New client not in any group, but Default seems to apply

gaufff · June 16, 2025, 5:57pm

Hi All,

I just copied my pihole config to a new VPS.
It is external, so its IP is like 95.1.2.3.

On my phone, I'm on home wifi (192.168.0.x) but I specified on the phone that I wanted the wifi to use DNS 95.1.2.3.
I have a block "test" (blocking www.cnn.com) and surprisingly, while my external IP is not a member of any group, I see www.cnn.com being blocked indeed.
Going to the query log, I see www.cnn.com query being rejected for my phone, with a fully external IP (let's say 95.8.7.6).

How does pihole identify new clients? If their IP is not part of any group, do any external DNS clients fall under the "Default" group?

thanks a lot for your help!

deHakkelaar · June 16, 2025, 6:23pm

You're running an "open resolver" that can be abused to target others by means of reflection and amplification:

https://www.cloudflare.com/learning/ddos/dns-amplification-ddos-attack/

You're not making friends by doing so and you wont get support here!
Why not have your phone connect via Tailscale or other VPN software to your VPS?

DanSchaper · June 16, 2025, 6:41pm

Group Default (group_id 0) is special as it is automatically assigned to domains and clients not being a member of other groups. Each newly added client or domain gets assigned to group zero when being added.

gaufff · June 16, 2025, 11:39pm

Thanks a lot, and you are absolutely right.
I was testing the absolute minimum config, but I must now secure my entry points

system · July 7, 2025, 11:39pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.