diff --git a/install/pihole-install.sh b/install/pihole-install.sh index d6472459..f3c52e90 100644 --- a/install/pihole-install.sh +++ b/install/pihole-install.sh @@ -42,6 +42,64 @@ EOF $STD bash <(curl -fsSL https://install.pi-hole.net) --unattended msg_ok "Installed Pi-hole" +read -r -p "Would you like to add Unbound? " prompt +if [[ ${prompt,,} =~ ^(y|yes)$ ]]; then + msg_info "Installing Unbound" + $STD apt-get install -y unbound + cat </etc/unbound/unbound.conf.d/pi-hole.conf +server: + verbosity: 0 + interface: 0.0.0.0 + port: 5335 + do-ip6: no + do-ip4: yes + do-udp: yes + do-tcp: yes + num-threads: 1 + hide-identity: yes + hide-version: yes + harden-glue: yes + harden-dnssec-stripped: yes + harden-referral-path: yes + use-caps-for-id: no + harden-algo-downgrade: no + qname-minimisation: yes + aggressive-nsec: yes + rrset-roundrobin: yes + cache-min-ttl: 300 + cache-max-ttl: 14400 + msg-cache-slabs: 8 + rrset-cache-slabs: 8 + infra-cache-slabs: 8 + key-cache-slabs: 8 + serve-expired: yes + serve-expired-ttl: 3600 + edns-buffer-size: 1232 + prefetch: yes + prefetch-key: yes + target-fetch-policy: "3 2 1 1 1" + unwanted-reply-threshold: 10000000 + rrset-cache-size: 256m + msg-cache-size: 128m + so-rcvbuf: 1m + private-address: 192.168.0.0/16 + private-address: 169.254.0.0/16 + private-address: 172.16.0.0/12 + private-address: 10.0.0.0/8 + private-address: fd00::/8 + private-address: fe80::/10 +EOF + mkdir -p /etc/dnsmasq.d/ + cat </etc/dnsmasq.d/99-edns.conf +edns-packet-max=1232 +EOF + wget -q https://www.internic.net/domain/named.root >/var/lib/unbound/root.hints + sed -i -e 's/PIHOLE_DNS_1=8.8.8.8/PIHOLE_DNS_1=127.0.0.1#5335/' -e 's/PIHOLE_DNS_2=8.8.4.4/#PIHOLE_DNS_2=8.8.4.4/' /etc/pihole/setupVars.conf + systemctl enable -q --now unbound + systemctl restart pihole-FTL.service + msg_ok "Installed Unbound" +fi + motd_ssh customize