====== Pi-Hole DNS Sinkhole and Ad Blocker ======
It may just be easier to use free AdGuard DNS servers...
https://adguard-dns.io/en/public-dns.html
https://pi-hole.net/
https://github.com/pi-hole/pi-hole
https://discourse.pi-hole.net/t/hardware-software-requirements
https://docs.pi-hole.net/main/prerequesites/
https://discourse.pi-hole.net/t/seven-things-you-may-not-know-about-pi-hole
https://freek.ws/2017/03/18/public-pi-hole/
**CLI**: https://discourse.pi-hole.net/t/the-pihole-command-with-examples/738
**Blocklist List**: https://firebog.net/
===== Flush DNS Cache =====
pihole restartdns reload-lists
===== Update =====
pihole -up
===== Install =====
curl -sSL https://install.pi-hole.net | bash
===== Password =====
Change the ''pihole'' user password used to log in to the web interface:
pihole -a -p
===== Firewall =====
Pi-Hole seems to work fine with only **port 53 (TCP and UDP)** exposed publicly.
Port 80 needs to be open for the web administration, and probably SSH as well.
In the CSF firewall, **we do not globally open these ports**, we only open them up to the US using:
CC_ALLOW_PORTS = US
CC_ALLOW_PORTS_TCP = 53,22
CC_ALLOW_PORTS_UDP = 53
==== Botnet Attack ====
=== IP Address List ===
:!: You can use this with Mikrotik routers and other devices.
Create an IP list from the last two days using ''ELDERJUSTICE'' as the search term:
cat /var/log/pihole.log |grep query |grep -v 127.0.0.1 |grep ELDERJUSTICE | cut -d" " -f9 |sort | uniq > evildoers.txt
cat /var/log/pihole.log.1 |grep query |grep -v 127.0.0.1 |grep ELDERJUSTICE | cut -d" " -f9 |sort | uniq >> evildoers.txt
=== CSF ===
We use CSF firewall for bastion hosts.
:!: ''LF_SELECT = 0'' means that the rule will block all ports.
RegEx to find IP of attacker of ELDERJUSTICE.GOV:
^\S+\s+\d+\s+\S+ \S+ query\[[A-Z]+\] ELDERJUSTICE.GOV from (\d+\.\d+\.\d+\.\d+)
vim /usr/local/csf/bin/regex.custom.pm
Inserting this will temporarily block the attacker for one week (604800 seconds):
# Pihole
if (($lgfile eq $config{CUSTOM1_LOG}) and ($line =~ /^\S+\s+\d+\s+\S+ \S+ query\[[A-Z]+\] ELDERJUSTICE.GOV from (\d+\.\d+\.\d+\.\d+)/)) {
return ("DNS attack from",$1,"mydnsmatch","3","53","604800");
}
vim /etc/csf/csf.conf
Change:
CUSTOM1_LOG = "/var/log/pihole.log"
Restart CSF:
csf -ra
===== Recursive DNS =====
Add recursion **after** your Pi-Hole is already up and running to your satisfaction.
https://docs.pi-hole.net/guides/unbound/
The default Pi-Hole is a **forwarding** DNS server. It forwards queries to upstream DNS servers.
The All Around DNS Solution adds **recursion**. This is important in certain circumstances where queries are limited by IP address, such as free DNSBLs.
===== Exclude Some Clients =====
:!: Use the **firewall** to block abusive external (recursive) clients.
https://www.vikash.nl/exclude-client-devices-with-pi-hole-5/
===== Troubleshooting =====
If the admin web interface gets wonky, try this as a temporary fix:
pihole -f
Also try giving PHP more RAM. The default is 128M, but you can give a lot more depending on your server's physical resources:
vim /etc/php/7.2/cgi/php.ini
memory_limit = 1024M