This is an old revision of the document!
https://github.com/pi-hole/pi-hole
https://discourse.pi-hole.net/t/hardware-software-requirements
https://docs.pi-hole.net/main/prerequesites/
https://discourse.pi-hole.net/t/seven-things-you-may-not-know-about-pi-hole
https://freek.ws/2017/03/18/public-pi-hole/
CLI: https://discourse.pi-hole.net/t/the-pihole-command-with-examples/738
Blocklist List: https://firebog.net/
pihole restartdns
pihole -up
curl -sSL https://install.pi-hole.net | bash
Change the pihole
user password used to log in to the web interface:
pihole -a -p
Pi-Hole seems to work fine with only port 53 (TCP and UDP) exposed publicly.
Port 80 needs to be open for the web administration, and probably SSH as well.
In the CSF firewall, we do not globally open these ports, we only open them up to the US using:
CC_ALLOW_PORTS = US CC_ALLOW_PORTS_TCP = 53,22222 CC_ALLOW_PORTS_UDP = 53
Create an IP list from the last two days:
cat /var/log/pihole.log |grep query |grep -v 127.0.0.1 |grep ELDERJUSTICE | cut -d" " -f9 |sort | uniq > evildoers.txt cat /var/log/pihole.log.1 |grep query |grep -v 127.0.0.1 |grep ELDERJUSTICE | cut -d" " -f9 |sort | uniq >> evildoers.txt
We use CSF firewall for bastion hosts.
LF_SELECT = 0
means that the rule will block all ports.
RegEx to find IP of attacker of ELDERJUSTICE.GOV:
^\S+\s+\d+\s+\S+ \S+ query\[[A-Z]+\] ELDERJUSTICE.GOV from (\d+\.\d+\.\d+\.\d+)
vim /usr/local/csf/bin/regex.custom.pm
Inserting this will temporarily block the attacker for one week (604800 seconds):
# Pihole if (($lgfile eq $config{CUSTOM1_LOG}) and ($line =~ /^\S+\s+\d+\s+\S+ \S+ query\[[A-Z]+\] ELDERJUSTICE.GOV from (\d+\.\d+\.\d+\.\d+)/)) { return ("DNS attack from",$1,"mydnsmatch","3","53","604800"); }
vim /etc/csf/csf.conf
Change:
CUSTOM1_LOG = "/var/log/pihole.log"
Restart CSF:
csf -ra
https://docs.pi-hole.net/guides/unbound/
The default Pi-Hole is a forwarding DNS server. It forwards queries to upstream DNS servers.
The All Around DNS Solution adds recursion. This is important in certain circumstances where queries are limited by IP address, such as free DNSBLs.
If the admin web interface gets wonky:
pihole -f