how to setup pi hole on synology nas

content/post/2022/02/how-to-enjoy-your-own-digital-music.md

@@ -47,6 +47,10 @@ What I wanted to say is this: I want to take up Mike's call on buying (physical)
 
 Let me know if your current option isn't on this list. 
 
+Edit: Mike reached out to me and added an option:
+
+> As for my music setup, I just store all my music on my linux desktop and use syncthing to sync my music collection to my phone and laptop. I then just use the Vanilla Music to play it on my CalyxOS phone and Audacious on linux.
+
 I never heard about the [Subsonic API](http://www.subsonic.org/pages/api.jsp) before. Hosting Navidrome and using an appropriate app on your smartphone effectively allows you to host-your-own-Spotify! There's plenty of apps on multiple platforms to choose from, and some of them support offline play (caching), which is a boon for when using your phone in the car as a music player. I'd like to explore this path and plan on setting up something like that myself in combination with a NAS to store the music itself. Navidrome has a [live demo app](https://demo.navidrome.org/app/) that looks great (login with `demo`/`demo`). 
 
 Things don't have to be complicated to enjoy your music. Yet the premise of streaming is alluring: any device can access your collection, regardless of where you are in the house. If you open up your NAS to the internet, regardless of where you are in the world. A bunch of "smart" wireless speakers like Sonos seem to support the Subsonic ecosystem (more like the other way around using the [bonob service](https://github.com/simojenki/bonob)).

