Pi Hole DNS outside local network VPS

maxm882 · December 30, 2023, 7:50am

Hello everyone. I have some questions that I'm sure can help me a little.

I am a user with little knowledge and with a lot of research I have achieved this:

Create an instance in Oracle Cloud
Install Pi Hole
Modify IP Tables
Open ports (All protocols) in the VPS virtual network.

Then I have configured in the Pi Hole panel the option to allow from anywhere instead of just the local network.

With all this I have configured the VPS IP as the DNS server on the Android phone and it works correctly.

But I understand that it is probably not the safest or correct option.

So what would be the best option, without using any wireguard or vpn, the idea is a simple way to use it, that's why I would like to use it in DNS.

I look forward to your comments.
Greetings

jfb · December 30, 2023, 2:11pm

VPN is the best option. Only clients with the proper credentials can access your Pi-hole.

maxm882 · December 30, 2023, 4:30pm

I don't want the traffic to go out through the VPS location, it is different from my location, in addition to how annoying it is to activate the VPN and have it always connected.

jfb · December 30, 2023, 4:59pm

You don't have to send the data traffic to the VPS location. Use a split tunnel setup, and only the DNS traffic goes there.

Security can require some work.

If you have an open DNS resolver running on your VPS, you are not only allowing DDOS attacks, but you will likely be dropped by the VPS provider.

maxm882 · December 30, 2023, 5:28pm

So I just see a few options.

Before using VPN I prefer to use an Adguard-type DNS although it compromises privacy by depending on a third party.

Buy a basic machine and use it physically, with all the annoying things that entails, making a space near the router, the noise and making sure it is always on.

How incredibly difficult it is to block ads on non-rooted Android devices, just DNS and annoying VPNs.

jfb · December 30, 2023, 5:41pm

A Pi (or other similar SBC) is silent.

You can easily run Pi-hole on a Pi Zero W over WiFi. I've had this setup for 6 years on now, with no problems. If you are worried about "always on", put it on the same power source as the router. Power strip, UPS, etc.

You can also run Pi-hole in a VM or Docker on most devices that you have at home that run 24/7 (server, NAS, etc.).

maxm882 · December 30, 2023, 9:13pm

How could the one in the photo work? It seems to me that they are at the same price as the Raspberry Pi Zero, but here they do not charge shipping, plus it has an RJ45 input.

And how complicated can it be? I know absolutely nothing about these mini boards

jfb · December 30, 2023, 9:21pm

Should work fine.

Not very. Get the SBC, a power supply of adequate capacity, and an SD card (recommend a good quality 32 GB card to extend card life). And an ethernet cable if you connect it to the LAN via ethernet.

Flash an OS on the card from your computer (Raspberry Pi Imager recommended), put the card in the SBC and boot it. You can set up SSH with the imager or by putting a blank file named ssh in the boot directory of the card after you flash it.

Once the SBC is set up, install Pi-hole on it the same as you did on the VPS. You ssh into the Pi from your computer.

maxm882 · December 30, 2023, 9:50pm

I'm going to buy it, I really appreciate your help.

system · January 20, 2024, 9:51pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.