# piHole installieren

## Avahi installieren

```bash
# Avahi installieren

apt-get install avahi-daemon

# Hosts Datei anpassen

nano /etc/hosts

### Eintragen

# Als zweite Zeile 
127.0.0.1 phihole.local 

# und in PVE 
pihole.local abändern
```

### Repository hinzufügen

```
apt install software-properties-common
```

### PiHole installieren

```
curl -sSL https://install.pi-hole.net | bash
```

### Unbound installieren 

[https://docs.pi-hole.net/guides/dns/unbound/](https://docs.pi-hole.net/guides/dns/unbound/)

>

We will use [`unbound`](https://github.com/NLnetLabs/unbound), a secure open-source recursive <abbr title="Domain Name Service (decentralized naming system for computers, services, or other resources connected to the Internet)">DNS</abbr> server primarily developed by NLnet Labs, VeriSign Inc., Nominet, and Kirei. The first thing you need to do is to install the recursive <abbr title="Domain Name Service (decentralized naming system for computers, services, or other resources connected to the Internet)">DNS</abbr> resolver:

```
```

```
sudo apt install unbound

```

If you are installing unbound from a package manager, it should install the `root.hints` file automatically with the dependency `dns-root-data`. The root hints will then be automatically updated by your package manager.

**Optional**: Download the current root hints file (the list of primary root servers which are serving the domain "." - the root domain). Update it roughly every six months. Note that this file changes infrequently. This is only necessary if you are not installing unbound from a package manager. If you do this optional step, you will need to uncomment the `root-hints:` configuration line in the suggested config file.

```
```

```
wget https://www.internic.net/domain/named.root -qO- | sudo tee /var/lib/unbound/root.hints

```

## Konfiguration von pihole.conf

Für DNS over TLS

/etc/unbound/unbound.conf.d/pi-hole.conf

```
server:
    use-syslog: yes
    do-daemonize: no
    interface: 127.0.0.1
    port: 5335
    access-control: 127.0.0.0/8 allow
    cache-min-ttl: 3600
    cache-max-ttl: 86400
    prefetch: yes
    qname-minimisation: yes
    harden-below-nxdomain: yes
    harden-referral-path: yes

forward-zone:
    name: "."
    forward-tls-upstream: yes
    forward-addr: 194.242.2.3@853  # Mullvad
    forward-addr: 94.140.14.14@853  # Adguard

```

Nahc dem ändern mit `sudo systemctl restart unbound` neu starten