ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    So I built: Pi-hole

    Scheduled Pinned Locked Moved IT Discussion
    so i builthow topi-holevultr
    35 Posts 11 Posters 4.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • JaredBuschJ
      JaredBusch @gjacobse
      last edited by

      @gjacobse said in So I built: Pi-hole:

      So I built a Pi-hole

      0_1540810572160_2018-10-29 06_55_31-Window.png
      On Vultr no less at that. Simple enough. But Is that all you need for ad blocking? It seems no - Pi-hole only does so much.

      I removed the Adblock extensions from Chrome and tested - there are / where ads on sites I generally go to;

      • News Sites
      • Reference Sites
      • etc,..

      While Pi-Hole is working - there are some limits; at least as it is installed with just the defaults. So, what is the real main benefit of running a Pi-Hole system if you are still going to need the browser end Adblock extensions?

      Like everything, it is about layers. Pi-Hole kills many things. When I browse news websites on my iPad at home it is amazing all the whitespace I see.

      1 Reply Last reply Reply Quote 0
      • hobbit666H
        hobbit666
        last edited by

        Dumb question πŸ˜„
        How are you using this on a VM on Vultr and browsing from Home? Are you proxy'n all your traffic through it?

        NerdyDadN JaredBuschJ scottalanmillerS 3 Replies Last reply Reply Quote 0
        • NerdyDadN
          NerdyDad @hobbit666
          last edited by

          @hobbit666 Point your home DNS to your pihole on vultr.

          gjacobseG 1 Reply Last reply Reply Quote 2
          • JaredBuschJ
            JaredBusch @hobbit666
            last edited by

            @hobbit666 said in So I built: Pi-hole:

            Dumb question πŸ˜„
            How are you using this on a VM on Vultr and browsing from Home? Are you proxy'n all your traffic through it?

            This makes no sense.

            You don’t need a proxy to view the web interface.

            You never send your internet traffic to a pi-hole. That is not what it does.

            You simply point your local DNS to it, either per device or in your router.

            hobbit666H 1 Reply Last reply Reply Quote 1
            • hobbit666H
              hobbit666 @JaredBusch
              last edited by

              @JaredBusch said in So I built: Pi-hole:

              You never send your internet traffic to a pi-hole. That is not what it does.
              You simply point your local DNS to it, either per device or in your router.

              This is my issue then πŸ™‚ that's what i thought they were for, Ad blocking and content filtering.

              scottalanmillerS 1 Reply Last reply Reply Quote 0
              • DustinB3403D
                DustinB3403 @JaredBusch
                last edited by

                @JaredBusch said in So I built: Pi-hole:

                @DustinB3403 said in So I built: Pi-hole:

                Pihole has a set of list that it can use to dns block a lot of the really bad advertising sites.

                If you've just built, there are no default lists blocked. So you'll have to add your lists first.

                Pihole isn't a stop all, but it can quickly stop a massive amount of the dangerous or annoying ads.

                WTF? No blacklists by default? Put down the meth.

                Of course it has blacklists by default.

                I read that they changed it so that you had to enable individual blacklists. Hrm now I need to find the post.

                gjacobseG JaredBuschJ 2 Replies Last reply Reply Quote 0
                • gjacobseG
                  gjacobse @NerdyDad
                  last edited by

                  @NerdyDad said in So I built: Pi-hole:

                  @hobbit666 Point your home DNS to your pihole on vultr.

                  Correct. This is all that is needed. @scottalanmiller has a PiHole setup for NTG,.. All that was needed post setup is to replaced the first DNS entry in my ERL router to the IP of the instance.

                  However that said.. down the road I could see MY needing to update this as I don't have a static IP. It may or may not change post restarts months down the road.

                  JaredBuschJ 1 Reply Last reply Reply Quote 0
                  • gjacobseG
                    gjacobse @DustinB3403
                    last edited by

                    @DustinB3403 said in So I built: Pi-hole:

                    @JaredBusch said in So I built: Pi-hole:

                    @DustinB3403 said in So I built: Pi-hole:

                    Pihole has a set of list that it can use to dns block a lot of the really bad advertising sites.

