Jump to content
OpenSecurity.global
  • Recently Browsing   0 members

    No registered users viewing this page.

Tim Casey

Pi-hole DNS solution

Recommended Posts

This has been around for a few years, but I learned about it this week from a youtube video. DNS is important to security and most routers and firewalls don't give you as much visibility as this solution.

https://pi-hole.net/2017/05/12/seven-things-you-may-not-know-about-pi-hole/

Turns out you don't need a Pi to get it running.

Now if someone could integrate this into OpenWRT that would be cool. 😉

Share this post


Link to post

did you watch that before or after it was posted to the home firewall thread on the 24th ? 🙂

  • Like 1

Share this post


Link to post
15 hours ago, Sean Wright said:

You can also use Pi-Hole along with Cloudflare DNS to have DOH. Scott has a great writeup how to do this: https://scotthelme.co.uk/securing-dns-across-all-of-my-devices-with-pihole-dns-over-https-1-1-1-1/

It's certainly feasible, but DoH is pure cancer. DoT is better, but still dependent on the web of trust. DNSCurve is probably still the best option from a technical and ideological purity perspective.

Although of course, end users may not care in the end, but we should avoid solutions that have the potential to make things worse in the long run.

Share this post


Link to post

I'm curious how often you guys have found DNS blocking (Pi-hole or otherwise) ends up breaking site functionality? I've seen various instances where it would be too much work to track down all the things that are being blocked and instead just switch to an unfiltered DNS server to complete whatever task I need to.

Share this post


Link to post

I have had instances where it does break functionality, but not often. The logs are pretty decent and it's pretty simple to see what is being blocked and then whitelist it. Also there is an option to temporarily disable Pi-Hole (well stop it from blocking lookups).

  • Like 1

Share this post


Link to post
9 hours ago, Steve Lord said:

It's certainly feasible, but DoH is pure cancer. DoT is better, but still dependent on the web of trust. DNSCurve is probably still the best option from a technical and ideological purity perspective.

Although of course, end users may not care in the end, but we should avoid solutions that have the potential to make things worse in the long run.

I have both Pi-Hole and an unbound instance running on my network. I point the Pi-Hole at the unbound server for filtering, and use the unbound server for DoT to Cloudflare

Share this post


Link to post
On 9/2/2019 at 5:19 AM, james mckinlay said:

did you watch that before or after it was posted to the home firewall thread on the 24th ? 🙂

No, serendipitously I learned about pi-hole from a youtube video.

(Do you like that I replied more than a month later). 😉

I think a DNS solution/product for home use is really needed. I really don't think routers at the dmarc (that get dns from your cable provider) or access points (which just use the default gateway address as the dns address) is feature rich enough. Although a lot of cable providers are just defaulting to 8.8.8.8, 8.8.4.4 anyway. But that takes up a lot of your bandwidth.

 

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Members online now

    No members to show

×
×
  • Create New...

Important Information

We use cookies as we're cookie monsters. Privacy Policy