ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    So I built: Pi-hole

    IT Discussion
    so i built how to pi-hole vultr
    11
    35
    3.0k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • gjacobseG
      gjacobse @NerdyDad
      last edited by

      @NerdyDad said in So I built: Pi-hole:

      @hobbit666 Point your home DNS to your pihole on vultr.

      Correct. This is all that is needed. @scottalanmiller has a PiHole setup for NTG,.. All that was needed post setup is to replaced the first DNS entry in my ERL router to the IP of the instance.

      However that said.. down the road I could see MY needing to update this as I don't have a static IP. It may or may not change post restarts months down the road.

      JaredBuschJ 1 Reply Last reply Reply Quote 0
      • gjacobseG
        gjacobse @DustinB3403
        last edited by

        @DustinB3403 said in So I built: Pi-hole:

        @JaredBusch said in So I built: Pi-hole:

        @DustinB3403 said in So I built: Pi-hole:

        Pihole has a set of list that it can use to dns block a lot of the really bad advertising sites.

        If you've just built, there are no default lists blocked. So you'll have to add your lists first.

        Pihole isn't a stop all, but it can quickly stop a massive amount of the dangerous or annoying ads.

        WTF? No blacklists by default? Put down the meth.

        Of course it has blacklists by default.

        I read that they changed it so that you had to enable individual blacklists. Hrm now I need to find the post.

        It has some by default... but you can also add your own

        1 Reply Last reply Reply Quote 0
        • scottalanmillerS
          scottalanmiller @hobbit666
          last edited by

          @hobbit666 said in So I built: Pi-hole:

          Dumb question 😄
          How are you using this on a VM on Vultr and browsing from Home? Are you proxy'n all your traffic through it?

          It's DNS, just point to it.

          1 Reply Last reply Reply Quote 0
          • scottalanmillerS
            scottalanmiller @hobbit666
            last edited by

            @hobbit666 said in So I built: Pi-hole:

            @JaredBusch said in So I built: Pi-hole:

            You never send your internet traffic to a pi-hole. That is not what it does.
            You simply point your local DNS to it, either per device or in your router.

            This is my issue then 🙂 that's what i thought they were for, Ad blocking and content filtering.

            They are, via DNS like Umbrella or Strongarm.io

            1 Reply Last reply Reply Quote 0
            • JaredBuschJ
              JaredBusch @DustinB3403
              last edited by

              @DustinB3403 said in So I built: Pi-hole:

              @JaredBusch said in So I built: Pi-hole:

              @DustinB3403 said in So I built: Pi-hole:

              Pihole has a set of list that it can use to dns block a lot of the really bad advertising sites.

              If you've just built, there are no default lists blocked. So you'll have to add your lists first.

              Pihole isn't a stop all, but it can quickly stop a massive amount of the dangerous or annoying ads.

              WTF? No blacklists by default? Put down the meth.

              Of course it has blacklists by default.

              I read that they changed it so that you had to enable individual blacklists. Hrm now I need to find the post.

              There are no longer default white listed items.

              1 Reply Last reply Reply Quote 0
              • JaredBuschJ
                JaredBusch @gjacobse
                last edited by

                @gjacobse said in So I built: Pi-hole:

                @NerdyDad said in So I built: Pi-hole:

                @hobbit666 Point your home DNS to your pihole on vultr.

                Correct. This is all that is needed. @scottalanmiller has a PiHole setup for NTG,.. All that was needed post setup is to replaced the first DNS entry in my ERL router to the IP of the instance.

                However that said.. down the road I could see MY needing to update this as I don't have a static IP. It may or may not change post restarts months down the road.

                Change what? Did you setup some kind of firewall rule to only allow your IP to access it? Because there is no restriction by default.

                gjacobseG 1 Reply Last reply Reply Quote 0
                • DonahueD
                  Donahue
                  last edited by

                  If this is just a DNS thing, what prevents someone from just changing the DNS settings on their device to bypass it? I am asking because I am actually curious.

                  black3dynamiteB scottalanmillerS 2 Replies Last reply Reply Quote 1
                  • black3dynamiteB
                    black3dynamite @Donahue
                    last edited by

                    @Donahue said in So I built: Pi-hole:

                    If this is just a DNS thing, what prevents someone from just changing the DNS settings on their device to bypass it? I am asking because I am actually curious.

                    Have your firewall only to allow pihole dns

                    1 Reply Last reply Reply Quote 1
                    • scottalanmillerS
                      scottalanmiller @Donahue
                      last edited by

                      @Donahue said in So I built: Pi-hole:

                      If this is just a DNS thing, what prevents someone from just changing the DNS settings on their device to bypass it? I am asking because I am actually curious.

