First Ring Daily 1225: DNS Hole

Posted on April 5, 2022 by Brad Sams in First Ring Daily, Podcasts with 9 Comments

On this episode of First Ring Daily, setting up a Pi, hybrid talk is tomorrow, and trying to find the Pi.

Subscribe: RSS | YouTube | iTunes | Google Play

Tagged with

Join the discussion!


Don't have a login but want to join the conversation? Become a Thurrott Premium or Basic User to participate

Comments (9)

9 responses to “First Ring Daily 1225: DNS Hole”

  1. lwetzel

    Raspberry Pis are hard to get because of chip shortages. You might get one-second hand but... There are a couple of sites (and I am trying to remember the URL) that are tracking who has them for sale. The last I remember was 3 and it all depends on which pi you want. If I get the URL I will post it.

  2. thomas45

    paul is correct that you can use a online service the effectively replicate what the pi-hole does without have to use dedicated hardware. but of course you trust "some service" with all of your dns requests.

  3. Piyer

    one does not need a RPi - you can install it on any old computer - the pi hole runs on ubuntu too

  4. webdev511

    I've been running a pi-hole for years. The only issue I've had is the SD card can fail. I've had that happen a couple of times, but it's easier to just setup a new card once you know the pi itself is okay.

  5. infloop

    Pi-hole is a DNS server, actually, because all it does it handle DNS requests. You still need an actual router/firewall in front that handles your Internet connection.

    You also do not need to have a Raspberry Pi to run the Pi-hole software. Any hardware that can run one of the supported operating systems work as well. This includes running it on a virtual machine, which is how I do it. They even have a Docker container available if you prefer that.

    And yes, there are DNS services out there that can do what the Pi-hole does, but you then have to trust that service with all of your DNS queries. If you choose to use Pi-hole, you still need a recursive resolver that will perform the DNS lookups and reply back to Pi-hole so that Pi-hole can forward it on to your devices. You can roll your own recursive resolver or use a third-party service. The latter can be your ISP's DNS or one of the public DNS services, for example. I use Quad9 as they do malicious domain blocking, and I like their privacy policy.

  6. spacein_vader

    You can use the block lists for various means. You can block adult content, fake news, ads, malicious domains.

    The biggest bonus for me is that on All4 and ITV Player (2 UK TV station on demand apps,) now have the ads blocked. So I watch the content then it skips the ads. Usually ad blocking on a TV is impossible.

  7. ThemainJP

    If you don't want to bother with a Pi-hole, NextDNS and AdGuard DNS are easy to implement options.

  8. ken10

    Do not think of a pihole as a firewall at all as suggested. It is a blackhole lookup. A device/ browser will ask for the IP of a DNS name and if its in the list of blocked addresses it responds to the device with an NXDOMAIN response. This tells the device "this does not exist". So it ceases to try attempt to pull the content - unless it does not. Many devices do not respect the DHCP address passed out for DNS resolution. For instance, my Samsung smart tv makes a suspiciously high volume of calls back to samsung cloud addresses. So I added a SmartTV block list which blocked it all. When I looked at the traffic on the network, the TV would try to call home, it would fail as expected, then all of a sudden would switch to Google DNS servers and try again which would resolve. The pihole can not block this attempt because the device ignored the DNS servers it was given. I had to then add a firewall that was configured to catch any UDP port 53 (dns) traffic that did NOT originate FROM the piholes (i run 2) and masquerade rewrite the request (to fool the client) and shove/ route that request into the pihole. Then I could see in my firewall how many times that happened. #Ludicrous. Other devices do this too.

Leave a Reply