Pi-hole exposed to open internet?

Blackbrook · September 7, 2022, 5:27pm

The issue I am facing:

curl ifconfig.me; echo

delivers the public IP of my internet connection/my modem. In a different thread it has been stated that if this is the case, your pi-hole is exposed to the open internet. If I follow that public IP, I am at my modem's landing page and need to login. So, is my pi-hole exposed to the internet or not? I would have expected getting through to the pi-hole webinterface if it is exposed.

Details about my system:

https://tricorder.pi-hole.net/JtRevJNL/

It is a pi-hole installation plus unbound and some ad lists and regex

What I have changed since installing Pi-hole:

nothing

Thanks a lot for help upfront

Blackbrook · September 7, 2022, 5:41pm

These are the results from https://openresolver.com/ providing my public IP. So I suppose I am safe?!

DanSchaper · September 7, 2022, 5:43pm

As long as you are not seeing the Pi-hole interface and you do not have port 53 forwarded from your modem to the Pi-hole server then you're fine.

That recursive resolver test is a great way to check. You can also use an online port checker to see what ports are open. The key port is tcp/udp 53.

Blackbrook · September 7, 2022, 5:45pm

Thanks @DanSchaper for the quick and explanatory answer - much appreciated!

PromoFaux · September 7, 2022, 5:48pm

Just in addition to Dan's comments - running that command, it is expected to return your public IP. You can even load it in a browser:

I've not fully read the other thread - but from a glance it looks like @Bucking_Horn was just asking the user for their public IP to confirm that they were indeed running an open resolver (note in the next comment it has been redacted)

Blackbrook · September 7, 2022, 6:52pm

Good hint, cheers! All popular ports (FTP, HTTP/S, SSH, TELNET, ... whatnot) are closed as well as another good fraction of ports the online tools contained in their checks. Glad I double checked phew

Thanks!

deHakkelaar · September 7, 2022, 8:33pm

FYI, combining both ifconfig.me and test.openresolver.com:

dig +short @$(curl -s ifconfig.me) test.openresolver.com txt

Also you can initiate a remote port scan on your public IP with below to check for open ports (browse to Services --> ShieldsUP):

https://www.grc.com

Bucking_Horn · September 8, 2022, 11:33am

Indeed, I had been running a version query as well as one similar to test.openresolver.com as posted by deHakkelaar in order to verify that a Pi-hole installation was accessible at the public IP address.
The curl confirmed that specific IP to belong to their router, and thus an open resolver.