I’m accessing my Nextcloud, Linkding, Calibre e-book server, and other “cloud” services hosted on the NAS in the other room via their online domain and a Cloudflare tunnel. That means traffic essentially needs to be routed from my Mac, through Cloudflares servers online, and then back to the NAS. With that, what could be network file transfers actually take forever with my Telekom DSL.

When Cloudflare emails me some stats, like that I’ve transferred 10GB of data, I’m first shocked by the amount, and then amazed that my measly upload did all this.

It would be wise to bypass the Cloudflare part when in the local network – which is almost all the time. To do that, I could skip resolving domains like nextcloud.example.com and using the online route, and instead point the domain to the local (static) IP of the NAS in my home network.

A DNS server I know that’s easy to configure is Pi-hole, usually installed on a Raspberry Pi Zero or similar to offer ad blocking.

But it works just as well on Unraid, the NAS operating system I’ve chosen a couple of years ago (and am still very happy with). This works great – if you’re fine with your local DNS server going down when you shut down your NAS. That’s a rather big “if”, but I’m fine with running this experiment and then cleaning up a Pi if needed. (Pi Zero would be great for power consumption and footprint, but it doesn’t have Gigabit ethernet, so it could potentially become a bottleneck.)

The installation of Pi-hole, the software, is rather simple with Docker:

1. From Unraid’s “Apps” tab, search for “pihole” and pick binhex-official-pihole, the so-called official Docker image.

2. In the set-up screen, make sure you assign a fixed IP in your local subnet to the Docker image. I had to pick “Custom: br0” for this, and picked the IP 192.168.2.111. This is the only custom setting you need to know for this to work, the rest of this is “install an Unraid app” and “use Pi-hole”.

   

3. (Optional: After installation, I went to my Telekom (Speedport) router’s web configuration and assigned a name to the ‘device’ that appeared: “pihole”. Just so I recognize it in the networks tab.)

4. Test the web UI, either from Unraid’s Docker tab, or by using the IP: http://192.168.2.111/admin. Without the /admin part, you’ll get a 403 Forbidden response.

   

5. Assign a password for the pihole user. The web UI will tell you as much. Use the Docker console for the Pi-hole container (click the icon), then use sudo pihole -a -p and change the pihole user password to something that you can either bear to type, or better: store in your password manager. (If you never set a password on a Linux console before: it won’t show the characters you type. The cursor won’t move, and you won’t see any *** or similar. It still receives your keyboard input.)

6. Use the newly set password to log-in from the Web UI.

7. Navigate to “Local DNS”, then “DNS Records”. Enter custom domains and IP addresses. With my reverse proxy setup on Unraid, I could use domains like nextcloud.example.com and the NAS’s IP 192.168.2.100 and the reverse proxy would still resolve this.

   

8. Bonus: Add speedport.ip to point to the router if you have a Telekom Speedport router ;)

Next you need to use Pi-hole as your DNS on macOS, iOS, etc. This can be done on a per-network basis, so that you can use your Pi-hole’s IP as the DNS server (192.168.2.111 in my case) for your home network without ruining anything when you’re at someone else’s place.

• macOS: System Settings ▶ Wi-Fi ▶ “Details …” (in the active connection) ▶ DNS ▶ Click the + icon to add a DNS server and insert the Pi-hole’s IP
• iOS: Settings ▶ Wi-Fi ▶ Tap the “i” button next to the active connection ▶ Configure DNS (at the very bottom) ▶ Switch to “Manual” ▶ Enter the Pi-hole’s IP

I’ve yet to check what happens when I restart the server and thus the DNS server becomes unavailable.

As far as I know, you don’t want to set any fallbacks if you want to use Pi-hole’s ad-blocking feature. Blocking domains (acting as if they don’t exist) is how the Pi-hole does its job. With a fallback DNS server, your device would not get a resolution from the Pi-hole, then try the fallback, and still receive an ad in the end.