https://github.com/pi-hole/pi-hole
https://discourse.pi-hole.net/t/hardware-software-requirements
https://docs.pi-hole.net/main/prerequesites/
https://discourse.pi-hole.net/t/seven-things-you-may-not-know-about-pi-hole
https://freek.ws/2017/03/18/public-pi-hole/
CLI: https://discourse.pi-hole.net/t/the-pihole-command-with-examples/738
Blocklist List: https://firebog.net/
pihole restartdns reload-lists
pihole -up
curl -sSL https://install.pi-hole.net | bash
Change the pihole
user password used to log in to the web interface:
pihole -a -p
Pi-Hole seems to work fine with only port 53 (TCP and UDP) exposed publicly.
Port 80 needs to be open for the web administration, and probably SSH as well.
In the CSF firewall, we do not globally open these ports, we only open them up to the US using:
CC_ALLOW_PORTS = US CC_ALLOW_PORTS_TCP = 53,22 CC_ALLOW_PORTS_UDP = 53
You can use this with Mikrotik routers and other devices.
Create an IP list from the last two days using ELDERJUSTICE
as the search term:
cat /var/log/pihole.log |grep query |grep -v 127.0.0.1 |grep ELDERJUSTICE | cut -d" " -f9 |sort | uniq > evildoers.txt cat /var/log/pihole.log.1 |grep query |grep -v 127.0.0.1 |grep ELDERJUSTICE | cut -d" " -f9 |sort | uniq >> evildoers.txt
We use CSF firewall for bastion hosts.
LF_SELECT = 0
means that the rule will block all ports.
RegEx to find IP of attacker of ELDERJUSTICE.GOV:
^\S+\s+\d+\s+\S+ \S+ query\[[A-Z]+\] ELDERJUSTICE.GOV from (\d+\.\d+\.\d+\.\d+)
vim /usr/local/csf/bin/regex.custom.pm
Inserting this will temporarily block the attacker for one week (604800 seconds):
# Pihole if (($lgfile eq $config{CUSTOM1_LOG}) and ($line =~ /^\S+\s+\d+\s+\S+ \S+ query\[[A-Z]+\] ELDERJUSTICE.GOV from (\d+\.\d+\.\d+\.\d+)/)) { return ("DNS attack from",$1,"mydnsmatch","3","53","604800"); }
vim /etc/csf/csf.conf
Change:
CUSTOM1_LOG = "/var/log/pihole.log"
Restart CSF:
csf -ra
https://docs.pi-hole.net/guides/unbound/
The default Pi-Hole is a forwarding DNS server. It forwards queries to upstream DNS servers.
The All Around DNS Solution adds recursion. This is important in certain circumstances where queries are limited by IP address, such as free DNSBLs.
Use the firewall to block abusive external (recursive) clients.
https://www.vikash.nl/exclude-client-devices-with-pi-hole-5/
If the admin web interface gets wonky, try this as a temporary fix:
pihole -f
Also try giving PHP more RAM. The default is 128M, but you can give a lot more depending on your server's physical resources:
vim /etc/php/7.2/cgi/php.ini memory_limit = 1024M