                    If you've just built, there are no default lists blocked. So you'll have to add your lists first.

                    Pihole isn't a stop all, but it can quickly stop a massive amount of the dangerous or annoying ads.

                    WTF? No blacklists by default? Put down the meth.

                    Of course it has blacklists by default.

                    I read that they changed it so that you had to enable individual blacklists. Hrm now I need to find the post.

                    It has some by default... but you can also add your own

                    1 Reply Last reply Reply Quote 0
                    • scottalanmillerS
                      scottalanmiller @hobbit666
                      last edited by

                      @hobbit666 said in So I built: Pi-hole:

                      Dumb question πŸ˜„
                      How are you using this on a VM on Vultr and browsing from Home? Are you proxy'n all your traffic through it?

                      It's DNS, just point to it.

                      1 Reply Last reply Reply Quote 0
                      • scottalanmillerS
                        scottalanmiller @hobbit666
                        last edited by

                        @hobbit666 said in So I built: Pi-hole:

                        @JaredBusch said in So I built: Pi-hole:

                        You never send your internet traffic to a pi-hole. That is not what it does.
                        You simply point your local DNS to it, either per device or in your router.

                        This is my issue then πŸ™‚ that's what i thought they were for, Ad blocking and content filtering.

                        They are, via DNS like Umbrella or Strongarm.io

                        1 Reply Last reply Reply Quote 0
                        • JaredBuschJ
                          JaredBusch @DustinB3403
                          last edited by

                          @DustinB3403 said in So I built: Pi-hole:

                          @JaredBusch said in So I built: Pi-hole:

                          @DustinB3403 said in So I built: Pi-hole:

                          Pihole has a set of list that it can use to dns block a lot of the really bad advertising sites.

                          If you've just built, there are no default lists blocked. So you'll have to add your lists first.

                          Pihole isn't a stop all, but it can quickly stop a massive amount of the dangerous or annoying ads.

                          WTF? No blacklists by default? Put down the meth.

                          Of course it has blacklists by default.

                          I read that they changed it so that you had to enable individual blacklists. Hrm now I need to find the post.

                          There are no longer default white listed items.

                          1 Reply Last reply Reply Quote 0
                          • JaredBuschJ
                            JaredBusch @gjacobse
                            last edited by

                            @gjacobse said in So I built: Pi-hole:

                            @NerdyDad said in So I built: Pi-hole:

                            @hobbit666 Point your home DNS to your pihole on vultr.

                            Correct. This is all that is needed. @scottalanmiller has a PiHole setup for NTG,.. All that was needed post setup is to replaced the first DNS entry in my ERL router to the IP of the instance.

                            However that said.. down the road I could see MY needing to update this as I don't have a static IP. It may or may not change post restarts months down the road.

                            Change what? Did you setup some kind of firewall rule to only allow your IP to access it? Because there is no restriction by default.

                            gjacobseG 1 Reply Last reply Reply Quote 0
                            • DonahueD
                              Donahue
                              last edited by

                              If this is just a DNS thing, what prevents someone from just changing the DNS settings on their device to bypass it? I am asking because I am actually curious.

                              black3dynamiteB scottalanmillerS 2 Replies Last reply Reply Quote 1
                              • black3dynamiteB
                                black3dynamite @Donahue
                                last edited by

                                @Donahue said in So I built: Pi-hole:

                                If this is just a DNS thing, what prevents someone from just changing the DNS settings on their device to bypass it? I am asking because I am actually curious.

                                Have your firewall only to allow pihole dns

                                1 Reply Last reply Reply Quote 1
                                • scottalanmillerS
                                  scottalanmiller @Donahue
                                  last edited by

                                  @Donahue said in So I built: Pi-hole:

                                  If this is just a DNS thing, what prevents someone from just changing the DNS settings on their device to bypass it? I am asking because I am actually curious.

