Project Writeup

Pi-hole DNS Filtering

A local DNS filtering and network visibility service running in a dedicated Linux container, using Pi-hole FTL and Unbound to support filtering, local troubleshooting, and recursive DNS resolution.

Project Goal

The goal of this project was to deploy a dedicated DNS filtering service for the lab network that improves visibility into domain requests, blocks unwanted traffic, and provides a practical environment for DNS troubleshooting.

Public documentation is intentionally sanitized. Internal IP addresses, client names, query logs, admin URLs, MAC addresses, and private network details are not published.

Environment Summary

Application Platform

Pi-hole FTL v6.6.2 running inside a dedicated Ubuntu Linux container in the Proxmox lab.

Recursive DNS

Unbound 1.22.0 is configured as a local recursive resolver for DNS resolution behind Pi-hole.

Network Role

Provides DNS filtering, domain review, and name-resolution visibility for lab and home network troubleshooting.

Service Exposure

DNS and web administration services run inside the local lab environment and are not published as public internet services.

Architecture

Local Network Clients | v Pi-hole DNS Filtering Container | +-- Domain Filtering +-- Query Visibility +-- Allow / Block Review | v Unbound Local Recursive Resolver | v Authoritative DNS Resolution Path

Technologies Used

Pi-hole FTL v6.6.2 Unbound 1.22.0 Ubuntu Linux Proxmox VE LXC Containers DNS Recursive DNS Network Troubleshooting Static IPv4 Local Web Admin Firewall Awareness

What I Built

Deployed Pi-hole in a dedicated Linux container instead of sharing it with unrelated services.
Configured DNS filtering to provide domain-level visibility and unwanted traffic reduction.
Integrated Unbound as a local recursive DNS resolver behind Pi-hole.
Used static IPv4 addressing for predictable client and service configuration.
Controlled IPv6 behavior in the container configuration to reduce unexpected DNS paths.
Validated that Pi-hole FTL is listening for DNS traffic and local web administration services.
Used the platform to investigate blocked domains, determine whether services should be allowed, and improve DNS troubleshooting habits.

Security and Privacy Considerations

Pi-hole is treated as an internal network service, not a public internet application.
Internal IP addresses, client device names, MAC addresses, query logs, and admin URLs are not published.
The service is isolated in its own container to simplify maintenance and reduce impact to other lab workloads.
DNS behavior is reviewed carefully before allowing or blocking domains used by legitimate devices or services.
Public documentation focuses on architecture and operational value rather than exposing live query data.

Operational Value

This project provides hands-on experience with DNS behavior, name-resolution troubleshooting, filtering decisions, local recursive DNS, and service isolation. It also creates visibility into how devices and applications communicate across the network.

The project supports infrastructure growth by reinforcing one of the most important operational areas in systems administration: understanding DNS well enough to troubleshoot authentication, access, cloud services, updates, filtering, and application behavior.

What This Demonstrates

The project demonstrates practical DNS administration, Linux container management, local resolver configuration, network troubleshooting, and privacy-conscious documentation. It is directly relevant to systems administration, infrastructure support, and MSP environments where DNS issues often appear as application, authentication, or connectivity problems.

Project Status

Active and operational. Future improvements may include stronger reporting, backup documentation, dashboard review, and additional validation of DNS failover behavior.