🧭 Pi-hole on Proxmox LXC (Ubuntu) — DNS Filtering and Ad Blocking Guide

Author’s Note:
This guide demonstrates how to install and manage Pi-hole inside an Ubuntu LXC container running on Proxmox VE.
It covers installation, updates, web administration, DNS setup, and best practices — all tested on a real homelab setup.

🧭 1. Introduction — What Is Pi-hole?

Pi-hole is a lightweight network-wide ad blocker that acts as a DNS sinkhole.
It blocks advertisements and tracking domains for all devices on your network — laptops, phones, smart TVs, even IoT devices — without requiring browser extensions.

🧠 Benefits

• Blocks ads network-wide
• Improves browsing performance
• Reduces bandwidth usage
• Protects against malicious domains
• Provides detailed DNS analytics

🧩 Why Run Pi-hole in an LXC on Proxmox?

💡 Tip: Pi-hole inside an LXC gives you enterprise-like performance with homelab simplicity.

⚙️ 2. Prerequisites

🧱 3. Create the Pi-hole LXC Container

Using CLI

pct create 250 local:vztmpl/ubuntu-22.04-standard_22.04-2_amd64.tar.zst   -hostname pihole   -storage local-lvm   -cores 2   -memory 1024   -rootfs local-lvm:4   -net0 name=eth0,bridge=vmbr0,ip=10.0.0.250/24,gw=10.0.0.1   -unprivileged 1

Start and access:

pct start 250
pct exec 250 bash

Set hostname:

hostnamectl set-hostname pihole

🧠 Pro Tip: Reserve this IP in your router to prevent DHCP conflicts.

🧩 4. Update and Prepare the System

apt update && apt upgrade -y
apt install curl net-tools vim -y

If you need to enforce a static IP manually:

nano /etc/netplan/10-lxc.yaml

Example:

network:
  version: 2
  ethernets:
    eth0:
      dhcp4: no
      addresses: [10.0.0.250/24]
      gateway4: 10.0.0.1
      nameservers:
        addresses: [1.1.1.1, 8.8.8.8]

Apply configuration:

netplan apply

💾 5. Install Pi-hole

Pi-hole provides an easy one-line installer:

curl -sSL https://install.pi-hole.net | bash

During setup:

• Interface: eth0
• IP: 10.0.0.250
• DNS: Cloudflare (1.1.1.1) or Google (8.8.8.8)
• Web Interface: Yes
• Logging: Optional

Once done, you’ll see:

Web Interface: http://10.0.0.250/admin
Password: <generated>

Change or reset password:

pihole -a -p

🧠 6. Web Administration

Access Pi-hole web UI:

http://10.0.0.250/admin

Login → Dashboard provides:

• Query Logs
• Block statistics
• Whitelist/Blacklist tools
• Real-time analytics

Change password (optional):

pihole -a -p newpassword

⚙️ 7. Manage Pi-hole via Command Line

Example:

pihole -g
pihole -up

🌐 8. Configure DNS for Your Network

Option 1 — Set Pi-hole as router DNS

In your router DHCP settings:

Primary DNS: 10.0.0.250
Secondary DNS: 8.8.8.8

Option 2 — Manually configure on a device

Change DNS settings:

DNS Server: 10.0.0.250

💡 You can verify Pi-hole is active by visiting:
http://pi.hole/admin

🔐 9. Security and Maintenance

Update System

apt update && apt upgrade -y

Update Pi-hole

pihole -up

Restart Services

systemctl restart pihole-FTL
systemctl restart lighttpd

Backup Configurations

cp -r /etc/pihole /root/pihole-backup

Snapshot Container (Proxmox)

pct snapshot 250 pre-update

⚙️ Use snapshots before updates for quick rollback.

⚙️ 10. Optional — Use Unbound for Recursive DNS

Make Pi-hole your own resolver using Unbound.

Install Unbound

apt install unbound -y

Create config file:

nano /etc/unbound/unbound.conf.d/pi-hole.conf

Add:

server:
    port: 5335
    interface: 127.0.0.1
    do-ip4: yes
    do-udp: yes
    do-tcp: yes
    private-address: 10.0.0.0/8
    private-address: 192.168.0.0/16

Restart:

systemctl restart unbound

Update Pi-hole upstream DNS:

127.0.0.1#5335

💡 This allows your Pi-hole to resolve queries independently, improving privacy.

🧩 11. Logs and Troubleshooting

Logs

tail -f /var/log/pihole.log

Service Status

systemctl status pihole-FTL
systemctl status lighttpd

Web Service Check

ss -tulpn | grep :80

If the UI fails to load:

systemctl restart lighttpd

💾 12. Backup, Snapshot, and Restore

Backup via Proxmox

vzdump 250 --compress zstd --storage local

Restore

pct restore 251 /var/lib/vz/dump/vzdump-lxc-250.tar.zst

Quick Rollback

pct snapshot 250 pre-upgrade
pct rollback 250 pre-upgrade

🧠 13. Advantages of Pi-hole in LXC

🧠 Pro Tip: Use LXC’s shared kernel and fast boot to run Pi-hole continuously with negligible load.

⚙️ 14. Example Terraform Block (Optional)

resource "proxmox_lxc" "pihole" {
  hostname     = "pihole"
  target_node  = "pve-node"
  ostemplate   = "local:vztmpl/ubuntu-22.04-standard_22.04-2_amd64.tar.zst"
  cores        = 2
  memory       = 1024
  unprivileged = true
  start        = true

  network {
    name   = "eth0"
    bridge = "vmbr0"
    ip     = "10.0.0.250/24"
    gw     = "10.0.0.1"
  }

  ssh_public_keys = file("/home/automation/.ssh/id_rsa.pub")
}

🧾 15. Pi-hole Command Cheat Sheet

✅ 16. Conclusion

“Pi-hole is your network’s first line of defense — small, silent, and incredibly effective.”

Running Pi-hole in an Ubuntu LXC on Proxmox gives you:

• Lightweight performance
• Snapshots and instant recovery
• Full automation potential

Together with Terraform and Ansible, it forms a complete, self-maintaining DNS filtering and network protection stack.

End of Guide — Pi-hole on Proxmox LXC (Ubuntu 22.04)