                                  DNS based security is for preventing honest mistakes or blocking malicious sites. It's not for stopping malicious employees looking for work arounds. Honestly, nothing really stops those, not in the real world. So trying to stop it is a lost cause and mostly just presents a challenge to people to look for ways around it. HR stops malicious stuff, this is to prevent accidents and is all normal businesses need.

                                  You can easily, though, stop people from changing their DNS and limit DNS traffic only to the Pi-Hole, though, if you want another step.

                                  1 Reply Last reply Reply Quote 1
                                  • DonahueD
                                    Donahue
                                    last edited by

                                    I am guessing this is only part of a complete solution. What I want to be able to do is filter specific types of content, specifically torrent and similar, from my network from devices I am not able to control otherwise.

                                    scottalanmillerS 1 Reply Last reply Reply Quote 0
                                    • scottalanmillerS
                                      scottalanmiller @Donahue
                                      last edited by

                                      @Donahue said in So I built: Pi-hole:

                                      I am guessing this is only part of a complete solution. What I want to be able to do is filter specific types of content, specifically torrent and similar, from my network from devices I am not able to control otherwise.

                                      Filtering TYPES of things requires deep packet inspection. Totally different kind of thing and use case.

                                      DonahueD 1 Reply Last reply Reply Quote 0
                                      • DonahueD
                                        Donahue @scottalanmiller
                                        last edited by

                                        @scottalanmiller said in So I built: Pi-hole:

                                        @Donahue said in So I built: Pi-hole:

                                        I am guessing this is only part of a complete solution. What I want to be able to do is filter specific types of content, specifically torrent and similar, from my network from devices I am not able to control otherwise.

                                        Filtering TYPES of things requires deep packet inspection. Totally different kind of thing and use case.

                                        right, this seems more like a web filter, which is still nice to have from time to time. But I would agree that web filters are more like a bandaid for HR issues. I say that also having mine turned on with my Fortigates.

                                        scottalanmillerS 1 Reply Last reply Reply Quote 0
                                        • scottalanmillerS
                                          scottalanmiller @Donahue
                                          last edited by

                                          @Donahue said in So I built: Pi-hole:

                                          @scottalanmiller said in So I built: Pi-hole:

                                          @Donahue said in So I built: Pi-hole:

                                          I am guessing this is only part of a complete solution. What I want to be able to do is filter specific types of content, specifically torrent and similar, from my network from devices I am not able to control otherwise.

                                          Filtering TYPES of things requires deep packet inspection. Totally different kind of thing and use case.

                                          right, this seems more like a web filter, which is still nice to have from time to time. But I would agree that web filters are more like a bandaid for HR issues. I say that also having mine turned on with my Fortigates.

                                          I feel like filters are generally a bandaid, yes. But I like the Pi-Hole approach because it stops accidental things. Its' not like locking things down and freaking out about people doing things that they shouldn't be doing. It's about stopping Betty in accounts from clicking the wrong link on Google and being taken to a hijacked advertisement, or lowering the bandwidth used on the network by not allowing DoubleClick tracking ads through, or not having so many unnecessary images load on web pages... things like that.

                                          Pi-Hole is "make life easier for your users" level security, not "distrust your users and lock them down" security.

                                          1 Reply Last reply Reply Quote 1
                                          • gjacobseG
                                            gjacobse @JaredBusch
                                            last edited by

                                            @JaredBusch said in So I built: Pi-hole:

                                            @gjacobse said in So I built: Pi-hole:

                                            @NerdyDad said in So I built: Pi-hole:

                                            @hobbit666 Point your home DNS to your pihole on vultr.

                                            Correct. This is all that is needed. @scottalanmiller has a PiHole setup for NTG,.. All that was needed post setup is to replaced the first DNS entry in my ERL router to the IP of the instance.

                                            However that said.. down the road I could see MY needing to update this as I don't have a static IP. It may or may not change post restarts months down the road.

                                            Change what? Did you setup some kind of firewall rule to only allow your IP to access it? Because there is no restriction by default.

                                            No - nothing like that. I just expect that when rebooted the IP may change.

                                            JaredBuschJ 1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 2 / 2
                                            • First post
                                              Last post