                      DNS based security is for preventing honest mistakes or blocking malicious sites. It's not for stopping malicious employees looking for work arounds. Honestly, nothing really stops those, not in the real world. So trying to stop it is a lost cause and mostly just presents a challenge to people to look for ways around it. HR stops malicious stuff, this is to prevent accidents and is all normal businesses need.

                      You can easily, though, stop people from changing their DNS and limit DNS traffic only to the Pi-Hole, though, if you want another step.

                      1 Reply Last reply Reply Quote 1
                      • DonahueD
                        Donahue
                        last edited by

                        I am guessing this is only part of a complete solution. What I want to be able to do is filter specific types of content, specifically torrent and similar, from my network from devices I am not able to control otherwise.

                        scottalanmillerS 1 Reply Last reply Reply Quote 0
                        • scottalanmillerS
                          scottalanmiller @Donahue
                          last edited by

                          @Donahue said in So I built: Pi-hole:

                          I am guessing this is only part of a complete solution. What I want to be able to do is filter specific types of content, specifically torrent and similar, from my network from devices I am not able to control otherwise.

                          Filtering TYPES of things requires deep packet inspection. Totally different kind of thing and use case.

                          DonahueD 1 Reply Last reply Reply Quote 0
                          • DonahueD
                            Donahue @scottalanmiller
                            last edited by

                            @scottalanmiller said in So I built: Pi-hole:

                            @Donahue said in So I built: Pi-hole:

                            I am guessing this is only part of a complete solution. What I want to be able to do is filter specific types of content, specifically torrent and similar, from my network from devices I am not able to control otherwise.

                            Filtering TYPES of things requires deep packet inspection. Totally different kind of thing and use case.

                            right, this seems more like a web filter, which is still nice to have from time to time. But I would agree that web filters are more like a bandaid for HR issues. I say that also having mine turned on with my Fortigates.

                            scottalanmillerS 1 Reply Last reply Reply Quote 0
                            • scottalanmillerS
                              scottalanmiller @Donahue
                              last edited by

                              @Donahue said in So I built: Pi-hole:

                              @scottalanmiller said in So I built: Pi-hole:

                              @Donahue said in So I built: Pi-hole:

                              I am guessing this is only part of a complete solution. What I want to be able to do is filter specific types of content, specifically torrent and similar, from my network from devices I am not able to control otherwise.

                              Filtering TYPES of things requires deep packet inspection. Totally different kind of thing and use case.

                              right, this seems more like a web filter, which is still nice to have from time to time. But I would agree that web filters are more like a bandaid for HR issues. I say that also having mine turned on with my Fortigates.

                              I feel like filters are generally a bandaid, yes. But I like the Pi-Hole approach because it stops accidental things. Its' not like locking things down and freaking out about people doing things that they shouldn't be doing. It's about stopping Betty in accounts from clicking the wrong link on Google and being taken to a hijacked advertisement, or lowering the bandwidth used on the network by not allowing DoubleClick tracking ads through, or not having so many unnecessary images load on web pages... things like that.

                              Pi-Hole is "make life easier for your users" level security, not "distrust your users and lock them down" security.

                              1 Reply Last reply Reply Quote 1
                              • gjacobseG
                                gjacobse @JaredBusch
                                last edited by

                                @JaredBusch said in So I built: Pi-hole:

                                @gjacobse said in So I built: Pi-hole:

                                @NerdyDad said in So I built: Pi-hole:

                                @hobbit666 Point your home DNS to your pihole on vultr.

                                Correct. This is all that is needed. @scottalanmiller has a PiHole setup for NTG,.. All that was needed post setup is to replaced the first DNS entry in my ERL router to the IP of the instance.

                                However that said.. down the road I could see MY needing to update this as I don't have a static IP. It may or may not change post restarts months down the road.

                                Change what? Did you setup some kind of firewall rule to only allow your IP to access it? Because there is no restriction by default.

                                No - nothing like that. I just expect that when rebooted the IP may change.

                                JaredBuschJ 1 Reply Last reply Reply Quote 0
                                • JaredBuschJ
                                  JaredBusch @gjacobse
                                  last edited by

                                  @gjacobse said in So I built: Pi-hole:

                                  @JaredBusch said in So I built: Pi-hole:

                                  @gjacobse said in So I built: Pi-hole:

                                  @NerdyDad said in So I built: Pi-hole:

                                  @hobbit666 Point your home DNS to your pihole on vultr.

                                  Correct. This is all that is needed. @scottalanmiller has a PiHole setup for NTG,.. All that was needed post setup is to replaced the first DNS entry in my ERL router to the IP of the instance.

