Tim Casey 3 Posted September 1, 2019 This has been around for a few years, but I learned about it this week from a youtube video. DNS is important to security and most routers and firewalls don't give you as much visibility as this solution. https://pi-hole.net/2017/05/12/seven-things-you-may-not-know-about-pi-hole/ Turns out you don't need a Pi to get it running. Now if someone could integrate this into OpenWRT that would be cool. 😉 Share this post Link to post
james mckinlay 116 Posted September 2, 2019 did you watch that before or after it was posted to the home firewall thread on the 24th ? 🙂 1 Share this post Link to post
Sean Wright 2 Posted September 3, 2019 You can also use Pi-Hole along with Cloudflare DNS to have DOH. Scott has a great writeup how to do this: https://scotthelme.co.uk/securing-dns-across-all-of-my-devices-with-pihole-dns-over-https-1-1-1-1/ Share this post Link to post
Steve Lord 9 Posted September 4, 2019 15 hours ago, Sean Wright said: You can also use Pi-Hole along with Cloudflare DNS to have DOH. Scott has a great writeup how to do this: https://scotthelme.co.uk/securing-dns-across-all-of-my-devices-with-pihole-dns-over-https-1-1-1-1/ It's certainly feasible, but DoH is pure cancer. DoT is better, but still dependent on the web of trust. DNSCurve is probably still the best option from a technical and ideological purity perspective. Although of course, end users may not care in the end, but we should avoid solutions that have the potential to make things worse in the long run. Share this post Link to post
Adam Pankow 0 Posted September 4, 2019 I'm curious how often you guys have found DNS blocking (Pi-hole or otherwise) ends up breaking site functionality? I've seen various instances where it would be too much work to track down all the things that are being blocked and instead just switch to an unfiltered DNS server to complete whatever task I need to. Share this post Link to post
Sean Wright 2 Posted September 4, 2019 I have had instances where it does break functionality, but not often. The logs are pretty decent and it's pretty simple to see what is being blocked and then whitelist it. Also there is an option to temporarily disable Pi-Hole (well stop it from blocking lookups). 1 Share this post Link to post
RT Hatfield 4 Posted September 4, 2019 9 hours ago, Steve Lord said: It's certainly feasible, but DoH is pure cancer. DoT is better, but still dependent on the web of trust. DNSCurve is probably still the best option from a technical and ideological purity perspective. Although of course, end users may not care in the end, but we should avoid solutions that have the potential to make things worse in the long run. I have both Pi-Hole and an unbound instance running on my network. I point the Pi-Hole at the unbound server for filtering, and use the unbound server for DoT to Cloudflare Share this post Link to post
Tim Casey 3 Posted October 10, 2019 On 9/2/2019 at 5:19 AM, james mckinlay said: did you watch that before or after it was posted to the home firewall thread on the 24th ? 🙂 No, serendipitously I learned about pi-hole from a youtube video. (Do you like that I replied more than a month later). 😉 I think a DNS solution/product for home use is really needed. I really don't think routers at the dmarc (that get dns from your cable provider) or access points (which just use the default gateway address as the dns address) is feature rich enough. Although a lot of cable providers are just defaulting to 8.8.8.8, 8.8.4.4 anyway. But that takes up a lot of your bandwidth. Share this post Link to post