Pi-Hole New User

deepak_lebdeepak_leb OG
edited January 2021 in Help




Hola,

Hope some of LEB users use Pi-Hole here.

I just now installed Pi-Hole to one of my US Server. Ok everything runs ok.

But is there any point the A record to that Pi-Hole IP Address ?, I mean it is hard to remember the Ipv4 address.

And I would like to use a sub-domain as my DNS Server ( Pi-Hole server ), So Anyway to do that ?.

Is this possible ?

And want to use that sub-domain dns on private DNS setting

Comments

  • BochiBochi OG

    Well, you would then have a classic "chicken-and-egg" problem: whom would you ask for the IP of the entered A record? ;)

    Thanked by (1)deepak_leb
  • FreekFreek

    Please don't setup an open DNS resolver if you don't know what you're doing: https://blogs.infoblox.com/community/how-dangerous-can-an-open-dns-resolver-be-part-i/

    Especially Pi-hole is not meant to be setup as a public dns resolver. Instead it's designed to be used within a closed network, for example over VPN. Pi-hole does not feature any rate limiting and will happily answer ANY queries, which are notorious for being used in DNS amplification attacks.

    So please, restrict access to you pi-hole instance by using (for example) pi-VPN.

    Thanked by (1)deepak_leb
  • vimalwarevimalware OG

    Change the listen interface to tun0/wg0 (openvpn/wireguard) and tunnel dns/all your traffic through the vpn.

    Thanked by (1)deepak_leb
  • saibalsaibal OG

    vimalware said:

    Change the listen interface to tun0/wg0 (openvpn/wireguard) and tunnel dns/all your traffic through the vpn.

    ^^This^^

    For extra cookie/brownie points setup Unbound as the upstream recursive DNS resolver. Follow this if you get stuck.

    Thanked by (1)deepak_leb
  • deepak_lebdeepak_leb OG

    @Freek said:
    Please don't setup an open DNS resolver if you don't know what you're doing: https://blogs.infoblox.com/community/how-dangerous-can-an-open-dns-resolver-be-part-i/

    Especially Pi-hole is not meant to be setup as a public dns resolver. Instead it's designed to be used within a closed network, for example over VPN. Pi-hole does not feature any rate limiting and will happily answer ANY queries, which are notorious for being used in DNS amplification attacks.

    So please, restrict access to you pi-hole instance by using (for example) pi-VPN.

    ok noted

  • deepak_lebdeepak_leb OG

    @saibal said:
    vimalware said:

    Change the listen interface to tun0/wg0 (openvpn/wireguard) and tunnel dns/all your traffic through the vpn.

    ^^This^^

    For extra cookie/brownie points setup Unbound as the upstream recursive DNS resolver. Follow this if you get stuck.

    Will follow this

  • vimalwarevimalware OG

    @deepak_leb said:

    @saibal said:
    vimalware said:

    Change the listen interface to tun0/wg0 (openvpn/wireguard) and tunnel dns/all your traffic through the vpn.

    ^^This^^

    For extra cookie/brownie points setup Unbound as the upstream recursive DNS resolver. Follow this if you get stuck.

    Will follow this

    Also, (obviously) firewall off port 53 (DROP) on public interfaces using whatever layering of rules you prefer.

    Thanked by (1)deepak_leb
Sign In or Register to comment.

© LowEndSpirit 2024

ipv6 ready