention. Had a look at the online guides and it's FRITZ!Box aware. I'm loving it already :grin:
 
Last edited:

Constantin

Vampire Pig
Joined
May 19, 2017
Messages
1,828
P.S. I would run AdGuard Home in a jail instead of pihole.
Pi-hole is easy to use, works great as a flexible DNS server, can be set up to use DNSSEC to make secure downloads, offers a great choice re: what ad-block lists to use, features lists / queries for review, solid block/white-list support (including wildcard), and it's free. I can't see why I'd consider any other system for the time being.

Many web-sites only become usable again after pi-hole blocks 90%+ of the ads polluting them. The paranoid can combine pi-hole with a VPN to largely lock out their ISP from snooping on their IP traffic.

But I also really like how easy it makes it for me to assign names to various network devices without having to use hosts files. It just works, and it works across every device.

If there is one thing that would make pi-hole better, it would be the ability to propagate changes re: rules or DNS settings from one pi to the next. But one could also consider that isolated setup a feature.
 
Last edited:

Patrick M. Hausen

Hall of Famer
Joined
Nov 25, 2013
Messages
7,740
I've been recommending Pi-Hole a bit lately just to have configurable local DNS, e.g. for my Nextcloud script. Apparently most home routers are brain-dead and don't let you set up local DNS overrides, so Pi-Hole gives a pretty easy way to provide this service. Oh, and it also blocks ads, which can be helpful.
Ah - I understand. I was thinking people running Pi-Hole mainly do it for the ad blocking. I can always set up Unbound or BIND for local zones/overrides. But it is a nice integrated product, definitely. What Linuxisms require a VM instead of porting it to FreeBSD and running it in a jail?
 

gt2416

Patron
Joined
Feb 4, 2018
Messages
262
I don't pretend to understand most of it, but have a look at this thread, it would be really nice if pi-hole worked in a jail. I personally don't need it, but for some reason I really want it to work on FreeBSD, it would make me smile lol.
 

GChuck

Dabbler
Joined
Jan 7, 2020
Messages
41
Thanks Patrick.

This was the first time I tried using one of the other network interfaces on my server box for anything. Mostly, they just sit idle. I was never really sure why "server hardware" had all the extra nics. Will have to do more reading!

Greg
 

Patrick M. Hausen

Hall of Famer
Joined
Nov 25, 2013
Messages
7,740
Look here for more discussion of the same topic:

HTH,
Patrick
 

Mlovelace

Guru
Joined
Aug 19, 2014
Messages
1,111
DNSMasq has served me well as a local DNS, but I've just had a look at Pi-hole and it's caught my attention as a GUI alternative. I'll have to give it a spin when I get a chance.

EDIT: Now it's really got my attention. Had a look at the online guides and it's FRITZ!Box aware. I'm loving it already :grin:
Setting up DNS over HTTPS is easy if you don't mind using Cloudflare.
If there is one thing that would make pi-hole better, it would be the ability to propagate changes re: rules or DNS settings from one pi to the next. But one could also consider that isolated setup a feature.
I used this resource to set up a primary and secondary pihole in a HA configuration.
 
Last edited:

GChuck

Dabbler
Joined
Jan 7, 2020
Messages
41
Patrick, thanks again for the link about networking. I've been spending my time all weekend reading and trying to wrap my head around bridges and vlans how this all works together.

Anyway, as you suggested, I've changed the pihole to use the same network interface as everything else and that seems to have solved my network storm problem. The pihole is now doing everything as it should but still leaves me with a couple of questions.

When running the pihole on the Raspberry Pi, I used it as both my DNS and my DHCP server. I then defined a static DHCP IP address within it for my TrueNAS server. And on the network configuration interface setting, I check the DHCP box. So when the TrueNAS server booted, it would get it's static address from the DHCP server. This would also add the TrueNAS server to the pihole's DNS so I could use it's name instead of address when talking to it.

But now that my pihole in just running in a VM on the TrueNAS server, I think that there is a race condition. The VM has to start before the TrueNAS server get's its address but I don't think that is possible as TrueNAS has to start before the VM can be brought up. And now my Windows machines do not see the TrueNAS server in their "network neighborhood". Not sure how to resolve these issues.

Any pointers you can offer would be great.

Thanks.

Greg
 

Patrick M. Hausen

Hall of Famer
Joined
Nov 25, 2013
Messages
7,740
Your summary is perfectly correct. Configure your TrueNAS' networking statically and create a static DNS entry in PiHole. Only option in my opinion.
 
Top