                                  However that said.. down the road I could see MY needing to update this as I don't have a static IP. It may or may not change post restarts months down the road.

                                  Change what? Did you setup some kind of firewall rule to only allow your IP to access it? Because there is no restriction by default.

                                  No - nothing like that. I just expect that when rebooted the IP may change.

                                  Vultr is a VPS provider. They don't change IP addresses of deployed systems.

                                  What are you talking about?

                                  gjacobseG 1 Reply Last reply Reply Quote 0
                                  • gjacobseG
                                    gjacobse @JaredBusch
                                    last edited by

                                    @JaredBusch said in So I built: Pi-hole:

                                    @gjacobse said in So I built: Pi-hole:

                                    @JaredBusch said in So I built: Pi-hole:

                                    @gjacobse said in So I built: Pi-hole:

                                    @NerdyDad said in So I built: Pi-hole:

                                    @hobbit666 Point your home DNS to your pihole on vultr.

                                    Correct. This is all that is needed. @scottalanmiller has a PiHole setup for NTG,.. All that was needed post setup is to replaced the first DNS entry in my ERL router to the IP of the instance.

                                    However that said.. down the road I could see MY needing to update this as I don't have a static IP. It may or may not change post restarts months down the road.

                                    Change what? Did you setup some kind of firewall rule to only allow your IP to access it? Because there is no restriction by default.

                                    No - nothing like that. I just expect that when rebooted the IP may change.

                                    Vultr is a VPS provider. They don't change IP addresses of deployed systems.

                                    What are you talking about?

                                    Having not used them before - yes @NTG and @scottalanmiller does. but not myself. I didn't know. If it doesn't change,.. it doesn't. Nothing else I need to do.... moving on.

                                    1 Reply Last reply Reply Quote 1
                                    • gjacobseG
                                      gjacobse
                                      last edited by

                                      so - I have this show up.. since my system is open.

                                      0_1540851467593_2018-10-29 18_16_20-Window.png

                                      0_1540851512657_2018-10-29 18_18_15-Window.png

                                      Should they be blacklisted? or allowed?

                                      JaredBuschJ 1 Reply Last reply Reply Quote 0
                                      • JaredBuschJ
                                        JaredBusch @gjacobse
                                        last edited by JaredBusch

                                        @gjacobse said in So I built: Pi-hole:

                                        so - I have this show up.. since my system is open.

                                        0_1540851467593_2018-10-29 18_16_20-Window.png

                                        0_1540851512657_2018-10-29 18_18_15-Window.png

                                        Should they be blacklisted? or allowed?

                                        That's not what that blacklist means. I am assuming those IP addresses are not yours.

                                        gjacobseG 1 Reply Last reply Reply Quote 0
                                        • gjacobseG
                                          gjacobse @JaredBusch
                                          last edited by

                                          @JaredBusch said in So I built: Pi-hole:

                                          @gjacobse said in So I built: Pi-hole:

                                          so - I have this show up.. since my system is open.

                                          0_1540851467593_2018-10-29 18_16_20-Window.png

                                          0_1540851512657_2018-10-29 18_18_15-Window.png

                                          Should they be blacklisted? or allowed?

                                          That's not what that blacklist means. I am assuming those IP addresses are not yours.

                                          They are not. And you are right. In this case, not blacklist.. FW maybe..

                                          JaredBuschJ 1 Reply Last reply Reply Quote 0
                                          • JaredBuschJ
                                            JaredBusch @gjacobse
                                            last edited by

                                            @gjacobse said in So I built: Pi-hole:

                                            @JaredBusch said in So I built: Pi-hole:

                                            @gjacobse said in So I built: Pi-hole:

                                            so - I have this show up.. since my system is open.

                                            0_1540851467593_2018-10-29 18_16_20-Window.png

                                            0_1540851512657_2018-10-29 18_18_15-Window.png

                                            Should they be blacklisted? or allowed?

                                            That's not what that blacklist means. I am assuming those IP addresses are not yours.

                                            They are not. And you are right. In this case, not blacklist.. FW maybe..

                                            Correct. If that is what you want, then you need to look at restricting access to the Pi-Hole instance in the first place.

                                            There is a thread on that here somewhere. But That is more work than it is worth IMO.

                                            What I would do is setup the Vultr Firewall and add an allow for your network. Use ARIN to look up the range your ISP uses. Then add a drop all for all other traffic on port 53.

                                            If you expand this to family, add their IP block as well.

                                            Not 100% solid, but much less likely to be randomly hit.

                                            A 1 Reply Last reply Reply Quote 2
                                            • 1
                                            • 2
                                            • 1 / 2
                                            • First post
                                              Last post