content/post/2022/02/how-to-setup-pi-hole-on-synology-nas.md

@@ -0,0 +1,46 @@
+---
+title: How to setup Pi-Hole on  a Synology NAS
+subtitle:  Without Breaking Your ISP's DNS Server!
+date: 2022-02-23T09:25:00+01:00
+categories:
+  - software
+---
+
+After exploring the options on [how to enjoy your own digital nusic](/post/2022/02/how-to-enjoy-your-own-digital-music/), I decided to install my first local NAS ever. But that story is reserved for another planned blog post! In this post, I'd like to summarize the options and steps taken to deploy a Pi-Hole as a Docker container on the (Synology) NAS. I've been struggling to get the settings just right and it's still fresh enough to remember and write down the details. 
+
+Yes, there are ample guides on how to get the thing up and running. Bootstrapping a Docker container is child's play nowadays, especially with DSM 7, the Synology OS. Just install the "Docker" application, find the correct one in the "registry" tab, download it, and configure desired capabilities and environment variables. The basics are well-explained in [Kev Quirk's guide](https://kevq.uk/how-to-setup-pi-hole-on-a-synology-nas/). The problems I've been struggling with are:
+
+- How to use the Pi-Hole image[^pi] in conjunction with Synology's custom DNS Server (I used it for local custom DNS domains and the reverse proxy);
+- How to use the Pi-Hole in conjunction with a router/modem from an ISP that refuses to let you customize the DNS server settings;
+- How to use the Pi-Hole in conjunction with other running stuff on the NAS that introduce port conflicts.
+
+[^pi]: If you decide to check "Use the same network as the Docker host"---which I eventually did but couldn't before getting rid of the second DNS server---leave ServerIP to `0.0.0.0`. If you ever decide on another IP, you won't need to change it here. 
+
+My ISP, [Proximus](https://proximus.be) (well, technically, Scarlet, the cheap alternative), comes with a sealed-tight modem called a _BBox3_. Modifying settings in `192.168.1.1` is limited to enabling/disabling Wifi, fiddling with DHCP, and that's about it. Since the Pi-Hole acts as a DNS server, resolving `brainbaking.com` into its IP (and the other way around), blocking nasty domains if necessary, you need some way to pass all network traffic through the NAS. My initial solution was to put another router in front of the modem, patch LAN1 to the WAN port there, and attach everything (but the TV decoder, that requires snooping stuff according to [userbase.be experts](https://userbase.be/forum/viewtopic.php?t=53619) I didn't dare to touch) to the second router. 
+
+That would look something like this: 
+
+![](../piholesetup1.jpg "The first setup: a second router to bypass the BBox3's DNS settings.")
+
+
+I didn't like the solution, but it worked. There are too many moving components involved. The second router is yet another device tucked away and silently eating Watts. Having both DSM's DNS Server application installed _and_ the Pi-Hole means you have to enable a forward first policy in the DNS server, as [explained by Joel Buckley here](https://blog.joelbuckley.com.au/2019/01/pi-hole-synology-dns). The problem is that the forward IP will change with each boot unless you script it... Installing the Docker container _after_ the DNS server was activated causes the container to constantly reset as port `53`, the DNS listening port, already is in use. Set that to whatever, we won't need it. 
+
+The Pi-Hole software comes equipped with basic local custom DNS capabilities. It's nowhere near advanced as Synology's DNS Server software, but it was enough to give my NAS a custom domain name and to resolve the subdomains. The reverse proxy settings in DSM still work. This means we can eliminate one DNS server! 
+
+After a day of fiddling, I finally discovered the DHCP server tab in the Pi-Hole admin panel. A DHCP server hands out internal IP addresses to "DHCP clients" (your networked devices), such as `192.168.1.234`. But it doesn't stop there, it also sets their DNS server, bingo! That means if you disable your router's DHCP server and use the Pi-Hole's (only one DHCP server broadcasting in the network is a good idea), the connected devices will still automatically be routed through the Pi-Hole. Without having to touch DNS server settings---which I couldn't change in the first place. That means we can also loose the second router. Do remember to setup your NAS as a static IP independent of the DHCP server (that isn't there yet when you boot the NAS)!
+
+Now the setup looks like this:  
+
+![](../piholesetup2.jpg "The revised setup: gone is the second router and DNS server.")
+
+Much better. Relying on the Pi-Hole's DHCP also eliminated the problem that the client name wasn't passed along. This means the logs were full of "Broadcom.Home" entries, regardless of its source. I contemplated flashing the second router with custom firmware such as the [OpenWrt](https://openwrt.org/) one, but limited compatibility with the D-Link I have meant reduced Wi-Fi capabilities and potentially bricking it. OpenWrt would theoretically allow for more fine-grained options such as other mystic `dmasq.d` settings that hopefully would resolve the client name issue. 
+
+I was worried about being dependent on the NAS (well, Docker container _in_ the NAS) as a DHCP server. What if it reboots or is offline? DHCP lease timeouts are usually set at a week or month or so, so once a device has an IP (and DNS settings), it won't need the DHCP server anymore. The trouble isn't the DHCP server but the DNS server. As soon as that goes down, any domain name won't resolve. 
+
+You can usually configure two DNS servers in routers, but that is now done automatically. [Choosing a second DNS server is strongly discouraged](https://discourse.pi-hole.net/t/secondary-dns-server-for-dhcp/1874/43) since apparently, it isn't used as a fall-through backup server, but as an _alternating_ server. That means that one request will go through the Pi-Hole, and another suddenly will not, rendering all our efforts futile. A solution would be to use two Pi-Holes, but for the moment, I'm done fighting with network stuff. 
+
+Yet another problem. Once the Pi-Hole is done with your DNS request, it has to pass it as an "upstream request" to another DNS server, which will eventually resolve it. By default, Google's `8.8.8.8` is enabled, but you can also configure it to use [Quad9](https://www.quad9.net/) (conveniently, `9.9.9.9`), a privacy-focused open DNS based off Switzerland. We didn't have much luck with that: it introduced a lot of latency before caching. After reverting to the factory settings of the BBox3 modem, Scarlet's Belgian DNS server, things again were very smooth. 
+
+![](../pirunning.jpg "The Pi-hole up and running on Xavier, our (internal networked) NAS.")
+
+_Pfew_. In the end, my limited networking skills might have led me to over-engineer the first solution, but I'm glad it works flawlessly now. The only challenge that remains---besides fiddling with blacklisting domains---is: what if the NAS goes down? For the moment, I don't feel like buying a Raspberry Pi just to install a backup DNS server, but it's certainly possible. Time will tell how stable the NAS OS itself is.