Install internal pi-hole instance ==> 0% complete

Install internal pi-hole instance

The amount of blocked domains by the existing pi-hole located on daemon.nmrc.org is a lot, but the vast majority of them are from internal devices, which simply get listed generically as coming from vortex.nmrc.org. To make things easier when tracking down problems, an "internal" pi-hole should exist. The decision needs to be made as to where and how to implement this.

Likely candidate is murmur.nmrc.org and to be implemented in a docker container. It should be capable of running in unbound mode. Internal systems should use it as the primary DNS server while using the public one on daemon.nmrc.org as the "backup" or second DNS server. For the most part, the existing pi-hole configuration on daemon.nmrc.org should work fine.

Steps to complete

• Research to determine how pi-hole's ports will need to be configured to ensure DNS will work from inside a docker container.
• Devise a docker compose file.
• Devise an update schedule for both blocklists and pi-hole application upgrades.
• Install pi-hole on murmur.nmrc.org.
• Migrate a copy of the public pi-hole config to the internal one.
• Reset a single test client's DNS settings to point to murmur.nmrc.org for testing. Do this without using the public server as a backup.
• Adjust config as needed after testing.
• Implement on default internal network and monitor.
• Implement to remaining internal networks.
• Document the process as needed.