The issue I am facing:
My ISP obligates me to use a router with hardcoded DNS. I want to use another DNS server so I installed Pi-Hole and use it as DHCP server so that it provides to all my devices the preferred DNS server. (I have disabled the DHCP on my router.) The router still is my default gateway. On this router there is an UPnP port mapping set for AnyDesk (please see screenshot attached).
My question is: Will the default settings of Pi-hole block the incomming or outgoing connections to / from AnyDesk ?
If yes, what changes do I need to make to Pi-hole in order to be able to use AnyDesk without any problem ?
I've been reading a lot of related posts on the web (like this one), but it still isn't clear to me whether I need to white list AnyDesk or open any extra ports or do something else.
Details about my system:
Raspberry Pi Zero W (with wired internet connection via an Ethernet to micro USB adapter)
Pi-hole v5.3.1
UFW firewall enabled on Pi
Router = Technicolor Bbox3
What I have changed since installing Pi-hole:
I use a standard pi-hole installation, but I have enabled UFW to secure my Pi. I have opened the following ports:
80 tcp
53 tcp and udp
67 udp
4711 tcp
22 tcp
Certainly not any incoming traffic.
As far as connections to public servers via domain names are concerned: I cannot answer that, as I do not know AnyDesk, and additionally, I cannot know what blocklists you have decided to use.
My answer in that post applies.
Pi-hole is a filtering DNS forwarder - it isn't concerned with ports, so it wouldn't interfere with any of your router's port mappings.
It may, however, interfere with AnyDesk if any of the domains that AnyDesk would ask resolution for would be on one of the blocklists you've configured for your Pi-hole, and blockage of that domain would prevent AnyDesk to operate as expected.
As detailed in Pi-hole's documentation, port 4711 is meant to be accessible via the loopback interface exclusively. It shouldn't be opened for outside access.
Thanks for this suggestion. I have read the page, but unfortunately don't see how this can help me in making sure AnyDesk is not being blocked. Can you clarify this for me or post a link to a page where I can find more information about this?
I opened this port because UFW was blocking my access to the admin page.
Thank you very much for your highly appreciated feedback.
If necessary, watch Pi-hole's Query Log for blocked entries originating from the client that runs AnyDesk (preferably when nothing else is running) and whitelist domains associated with AnyDesk.
Try and run AnyDesk first.
If everything works as expected, there'd be no need for additional blocklist handling in Pi-hole.
Thanks for this reply. I have checked the output of the Query Log for the client that runs AnyDesk and could only find "OK (cached)" and "OK (forwarded to dns.google#53)". It looks like pi-hole isn't interfering with AnyDesk.
I'll keep monitoring it, but at first sight everything is looking good.
Thanks for your support.