Getting the remote client IP?

Hello ,
I have setup PI-hole on pi-4 after my router at home
so the pi-hole is 10.0.0.150
my router is 10.0.0.253
the router have a public IP, so I setup dst-nat to port 53 (udp\tcp) in order to get DNS "service" from the pi-hole from my office router. (I setup there dns serve as the public IP of my home router)
I get the dns , everything work great and block like my computer in the home network.
the only problem is that on the PI-hole dashboard I only see my local router(10.0.0.253) as the client
and not the remote device \ remote router .

in the end I want to know which DNS came from home (10.0.0.253) and which from the remote router , or even remote devices (if it possiable)
what do I need to do ? change? setup?

Thanks ,

So everyone knowing your home router's IP can use it as a DNS resolver? Do you have limited access by a firewall?

yes ,
this is jsut for testing something , to see if I can do this a larger scale (for my office and remote clients )
no limit access , everything is open

You're running an open resolver, which is not supported by Pi-hole in any way. This puts a threat to the global DNS infrastructure because it can be misused for DNS amplification attacks.

https://www.cloudflare.com/learning/ddos/dns-amplification-ddos-attack/

Do not open port 53 to the internet!

1 Like

Don't open port 53 to the internet. Running an open DNS resolver is a bad idea. A safe way to do this is to install a VPN on your pi eg. -> https://www.pivpn.io/

OK
I will run the pi-hole under bpn netwrok and allow only the internal IP to be used.

** I just notice that the IP been attack by something called "pizzaseo.com" whcih send me around 1000000 queries over night.
Thank you

another quetsion
can I use the pi-hole to create my own dns?
now that I'm over private netwrok
can I write somewhere that http://www.MyServer.com will be 10.0.0.5 ? for example ?

Thanks,

Yes, use Local DNS records for that.

I have looked
so I need to change here?
etc/pihole/custom.list .
but the file is empty
can you show me 1 example of what to write there?

Thanks ,

rockpi@rockpi-4b:~$ cat /etc/pihole/custom.list 
10.0.40.4 wireguard-ipad

You can also use the web interface "Local DNS/DNS Records".

yes , now I see
Thank you!