Security Pi-Hole

[Deebs]

So I thought I would complement my pfSense firewall running pfBlockerNG with Pi-Hole.

Basically it is a DNS blocking service and can run on a PI, physical machine or a VM. I have mine running on one of my spare PIs. Comes with a nice GUI and I have configured my DHCP to set the PI as the primary DNS and pfSense as the secondary.

Anyone else running Pi-Hole at home for ad-blocking, malware, telemetry blocking?

 

[~Yuckfou~]

I have no idea what you just said.

 

[Rubber Bullets]

I have no idea what you just said.

Me either, but it sounds impressive, I do kinda wish I did run pi-hole, for the name more than anything else.

When friends and family call me a geek this is where I come to prove to myself I'm really not. I'm a technophile, but I ain't got shit on the real, proper geeks.

 

[caLLous]

I teach myself computery things so I know a bit about a lot of things, a lot about a couple of things and nothing much about the rest. I should really get around to properly configuring my home network but unfortunately networking falls into the last category above. Everything goes through a Cisco E4200 with DD-WRT on it and that's about it. I don't even fully understand the reasons why you'd use multiple subnets. I guess to keep bits of the network separate from other bits of the network...

 

[Tom]

I have no idea what you just said.

I'm no expert but DHCP is a thing in your router or computer that automatically sets up the IP addresses so they make sense? So when you connect a load of things to your router, they all get given their own local IP addresses (192.168.0.1, 192.168.0.2, etc). And DNS is the thing that converts an IP address into a web address. So basically, his router has been instructed to go through the Pi, which itself is controlling what people on the internet see when they connect to his computer. His secondary DNS is running a bit of software, so he can compare the two firewalls.

I think.

 

[ECA]

I run a pihole it's really easy.

You just change the routers DNS to the piholes IP and it's pretty much fire and forget.

 

[Deebs]

So been a couple of years but have just upgraded to Pi-Hole 5

 

[dysfunction]

Have you got an idiots guide to what this is and how you use it?

 

[Jupitus]

Have you got an idiots guide to what this is and how you use it?

He must have, by definition

 

[Deebs]

Have you got an idiots guide to what this is and how you use it?

What to install it or upgrade it?

The Pi-Hole homepage has a really simple guide on how to do either.

 

[Deebs]

He must have, by definition

Didn't use your guide in the end as it was shite.

 

[dysfunction]

What to install it or upgrade it?

The Pi-Hole homepage has a really simple guide on how to do either.

Well there are a few things on there that I don't really know what they mean. For eg what does "install it in a container" mean?
I see there are a number of you tube videos for setup. I'll watch some of those.

Ive never used a raspberry pi before so no idea how that works!

 

[Deebs]

Well there are a few things on there that I don't really know what they mean. For eg what does "install it in a container" mean?
I see there are a number of you tube videos for setup. I'll watch some of those.

Ive never used a raspberry pi before so no idea how that works!

Fuck all that.

Buy a Pi or 2. Download the server version of the OS. Install Pi-Hole using the curl method (not a container). Set either your router or the PiHoles to be DHCP servers and configure the DNS servers to be the IP address of the Pi(s). Make sure the Pi(s) have static IP addresses.

 

[Deebs]

The smallest Pi4 is overpowered for this so just buy the cheapest.

 

[Moriath]

The smallest Pi4 is overpowered for this so just buy the cheapest.

Will it work on older pi’s ? I got one i used for an emulator for a while. Or does it need pi4 ?

 

[Deebs]

Will it work on older pi’s ? I got one i used for an emulator for a while. Or does it need pi4 ?

Any pi will do.

 

[MYstIC G]

Fuck all that.

Buy a Pi or 2. Download the server version of the OS. Install Pi-Hole using the curl method (not a container). Set either your router or the PiHoles to be DHCP servers and configure the DNS servers to be the IP address of the Pi(s). Make sure the Pi(s) have static IP addresses.

You can generally power an old Pi from your router if it has a USB port as well.

Android devices can be a bit sneaky about DNS servers as well, if only have one DNS server it can sometimes default the 2nd one to 8.8.8.8 which can let some stuff through

 

[Deebs]

You can generally power an old Pi from your router if it has a USB port as well.

Android devices can be a bit sneaky about DNS servers as well, if only have one DNS server it can sometimes default the 2nd one to 8.8.8.8 which can let some stuff through

Yeh which is why I block ALL DNS from leaving my network but hey, fuck DNS over HTTP. That is another issue I need to deal with.

 

[MYstIC G]

Yeh which is why I block ALL DNS from leaving my network but hey, fuck DNS over HTTP. That is another issue I need to deal with.

What do you use T? I just picked up a NanoPi R2S to start playing with OpenWrt

 

[Deebs]

I use a custom built mini-itx build running PfSense. This is my main router for all the VLANs I have running over my internal network.

 

[Moriath]

You are much more advanced than I. I just pick things up and play and implement them. Like i will i think with pi-hole.

otherwise i have might nighthawk router that does everything.

anything else i miss? For a timkerer

 

[Deebs]

You are much more advanced than I. I just pick things up and play and implement them. Like i will i think with pi-hole.

otherwise i have might nighthawk router that does everything.

anything else i miss? For a timkerer

I am shit at everything outside of IT. Put a shelf up straight? No chance. Build a wall? Fuck off. Fire a dwarf from a cannon (@Jupitus)? Ok Can do that.

 

[BloodOmen]

I have no idea what you just said.

I seen pi-hole and came in to crack a joke

 

[Jupitus]

I am shit at everything outside of IT. Put a shelf up straight? No chance. Build a wall? Fuck off. Fire a dwarf from a cannon (@Jupitus)? Ok Can do that.

Eh?

Fuck you buddeh!!

 

[MYstIC G]

I use a custom built mini-itx build running PfSense. This is my main router for all the VLANs I have running over my internal network.

I read good things about OPNsense but don't have the space for a proper PC where the router is in my place.

anything else i miss? For a timkerer

Not really, pi-hole is pretty good for "set and forget" whole LAN ad-blocking. With v5 it's also really easy to just type a URL into the GUI and block it which can be useful.

 

[Deebs]

OPNSense is a fork of PfSense due to a fallout or something (cannot remember the exact details). I've looked at it but CBA to migrate.

 

[Deebs]

So chaps how have you gotten on?

 

[Moriath]

So chaps how have you gotten on?

Need to find my pi. First issue lol

 

[Moriath]

Found my pi

I made a game station from it but not used it for years so can repurpose

eww blurry photos but still it works haha

 

[Deebs]

I would invest in a camera that can focus...