skip to content
Leonardo Mazzon
Pi-hole Podman

Pi-hole container with Podman

/ 3 min read

container, podman, pihole, dns

One piece of software that I always use on my local server is Pi-hole, it’s just too good to not have it running. I had to reinstall Pi-hole so I was thinking of trying Podman instead of Docker because it’s daemonless, rootless and it’s nice to have alternatives.

First steps

In this guide I will create the container as root because Pi-hole needs to use privileged ports(< 1024) which by default are protected from non-root users, you can lower the unprivileged port range if you want.

I’m running Ubuntu Server 22.04 LTS on a Raspberry Pi 3b.

First things first, install Podman and pull Pi-hole image.

sudo apt install podman
sudo podman pull docker.io/pihole/pihole

Avoid DNS conflict

Next we will need to edit systemd-resolved config because it uses port 53 for it’s DNS stub resolver which will conflict with Pi-hole.

sudo systemctl stop systemd-resolved
sudo nano /etc/systemd/resolved.conf #Sorry vim users

Add/uncomment the following line and change it’s value to “no”.

DNSStubListener=no

Start back the service and check that it is running correctly.

sudo systemctl start systemd-resolved
sudo systemctl status systemd-resolved

Podman command

This is the main command to create and start the container, remember to change the hostname, timezone and password. To update the container simply delete it and create a new one from the latest image, all configurations will be saved within Podman volumes “pihole” and “dnsmasq”.

sudo podman run -d \
    --name=pihole \
    --hostname=YOUR_HOSTNAME \
    -e TZ=YOUR_TIMEZONE \
    -e WEBPASSWORD=YOUR_PASSWORD \
    -e SERVERIP=127.0.0.1 \
    -v pihole:/etc/pihole \
    -v dnsmasq:/etc/dnsmasq.d \
    -p 53:53/tcp \
    -p 53:53/udp \
    -p 80:80 \
    --restart=always \
    pihole/pihole

Systemd service

Since Podman is deamonless we have to find a way to start the container after a reboot. Fortunately, we can do this with systemd and Podman will provide us the correct configuration file.

sudo podman generate systemd --new --name pihole > pihole.service
sudo mv pihole.service /etc/systemd/system

To finish reload systemd and start pihole.service.

sudo systemctl enable pihole.service
sudo systemctl start pihole.service
sudo systemctl status pihole.service

Now try to connect to the web interface at device_ip/admin. If everything works correctly you should see Pi-hole dashboard.

Update container

In order to update the container firstly download the new image.

sudo podman pull docker.io/pihole/pihole

Then stop the service and delete the old image.

sudo systemctl stop pihole.service
sudo podman images
sudo podman rmi OLD_IMAGE_ID

If you accidentally deleted the image before downloading the new one you won’t have a DNS resolver. You can solve this problem by, temporarily, enabling the DNSStubListener that we previously disabled.

Start the service to enable Pi-hole again.

sudo systemctl start pihole.service

All settings should be unchanged since we used Podman volumes.