Going down the Pi-hole

Forums › LAN (ethernet/Wifi/routers/Bluetooth) › Going down the Pi-hole

1 | 2 | 3

RmACK

196 posts

Master Geek
+1 received by user: 27

#2351293 10-Nov-2019 21:19

I initially had some setup issues with Adguard related to my Keepalived setup - Adguard was bound to 0.0.0.0 by default, yet any requests I sent to it via the keepalived virtual IP received responses from the real IP of the VM, not the Keepalived virtual IP. This pretty much broke DNS for any system with a firewall on it as the response was no longer classed as a related or established connection. Binding Adguard to the virtual IP instead cured this, but it also means I can't manually query it directly for testing purposes (e.g. if it's not the keepalived master or I'm unsure).

Apart from that niggle related to my setup, it's been solid, running for a week now and clocked half a million DNS queries. Haven't really noticed much different positive or negative compared to Pi-hole. The web interface is nice and clean.

dfnt

1553 posts

Uber Geek
+1 received by user: 1036

Trusted

Lifetime subscriber

#2351319 10-Nov-2019 22:11

I took a quick look at Adguard, I'm not sure why people are saying its better.. it's more or less identical to pi-hole and doesn't offer any benefit over it

It only uses Adguard's own list by default, it doesn't block ads in Youtube on Android and iOS devices. It's almost impossible to block these ads using DNS based blockers because the ad content is delivered from the same server as the actual video content, not a seperate ad domain

From memory I couldn't see any easy way to click on a client and see its requests, but I can't remember as I deleted the VM

I also use pihole with keepalived, good to see others doing that too

RmACK

196 posts

Master Geek
+1 received by user: 27

#2359691 23-Nov-2019 11:21

Had my first issue with Adguard, but it was a misconfiguration on my part: I hadn't configured an upstream for local reverse DNS.

This caused some MySQL authentication failures between VMs as creds were limited to particular hosts by hostname, but they started getting checked by IP due to broken rDNS.

In addition to the config lines for my upstream DNS servers e.g. cloudflare or quad9, I now have:

[/my.home.domain/]10.10.0.254:53
[/10.10.in-addr.arpa/]10.10.0.254:53

First says that DNS lookups for subdomains of my.home.domain (not my actual domain, altered for privacy) goes to my router (which is the DHCP server and has dnsmasq).

2nd rule is the new rDNS rule i.e. send 10.10.x.x rDNS queries to my router.

Pihole does this via a more user friendly form field in the advanced DNS settings area.

jonathan18

7415 posts

Uber Geek
+1 received by user: 2850

ID Verified

Trusted

#2405664 24-Jan-2020 09:59

Rather than starting a new thread, I thought piggy-backing on this one may make sense...

A friend of mine has kindly set up a RPi with Pi-hole on it for me; I've not yet given it a go as I'm unsure of whether it is possible it is use Pi-hole at the same time as a DNS 'service' (in our case, Getflix).

Is this possible? If so, is anyone able to please give me pointers as to how I would achieve it?

I have Getflix's DNS servers in the router at the moment, rather than at the device level; would changing this be necessary?

Sorry for the dumb questions; any guidance will be much appreciated...

nzkc

1634 posts

Uber Geek
+1 received by user: 1041

#2405668 24-Jan-2020 10:03

Yep you sure can. Just set the upstream servers to whatever you want. See https://docs.pi-hole.net/guides/upstream-dns-providers/

jonathan18

7415 posts

Uber Geek
+1 received by user: 2850

ID Verified

Trusted

#2405693 24-Jan-2020 10:46

Thanks for that info and link. Am I right in thinking that using the Getfix servers in this case would mean some of the potential benefits of using Pi-Hole (I'm thinking filtering of dodgy content, eg what would be provided by using OpenDNS) would be lost?

That said, I'm not too worried about that content filtering - more what it can do in getting rid of ads etc.

New World

Shop on-line at New World now for your groceries (affiliate link).

timmmay

20859 posts

Uber Geek
+1 received by user: 5350

Trusted

Lifetime subscriber

#2405698 24-Jan-2020 10:53

It'll work fine. Your Pi Hole requests IPs for domains from the GetFlix servers, and then blocks any on its block lists.

jonathan18

7415 posts

Uber Geek
+1 received by user: 2850

ID Verified

Trusted

#2405699 24-Jan-2020 10:55

Great, will give it a go this weekend. I assume it's relatively easy to amend the DNS settings in Pi-hole... (Edit: yep, pleased to see it is easy, via a decent interface.)

Thanks for the replies.

ShinyChrome

1603 posts

Uber Geek
+1 received by user: 686

ID Verified

Trusted

#2405703 24-Jan-2020 11:05

jonathan18:

Thanks for that info and link. Am I right in thinking that using the Getfix servers in this case would mean some of the potential benefits of using Pi-Hole (I'm thinking filtering of dodgy content, eg what would be provided by using OpenDNS) would be lost?

That said, I'm not too worried about that content filtering - more what it can do in getting rid of ads etc.

The way I understand it is Pi-hole at its most basic simply compares client requests against the (user provided) whitelist + blacklist and then either forwards it to the upstream DNS server(in this case, Getflix) or not based on those lists. So no, it is just an extra layer of protection and control over content, since you don't know if you can trust the upstream to do this.

When I eventually get round to it, I also want to set it up with Unbound as well for extra nerd points

1 | 2 | 3