Pi Hole

Alex Sage

@jaredbusch said in Pi Hole:

My wife had to shut off her wifi to get her shopping cart to load a bit ago. I was out working on the front yard and not in a position to troubleshoot.

I think she was shopping on ShopJustice.com or something.

Add to the whitelist

jt1001001

dont (yet) have a lab virtual host at home, but do have 2 new (to me) PI's on the way so one will be for this app.

coliver

@jt1001001 said in Pi Hole:

dont (yet) have a lab virtual host at home, but do have 2 new (to me) PI's on the way so one will be for this app.

I've set this up on vultr. It's been working phenomenally.

Alex Sage

@coliver Same here How are you making sure it's only taking requests from you?

coliver

@aaronstuder said in Pi Hole:

@coliver Same here How are you making sure it's only taking requests from you?

Monitoring more then anything else. I'm not too concerned by other people using it. The admin interface is locked down to just my IP and it's a pretty complex password.

scottalanmiller

@aaronstuder said in Pi Hole:

@coliver Same here How are you making sure it's only taking requests from you?

Does it matter? I let people use mine. It's DNS, I could handle thousands of users without noticing.

Alex Sage

@coliver @scottalanmiller So what's your PiHole IP address?

scottalanmiller

173.199.123.211

Alex Sage

@scottalanmiller said in Pi Hole:

173.199.123.211

Now I just need @coliver's for backup and I don't need to run my own DNS anymore lmao

Alex Sage

I guess that means I have no control over my forwarders ether lol...

scottalanmiller

@aaronstuder said in Pi Hole:

I guess that means I have no control over my forwarders ether lol...

And we can mess with you. All kinds of funny things can happen if you control the DNS for lots of people.

Alex Sage

Hmmmmmm......

https://www.us-cert.gov/ncas/alerts/TA13-088A

scottalanmiller

"...but is more difficult to mitigate since even a server configured with best practices can still be used in an attack. "

scottalanmiller

Basically, network servers can be used to respond to the wrong address. Nothing special there, really.

JaredBusch

@aaronstuder said in Pi Hole:

Hmmmmmm......

https://www.us-cert.gov/ncas/alerts/TA13-088A

That is old news.

marcinozga

@aaronstuder said in Pi Hole:

Hmmmmmm......

https://www.us-cert.gov/ncas/alerts/TA13-088A

Keep your DNS private, behind NAT and firewall and don't expose it to internets.

NashBrydges

I realize I'm necro posting here but, is anyone actually running their Pi-Hole on Vultr? I have family that would love to use this for ad blocking but aren't technical enough to setup a Pi at home.

Any special consideration? Risks about having this open to the public? The obviously have dynamic IPs so not like I can restrict their IPs. Would Vultr's smallest instance be enough?

black3dynamite

@nashbrydges said in Pi Hole:

Would Vultr's smallest instance be enough?

I would assume the $5 instance would the best choice.

coliver

I have mine running on the 2.50$ server.

NashBrydges

@coliver said in Pi Hole:

I have mine running on the 2.50$ server.

Have you locked it down to only your IP address or is it open to the internet? What have you done to secure the server?