Virtual Architects Support Wiki

User Tools

Site Tools

You are here: start » internet » security » pihole
Trace: pihole
internet:security:pihole

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
internet:security:pihole [2019/08/30 10:21]
gcooper 		internet:security:pihole [2023/02/03 11:00] (current)
gcooper
Line 1: Line 1:
 ====== Pi-Hole DNS Sinkhole and Ad Blocker ====== ====== Pi-Hole DNS Sinkhole and Ad Blocker ======
 +
 +<note tip>It may just be easier to use free AdGuard DNS servers...
 +
 +https://adguard-dns.io/en/public-dns.html
 +</note>
  
 https://pi-hole.net/ https://pi-hole.net/
Line 14: Line 19:
  
 **CLI**: https://discourse.pi-hole.net/t/the-pihole-command-with-examples/738 **CLI**: https://discourse.pi-hole.net/t/the-pihole-command-with-examples/738
 +
 +**Blocklist List**: https://firebog.net/
 +
 +===== Flush DNS Cache =====
 +
 +<file>
 +pihole restartdns reload-lists
 +</file>
  
 ===== Update ===== ===== Update =====
Line 45: Line 58:
 <file> <file>
 CC_ALLOW_PORTS = US CC_ALLOW_PORTS = US
-CC_ALLOW_PORTS_TCP = 53,22222+CC_ALLOW_PORTS_TCP = 53,22
 CC_ALLOW_PORTS_UDP = 53 CC_ALLOW_PORTS_UDP = 53
 </file> </file>
Line 51: Line 64:
 ==== Botnet Attack ==== ==== Botnet Attack ====
  
-We use CSF firewall for bastion hosts.+=== IP Address List ===
  
-:!: ''LF_SELECT = 0'' means that the rule will block all ports.+:!: You can use this with Mikrotik routers and other devices.
  
-Create an IP list from the last two days:+Create an IP list from the last two days using ''ELDERJUSTICE'' as the search term:
  
 <file> <file>
-cat /var/log/pihole.log |grep query |grep ELDERJUSTICE | cut -d" " -f9 |sort | uniq > evildoers.txt +cat /var/log/pihole.log |grep query |grep -v 127.0.0.1 |grep ELDERJUSTICE | cut -d" " -f9 |sort | uniq > evildoers.txt 
-cat /var/log/pihole.log.1 |grep query |grep ELDERJUSTICE | cut -d" " -f9 |sort | uniq >> evildoers.txt+cat /var/log/pihole.log.1 |grep query |grep -v 127.0.0.1 |grep ELDERJUSTICE | cut -d" " -f9 |sort | uniq >> evildoers.txt
 </file> </file>
 +
 +=== CSF ===
 +
 +We use CSF firewall for bastion hosts.
 +
 +:!: ''LF_SELECT = 0'' means that the rule will block all ports.
  
 RegEx to find IP of attacker of ELDERJUSTICE.GOV: RegEx to find IP of attacker of ELDERJUSTICE.GOV:
Line 91: Line 110:
 </file> </file>
  
-Reboot needed?+Restart CSF:
  
-===== All Around DNS Solution =====+<file> 
 +csf -ra 
 +</file> 
 + 
 +===== Recursive DNS =====
  
 <note important>Add recursion **after** your Pi-Hole is already up and running to your satisfaction.</note> <note important>Add recursion **after** your Pi-Hole is already up and running to your satisfaction.</note>
Line 103: Line 126:
 The All Around DNS Solution adds **recursion**.   This is important in certain circumstances where queries are limited by IP address, such as free DNSBLs. The All Around DNS Solution adds **recursion**.   This is important in certain circumstances where queries are limited by IP address, such as free DNSBLs.
  
 +===== Exclude Some Clients =====
 +
 +:!: Use the **firewall** to block abusive external (recursive) clients.
 +
 +https://www.vikash.nl/exclude-client-devices-with-pi-hole-5/
 +
 +===== Troubleshooting =====
 +
 +If the admin web interface gets wonky, try this as a temporary fix:
 +
 +<file>
 +pihole -f
 +</file>
 +
 +Also try giving PHP more RAM.  The default is 128M, but you can give a lot more depending on your server's physical resources:
 +
 +<file>
 +vim /etc/php/7.2/cgi/php.ini
 +
 +memory_limit = 1024M
 +</file>
internet/security/pihole.1567182074.txt.gz · Last modified: 2019/08/30 10:21 by gcooper

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki