Hi,
is it possible to manage and limit Access to DNS?
I.e. if some Friend shall NOT use DNS anymore?
Or some random uknown Users arround the Net?
Because atm, the DNS out of box is free to use in world wide web?!
Hi,
you should not open port 53 to the world. And if you open it, it's inconvenient and hard to limit access.
https://pi-hole.net/2016/09/15/tips-for-accessing-your-pi-hole-remotely/
1 Like
Hmm, can i use a firewall to only allow some particular IPs/ dyndns Router to use my "open" Pi Hole Server?
Or is that not recommended?
(Maybe CSF)
We do not support open/public resolvers. There are a number of guides that have been linked to use Pi-hole responsibly via VPN connection.
Furthermore, even if you limit access to certain IPs attackers can still use it as they can pretend to be sending the request from any IP address (so also the ones you allowed). This is a specialty of DNS packets over TCP that works unlike e.g. HTTP over TCP. So even if you limit your Pi-hole using a properly configured firewall, your Pi-hole can still be abused with only a bit of work (that could even easily be automated).
Use a VPN. This is a bit of work for setting it up, but afterwards you can be sure who has access and, in addition, the entire traffic over the Internet to your Pi-hole will be encrypted.
Hi,
thank you, but this require each Person / Router who wants to go over my hosted ip hole - to use VPN, correct?
That would be bad.
And ok, maybe i will let go of my Idea, if this is high Security risk, bad thing..
I will buy some Zero PI's
1 Like
Well, depending on what routers they have you could maybe set up the VPN transparently in here and they won't even realize. But this is often not possible with simple/very cheap hardware.
This may be better.