This repo has 2 different docker-compose configs-- choose your favorite. The two-container config may work better on Synology due to usage of macvlan networking which helps prevent port conflicts with the host.
one-container(new) - Install Unbound directly into the Pi-Hole container- This configuration contacts the DNS root servers directly, please read the Pi-Hole docs on Pi-hole as All-Around DNS Solution to understand what this means.
- With this approach, we can also simplify our Docker networking since
macvlanis no longer necessary.
two-container(legacy) - Use separate containers for Pi-Hole and Unbound- This configuration uses MatthewVance's unbound-docker container to implement encrypted DNS to third party DNS resolvers (eg Cloudflare). This is arguably less privacy-friendly since you're handing your DNS queries to those 3rd party providers.