First Ring Daily 1225: DNS Hole

Subscribe: RSS | YouTube | iTunes | Google Play

On this episode of First Ring Daily, setting up a Pi, hybrid talk is tomorrow, and trying to find the Pi.

Windows Intelligence In Your Inbox

Sign up for our new free newsletter to get three time-saving tips each Friday — and get free copies of Paul Thurrott's Windows 11 and Windows 10 Field Guides (normally $9.99) as a special welcome gift!

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

Tagged with

Share post

Please check our Community Guidelines before commenting

Conversation 9 comments

  • lwetzel

    Premium Member
    05 April, 2022 - 12:00 pm

    <p>Raspberry Pis are hard to get because of chip shortages. You might get one-second hand but… There are a couple of sites (and I am trying to remember the URL) that are tracking who has them for sale. The last I remember was 3 and it all depends on which pi you want. If I get the URL I will post it. </p>

    • dkrowe

      Premium Member
      05 April, 2022 - 12:42 pm

      <p><span style="color: rgb(0, 0, 0);">Found rpilocator.com while researching the subject.</span></p>

  • thomas45

    05 April, 2022 - 12:10 pm

    <p>paul is correct that you can use a online service the effectively replicate what the pi-hole does without have to use dedicated hardware. but of course you trust "some service" with all of your dns requests.</p>

  • Piyer

    05 April, 2022 - 1:46 pm

    <p>one does not need a RPi – you can install it on any old computer – the pi hole runs on ubuntu too</p>

  • webdev511

    Premium Member
    05 April, 2022 - 2:16 pm

    <p>I’ve been running a pi-hole for years. The only issue I’ve had is the SD card can fail. I’ve had that happen a couple of times, but it’s easier to just setup a new card once you know the pi itself is okay.</p>

  • infloop

    Premium Member
    05 April, 2022 - 2:54 pm

    <p>Pi-hole is a DNS server, actually, because all it does it handle DNS requests. You still need an actual router/firewall in front that handles your Internet connection.</p><p><br></p><p>You also do not need to have a Raspberry Pi to run the Pi-hole software. Any hardware that can run one of the supported operating systems work as well. This includes running it on a virtual machine, which is how I do it. They even have a Docker container available if you prefer that.</p><p><br></p><p>And yes, there are DNS services out there that can do what the Pi-hole does, but you then have to trust that service with all of your DNS queries. If you choose to use Pi-hole, you still need a recursive resolver that will perform the DNS lookups and reply back to Pi-hole so that Pi-hole can forward it on to your devices. You can roll your own recursive resolver or use a third-party service. The latter can be your ISP’s DNS or one of the public DNS services, for example. I use Quad9 as they do malicious domain blocking, and I like their privacy policy.</p>

  • spacein_vader

    Premium Member
    06 April, 2022 - 4:51 am

    <p>You can use the block lists for various means. You can block adult content, fake news, ads, malicious domains. </p><p><br></p><p>The biggest bonus for me is that on All4 and ITV Player (2 UK TV station on demand apps,) now have the ads blocked. So I watch the content then it skips the ads. Usually ad blocking on a TV is impossible. </p>

  • ThemainJP

    Premium Member
    06 April, 2022 - 3:41 pm

    <p>If you don’t want to bother with a Pi-hole, NextDNS and AdGuard DNS are easy to implement options.</p>

  • ken10

    06 April, 2022 - 11:19 pm

    <p>Do not think of a pihole as a firewall at all as suggested. It is a blackhole lookup. A device/ browser will ask for the IP of a DNS name and if its in the list of blocked addresses it responds to the device with an NXDOMAIN response. This tells the device "this does not exist". So it ceases to try attempt to pull the content – unless it does not. Many devices do not respect the DHCP address passed out for DNS resolution. For instance, my Samsung smart tv makes a suspiciously high volume of calls back to samsung cloud addresses. So I added a SmartTV block list which blocked it all. When I looked at the traffic on the network, the TV would try to call home, it would fail as expected, then all of a sudden would switch to Google DNS servers and try again which would resolve. The pihole can not block this attempt because the device ignored the DNS servers it was given. I had to then add a firewall that was configured to catch any UDP port 53 (dns) traffic that did NOT originate FROM the piholes (i run 2) and masquerade rewrite the request (to fool the client) and shove/ route that request into the pihole. Then I could see in my firewall how many times that happened. #Ludicrous. Other devices do this too. </p>

Windows Intelligence In Your Inbox

Sign up for our new free newsletter to get three time-saving tips each Friday

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

Thurrott © 2024 Thurrott LLC