I need a Domain Name System (DNS) server to control DNS queries and allow my internal and DMZ networks to access the Internet. Due to the low resource requirements, I can use Linux Containers (LXCs) rather than a full VM for these servers. I am going to install a Pi-hole for DNS on an LXC in the DMZ and on the external network. This allows the internal network to forward requests to a server within the domains control without exposing the Active Directory servers to the Internet. Using Pi-hole also allows me to configure a blacklist for certain domains. I use this on my personal network to remove ads which is Pi-hole’s main purpose.

Set up a Linux Container (LXC) for Pi-hole

Prerequisite: Creating a DMZ in pfsense to Separate Internal Servers

Since it’s the first time I am using a Linux Container (LXC) I will walk through the process to set one up in Proxmox. The first step is to get a CT Template since I don’t have one already. I will use the Ubuntu-20.04-standard tempalte.

Image of local storage on vmhost1 showing CT template screen.
Add a CT Template to local storage
Selecting ubuntu-20.04-standard as the template for DNS LXCs.
Selecting a template

Once the download is complete you can create a LXC container in Proxmox.

Example first screen of LXC configuration
Configure the basic information for the LXC
Screen showing template selection
Choose the template previously downloaded

After selecting the template I selected the system resources for the LXC. My DNS servers will have the following resources:

  • Disk: 8GB
  • CPU cores: 1
  • Memory: 512MB / Swap: 512MB
  • Network: Bridge for external / DMZ for DMZ server
  • Static IP: follows network diagram
  • DNS: use host settings for external / external DNS server IP for DMZ

Once you create the LXC the install happens automatically. Once you start it you access using root and the password set during configuration.

pi-hole login page for external DNS
LXC login page for my external DNS server

Install Pi-hole for DNS on the LXC

Like with the other VMs my first step is to update, upgrade, and install dependencies. All I need for Pi-hole is curl to run the command in Pi-hole’s install guide.

# apt update && apt upgrade -y
# apt install curl
Install curl using # apt install curl
Install curl to run the Pi-hole install command

After the update and upgrade I rebooted, then I ran the install command. 

# curl -sSL https://install.pi-hole.net | bash
Install screen after running command
Install screen should show up after running the command

After running the system checks the Pi-hole automated installer will start.

Pi-hole automated installer screen
Pi-hole automated installer screen

From here I chose the following settings for my server:

  • Upstream servers: OpenDNS for external / External pi-hole for DMZ
  • Blocklists: Yes
  • Install Admin Web Interface: Yes
  • Web Server: Yes
  • Everything else was left default

After that I had a summary page with admin webpage login password.

Install complete summary page
Install complete summary page with web admin password

Once the server is finished installing I accessed the web interface, and then logged in to the Pi-hole dashboard.

Pi-hole dashboard after initial login
Pi-hole web admin dashboard

Firewall and DHCP changes

I am using the pfsense firewall as my DHCP server so for the DMZ interface I needed to change the DNS servers to the new Pi-hole. I am not changing the LAN interface yet because those machines will eventually use the domain controller for its DNS which will forward requests to the Pi-hole.

Pi-hole DNS changes on pfsense web interface
Changing the DHCP scope on Pi-hole

Next it’s finally time to build my internal network, starting with a domain controller. Before installing that I am going to create a Windows Server template to streamline future server installs.

Next: Create a Windows Server Template
Previous: Creating a DMZ in pfsense to Separate Internal Servers