Pihole – setup notes – Ubuntu 24.04.2
apt update -y && apt upgrade -y && apt -y full-upgrade && apt -y autoremove && apt -y autoremove --purgeapt install -y net-tools mc fail2ban unbound curlubuntu-release-upgrader-coredo-release-upgrade -dhostnamectl set-hostname [some FQ hostname you want your server to be]curl -sSL https://install.pi-hole.net | bash- see: https://support.blue.net.au/2021/01/08/setup-pihole-server-on-aws/
I have also an alternate unbound config file, which takes advantage of the bigger DNS caches (Google, Cloudflare etc. You can amend it for your own purposes)
server:
verbosity: 1 # Minimal logs: startup + errors
interface: 127.0.0.1
port: 6236
do-ip4: yes
do-udp: yes
do-tcp: yes
do-ip6: no
prefer-ip6: no
# Root hints (update regularly)
root-hints: /var/lib/unbound/root.hints
# Security & DNSSEC
harden-glue: yes
harden-dnssec-stripped: yes
harden-referral-path: yes
unwanted-reply-threshold: 10000
use-caps-for-id: no
minimal-responses: yes
qname-minimisation: yes
qname-minimisation-strict: no
hide-identity: yes
hide-version: yes
val-permissive-mode: yes # ← Avoid SERVFAIL on DNSSEC issues
# Performance & cache
num-threads: 2
so-rcvbuf: 8m
so-sndbuf: 4m
edns-buffer-size: 2048 # ← Reduce truncation/TCP fallback
outgoing-range: 512
msg-cache-size: 128m
rrset-cache-size: 256m
cache-min-ttl: 300
cache-max-ttl: 86400
prefetch: yes
prefetch-key: yes
infra-cache-numhosts: 10000
infra-cache-min-rtt: 50
infra-cache-max-rtt: 1200
harden-short-bufsize: yes
num-queries-per-thread: 1024
# Private networks
private-address: 192.168.0.0/16
private-address: 169.254.0.0/16
private-address: 172.16.0.0/12
private-address: 10.0.0.0/8
private-address: fd00::/8
private-address: fe80::/10
# Forwarding for speed (fallback to own recursive if upstream fails)
forward-zone:
name: “.”
forward-addr: 1.1.1.1 # Cloudflare
forward-addr: 8.8.8.8 # Google
forward-addr: 4.2.2.2 # Level3
forward-first: yes
DANGER – upgrading this to Ubuntu 25.10 broke the Gravity updating of Lists. So stay at 25.04 or maybe someone will fix this.