Differences

This shows you the differences between two versions of the page.

--- internet:security:pihole [2019/08/04 19:03]
gcooper
+++ internet:security:pihole [2023/02/03 11:00] (current)
gcooper
@@ Line 1: / Line 1: @@
 ====== Pi-Hole DNS Sinkhole and Ad Blocker ======
+<note tip>It may just be easier to use free AdGuard DNS servers...
+https://adguard-dns.io/en/public-dns.html
+</note>
 https://pi-hole.net/
@@ Line 12: / Line 17: @@
 https://freek.ws/2017/03/18/public-pi-hole/
+**CLI**: https://discourse.pi-hole.net/t/the-pihole-command-with-examples/738
+**Blocklist List**: https://firebog.net/
+===== Flush DNS Cache =====
+<file>
+pihole restartdns reload-lists
+</file>
 ===== Update =====
@@ Line 37: / Line 52: @@
 Pi-Hole seems to work fine with only **port 53 (TCP and UDP)** exposed publicly.
-Port 80 needs to be open for the web administration.
+Port 80 needs to be open for the web administration, and probably SSH as well.
-We use CSF firewall for bastion hosts.
+In the CSF firewall, **we do not globally open these ports**, we only open them up to the US using:
+<file>
+CC_ALLOW_PORTS = US
+CC_ALLOW_PORTS_TCP = 53,22
+CC_ALLOW_PORTS_UDP = 53
+</file>
+==== Botnet Attack ====
+=== IP Address List ===
-==== Attack ====
+:!: You can use this with Mikrotik routers and other devices.
-Create an IP list from the last two days:
+Create an IP list from the last two days using ''ELDERJUSTICE'' as the search term:
 <file>
-cat /var/log/pihole.log |grep query |grep ELDERJUSTICE | cut -d" " -f9 |sort | uniq > evildoers.txt
+cat /var/log/pihole.log |grep query |grep -v 127.0.0.1 |grep ELDERJUSTICE | cut -d" " -f9 |sort | uniq > evildoers.txt
-cat /var/log/pihole.log.1 |grep query |grep ELDERJUSTICE | cut -d" " -f9 |sort | uniq >> evildoers.txt
+cat /var/log/pihole.log.1 |grep query |grep -v 127.0.0.1 |grep ELDERJUSTICE | cut -d" " -f9 |sort | uniq >> evildoers.txt
 </file>
-RegEx to find ELDERJUSTICE.GOV:
+=== CSF ===
+We use CSF firewall for bastion hosts.
+:!: ''LF_SELECT = 0'' means that the rule will block all ports.
+RegEx to find IP of attacker of ELDERJUSTICE.GOV:
 <file>
@@ Line 60: / Line 91: @@
 </file>
-Insert:
+Inserting this will temporarily block the attacker for one week (604800 seconds):
 <file>
@@ Line 79: / Line 110: @@
 </file>
-Reboot needed?
+Restart CSF:
+<file>
+csf -ra
+</file>
+===== Recursive DNS =====
+<note important>Add recursion **after** your Pi-Hole is already up and running to your satisfaction.</note>
+https://docs.pi-hole.net/guides/unbound/
+The default Pi-Hole is a **forwarding** DNS server.  It forwards queries to upstream DNS servers.
+The All Around DNS Solution adds **recursion**.   This is important in certain circumstances where queries are limited by IP address, such as free DNSBLs.
+===== Exclude Some Clients =====
+:!: Use the **firewall** to block abusive external (recursive) clients.
+https://www.vikash.nl/exclude-client-devices-with-pi-hole-5/
+===== Troubleshooting =====
+If the admin web interface gets wonky, try this as a temporary fix:
+<file>
+pihole -f
+</file>
+Also try giving PHP more RAM.  The default is 128M, but you can give a lot more depending on your server's physical resources:
+<file>
+vim /etc/php/7.2/cgi/php.ini
+memory_limit = 1024M
+</file>

Virtual Architects Support Wiki

User Tools

Site Tools

Differences

Page Tools