Hi
i have a dns server, it receives requests from client and redirects to internet if whitelisted. Now my whitelist is a remote mysql, encrypt it with sha1. my problem is "google.com" should be encrypted with sha1 and compared with whitelist (sha1), if it matches it should reach internet, how can I do that?
Can you explain where Pi-hole fits into this please?
Hi
I tried to explain in the picture pi-hole is a nice and useful system, if I can succeed it will be great. I have such problem because data in remote mysql is sha1. If I add the lines as sha1 instead of x.x.x.x.com to the pi-hole whitelist, will my work be solved with the help of php?
Pi-hole won't retrieve any lists from a remote database.
It only supports lists in hosts format that are accessible via a URL.
Thankyou for the diagram. You have two obstacles:
- As @Bucking_Horn says, Pi-hole uses domain names and URL lists and does not source lists from databases
- Pi-hole uses lists of domain names, but you have lists of SHA1 checksums
If you had some way to interrogate your remote whitelist database and extract the domains into a single list, you could have Pi-hole add those to its own whitelist.
But in your case you would first have to translate the checksums into the original domain names. There is no easy way to do that. If you have a process which turns domain names into the checksums, you could alter that process to store the domain names directly for use with Pi-hole.
Where has this checksum approach come from? Can you replace it completely with Pi-hole and Pi-hole's excellent adlist, whitelist and blacklist capabilities?
Thank you for your answer, I think every few hours I'm looking for things like dnssec , dns-keygen, mysql needs to match incoming dns requests, leaving a sha1 sorted list to a file on the dns server, I found something called bind dns, I think it's a system made before they do this with him. I was having trouble finding the titles. I guess I should do more detailed research.
You may wish to consider using Pi-hole alongside Unbound running as a recursive resolver. It works very well with Pi-hole and is easy to install and set up and gives you excellent privacy. This means that instead of sending your queries to a single DNS server, where they can be profiled and logged, you are running your own DNS server right there alongside your Pi-hole. It supports DNSSEC straight away without needing to do anything special.
The instructions are linked below; just follow them carefully, step by step, all the way through. The page also explains how it works and why it's more private. Highly recommended.
1 Like
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.