Instead of port 53, I need to run unbound on 5335 (or another obscure port).I believe I also had to make some host level changed for DNS to operate correctly for incoming requests.

Here’s my podman run commands. These might have changed a bit with Pihole v6, but should still be ok AFAIK.

#PiHole1 Deployment/Upgrade Script podman run -d --name pihole -p 53:53/tcp -p 53:53/udp -p 8080:80/tcp --hostname pihole --cap-add=CAP_AUDIT_WRITE -e FTLCONF_REPLY_ADDR4=192.168.0.201 -e PIHOLE_DNS_=“192.168.0.201#5335;192.168.0.202#5335” -e TZ=“America/New York” -e WEBPASSWORD=" MyPassword" -v /var/pihole/pihole1:/etc/pihole -v /var/pihole/pihole1/piholedns/:/etc/dnsmasq.d --restart=unless-stopped --label=“io.containers.autoupdate=registry” docker.io/pihole/pihole:latest

#UnBound1 Deployment/Upgrade Script podman run -d --name unbound -v /var/pihole/pihole1/unbound:/opt/unbound/etc/unbound/ -v /var/pihole/pihole1/unbound/unbound.log:/var/log/unbound/unbound.log -v /var/pihole/pihole1/unbound/root.hints:/opt/unbound/etc/unbound/root.hints -v /var/pihole/pihole1/unbound/a-records.conf:/opt/unbound/etc/unbound/a-records.conf -p 5335:5335/tcp -p 5335:5335/udp --restart=unless-stopped --label=“io.containers.autoupdate=registry” docker.io/mvance/unbound:latest

I just went through my setup to verify dnssec settings in unbound to troubleshoot strange latency when removing random names while browsing. Did you verify the unbound certificate file was created and had the proper permissions? There are also a couple other configuration items in unbound related to dnssec that can be tweaked to improve the implementation.

I do exactly the same thing for all three of these services! My implementation is on podman rather than docker, but basically the same deal.

Apologies, you mentioned specifically your network drive. Interesting article but they give several work arounds for containers that may require host mode, and it appears the non Plex pass image is one of them to resolve this specific issue.

I would go around them and go directly to the source of categorization. It looks like this is the Symantec categorization website in case it’s different from what you’re workplace provides - https://sitereview.bluecoat.com/#/

You’ve likely given it full control to whatever storage you’ve mounted in the container anyway, unless you’ve given it the :ro flag, which in that case would operate the same regardless of networking mode. If someone gains access to your internal host, you have bigger problems. Some things just play better under host mode and all bridged mode is doing is creating a virtual switch on your host and passing allowed traffic through it at a base level. The best way to protect is by running a load balancer in a DMZ and proxying all of the traffic through it which is how I have my instance running. I funnel everything external --> TCP\UDP 443 in DMZ vlan load balancer --> internal LAN IP:docker port. I run a mix of host network or bridged mode depending on the container.

Are you running in docker? Change from bridged mode to host mode on your container which should resolve this.

From a time when the jerk motion was used en mass. https://www.dailymotion.com/video/x2jvcd5

As someone else mentioned, this is only available to PlexPass users. Sorry for the confusion! I bought my lifetime sub over a decade ago at this point and forget about these inconsistencies that used to just be part of the product.

It all starts to make sense then. I need to set Jellyfin up soon. It’s only a matter of time before they come after the “Lifetime” purchasers like myself. I bought it over a decade ago at this point.

Strange that plex.tv isn’t blocked while a “personal” categorized website is. Have you looked to see what category your domain is shuffled under? You could try submitting a recategorization request to Cisco Umbrella or Fortinet databases. Requests for recategorization are free to do.

Thank you Internet stranger for reminding me of this sketch.

Under Settings > Network there is a configuration item exactly for this. I’m running host network, but you can add the docker networks here as well.

Strisand effect for sure!

I would argue that gambling sites and gacha games are much worse.

There is an HACS addon for Meross to make the calls all local. I haven’t messed with it too much but it does work. The issue with my garage door opener is purely an issue with my Ubiquity setup and the fact it’s connecting through an exterior wall.

I have Meross smart plugs and they don’t cycle unexpectedly. They do use older wifi chips though and my Meross garage door opener has issues staying connected for some reason . I’ve not had an issue with their power plugs though, been using them for 3-4 years as well.

Not sure if you’ve de-googled yourself or not but there is a Google Drive Addon that has a whole slew of options for backing up your HA config. I’m sure there are alternate HA add-ons. This may require HACS but not certain.

Kei was recently found to botch all of their safety test scores for many years. As another commenter said, any crash in that design is guaranteed life threatening without some type of buffer.

I’ve had two QNAP NAS fail on me, never again. The first failed shortly after the 3-year warranty expired and was MSRP $600. The second failed right before warranty expiration with MSRP $1200 thinking a better unit would be less prone to fail, but alas.

Thankfully I was able to RMA to get my data back (proprietary RAID), and while waiting on RMA to return, built a custom TrueNAS server I can service all parts on myself for around the same cost of a new NAS. Sold the RMA unit on eBay to recoup some cost as well. All I ever ran on those units was Plex and Samba\NFS file shares. Never again.