Pi-Hole New User

edited January 2021 in Help




Hola,

Hope some of LEB users use Pi-Hole here.

I just now installed Pi-Hole to one of my US Server. Ok everything runs ok.

But is there any point the A record to that Pi-Hole IP Address ?, I mean it is hard to remember the Ipv4 address.

And I would like to use a sub-domain as my DNS Server ( Pi-Hole server ), So Anyway to do that ?.

Is this possible ?

And want to use that sub-domain dns on private DNS setting

Comments

  • Well, you would then have a classic "chicken-and-egg" problem: whom would you ask for the IP of the entered A record? ;)

    Thanked by (1)deepak_leb
  • Please don't setup an open DNS resolver if you don't know what you're doing: https://blogs.infoblox.com/community/how-dangerous-can-an-open-dns-resolver-be-part-i/

    Especially Pi-hole is not meant to be setup as a public dns resolver. Instead it's designed to be used within a closed network, for example over VPN. Pi-hole does not feature any rate limiting and will happily answer ANY queries, which are notorious for being used in DNS amplification attacks.

    So please, restrict access to you pi-hole instance by using (for example) pi-VPN.

    Thanked by (1)deepak_leb
  • Change the listen interface to tun0/wg0 (openvpn/wireguard) and tunnel dns/all your traffic through the vpn.

    Thanked by (1)deepak_leb
  • vimalware said:

    Change the listen interface to tun0/wg0 (openvpn/wireguard) and tunnel dns/all your traffic through the vpn.

    ^^This^^

    For extra cookie/brownie points setup Unbound as the upstream recursive DNS resolver. Follow this if you get stuck.

    Thanked by (1)deepak_leb
  • @Freek said:
    Please don't setup an open DNS resolver if you don't know what you're doing: https://blogs.infoblox.com/community/how-dangerous-can-an-open-dns-resolver-be-part-i/

    Especially Pi-hole is not meant to be setup as a public dns resolver. Instead it's designed to be used within a closed network, for example over VPN. Pi-hole does not feature any rate limiting and will happily answer ANY queries, which are notorious for being used in DNS amplification attacks.

    So please, restrict access to you pi-hole instance by using (for example) pi-VPN.

    ok noted

  • @saibal said:
    vimalware said:

    Change the listen interface to tun0/wg0 (openvpn/wireguard) and tunnel dns/all your traffic through the vpn.

    ^^This^^

    For extra cookie/brownie points setup Unbound as the upstream recursive DNS resolver. Follow this if you get stuck.

    Will follow this

  • @deepak_leb said:

    @saibal said:
    vimalware said:

    Change the listen interface to tun0/wg0 (openvpn/wireguard) and tunnel dns/all your traffic through the vpn.

    ^^This^^

    For extra cookie/brownie points setup Unbound as the upstream recursive DNS resolver. Follow this if you get stuck.

    Will follow this

    Also, (obviously) firewall off port 53 (DROP) on public interfaces using whatever layering of rules you prefer.

    Thanked by (1)deepak_leb
Sign In or Register to comment.