hello,
I have install pi-hole on my netwrok , and I'm using vpn connection to my routers,
so the only connection to port 53 (PI-hole) is from my vpn netwrok.
everything work great for a week ~
today I have open the gui admin and saw this:
2021-07-20 14:00:20 RRSIG pizzaseo.com hosted-by-hostdzire.com OK (forwarded to dns.google#53) N/A (0.0ms)
2 questions:
how could it be ? the netwrok is close fot udp\tcp 53 outside my VPN netwrok
Please upload a debug log and post just the token that is generated after the log is uploaded by running the following command from the Pi-hole host terminal:
Also after I have close the firewall rule of 0.0.0.0 udp accept , I still get this problem
this is the what I get when I run the command you told me:
> echo ">top-clients (20) >quit" | nc localhost 4711
0 14693 10.136.198.238
1 1548 10.136.109.89
2 1430 10.226.201.154
3 669 10.136.196.213
4 667 10.136.109.42
5 529 10.226.192.123
6 522 10.226.201.151
7 401 95.211.172.74 hosted-by-hostdzire.com --- this is not something that should be
8 374 127.0.0.1 localhost
9 350 10.136.109.76
10 310 10.136.197.188
11 307 24.56.19.27 ip24-56-19-27.ph.ph.cox.net --- this is not something that should be
12 214 10.136.137.135
13 211 85.136.231.165 85.136.231.165.dyn.user.ono.com --- this is not something that should be
14 186 10.136.198.178
15 159 10.136.137.43
16 123 10.136.136.66
17 112 10.136.102.201
18 106 10.226.200.137
19 99 99.16.128.76 99-16-128-76.lightspeed.crlkil.sbcglobal.net --- this is not something that should be
abd also this
48035:Jul 20 11:56:07 dnsmasq[5905]: query[RRSIG] pizzaseo.com from 24.56.19.27
48036:Jul 20 11:56:07 dnsmasq[5905]: forwarded pizzaseo.com to 8.8.4.4
48037:Jul 20 11:56:53 dnsmasq[5905]: query[RRSIG] pizzaseo.com from 24.56.19.27
48038:Jul 20 11:56:53 dnsmasq[5905]: forwarded pizzaseo.com to 8.8.4.4
48039:Jul 20 11:56:58 dnsmasq[5905]: query[RRSIG] pizzaseo.com from 24.56.19.27
48040:Jul 20 11:56:58 dnsmasq[5905]: forwarded pizzaseo.com to 8.8.4.4
48041:Jul 20 11:57:06 dnsmasq[5905]: query[RRSIG] pizzaseo.com from 24.56.19.27
48042:Jul 20 11:57:06 dnsmasq[5905]: forwarded pizzaseo.com to 8.8.4.4
48043:Jul 20 11:57:08 dnsmasq[5905]: query[RRSIG] pizzaseo.com from 24.56.19.27
48044:Jul 20 11:57:08 dnsmasq[5905]: forwarded pizzaseo.com to 8.8.4.4
48045:Jul 20 11:57:36 dnsmasq[5905]: query[RRSIG] pizzaseo.com from 24.56.19.27
48046:Jul 20 11:57:36 dnsmasq[5905]: forwarded pizzaseo.com to 8.8.4.4
48047:Jul 20 11:57:39 dnsmasq[5905]: query[RRSIG] pizzaseo.com from 24.56.19.27
48048:Jul 20 11:57:39 dnsmasq[5905]: forwarded pizzaseo.com to 8.8.4.4
48049:Jul 20 11:57:51 dnsmasq[5905]: query[RRSIG] pizzaseo.com from 24.56.19.27
48050:Jul 20 11:57:51 dnsmasq[5905]: forwarded pizzaseo.com to 8.8.4.4
48051:Jul 20 11:58:23 dnsmasq[5905]: query[RRSIG] pizzaseo.com from 24.56.19.27
48052:Jul 20 11:58:23 dnsmasq[5905]: forwarded pizzaseo.com to 8.8.4.4
48053:Jul 20 11:59:05 dnsmasq[5905]: query[RRSIG] pizzaseo.com from 24.56.19.27
48054:Jul 20 11:59:05 dnsmasq[5905]: forwarded pizzaseo.com to 8.8.4.4
48055:Jul 20 11:59:11 dnsmasq[5905]: query[RRSIG] pizzaseo.com from 24.56.19.27
48056:Jul 20 11:59:11 dnsmasq[5905]: forwarded pizzaseo.com to 8.8.4.4
48057:Jul 20 11:59:20 dnsmasq[5905]: query[RRSIG] pizzaseo.com from 24.56.19.27
48058:Jul 20 11:59:20 dnsmasq[5905]: forwarded pizzaseo.com to 8.8.4.4
48059:Jul 20 11:59:43 dnsmasq[5905]: query[RRSIG] pizzaseo.com from 24.56.19.27
48060:Jul 20 11:59:43 dnsmasq[5905]: forwarded pizzaseo.com to 8.8.4.4
I have reboot the Pi-Hole
and still I get connection from this address
how could it be ?
it's 100% block
only 10.226.0.0/16 and 10.136.0.0/16 can access my pi from port 53
I have also added firewall rules on my Centos OS 7 (up until now it was disable)
this is what I have added :
That doesn't seem to be the case.
You seem to be running an open resolver, which would pose a potential threat for all Internet users, e.g. by serving as a multiplier in a DNS Amplification attack.
The Pi-hole team strongly discourages Pi-hole’s usage as an open resolver, and we won't provide support in that case.
I am aware that you don't intend to run your Pi-hole as an open resolver, but we can't help you much in firewalling your cloud instance correctly, as that will be highly individual based on your provider, the software you run on that node and your personal preferences (apart from being a network configuration issue entirely separate from Pi-hole).
In general, it may be advantageous to follow a deny-all policy and allow just those connections that your VPN server would require.
You could take a look at some sample rule sets for an OpenVPN configuration for some ideas and inspirations, but note that those are specific for OpenVPN, and that your cloud provider may limit access to your firewall configuration or require certain rules to be present.
EDIT: And don't forget to save your firewall rules so they'd survive a reboot (specifically if you are using iptables).
I understand ,
I have try to "play" with the firewall and it's seem to be working now
mayne it take sme time to the firewall rules to be applied or something
but now it's seem to be working and I only get request from my own vpn clients
Thank you for the help (I learn new commands on the way - so it wasn't for nothing )