Hello My Pihole Instence Keeps Getting Spamed By Random Ip's On The Internet with domain's Like
version.bind
sl
and i Bunch Of Random .gov Websites And I Think Its A dns Amplication Attack I Was Wondering If U Guys could add a Feature To The Web Interface That Allows You To Block Ip's From Connecting To Your Pihole Server via Ip Tables I Wrote A Small Bash Script That takes my input which is an Ip address and uses ip tables to block that ip from connecting to me It would be cool if u guy's Could Make This Configureation into A Gui Like The Domain Blacklist section in the web interface But For Ip's For iptbales to block Any Way Here's My Script
#!/bin/bash
iptables -A INPUT -s $1 -j DROP
echo $1 >> iplist.txt
It's important to establish what's going on. If your Pi-hole is open to the public it will be quickly detected and abused as you describe. You should take it offline immediately. Amplification attacks often involve lots of query types of ANY which you will see on the Dashboard.
You can run Pi-hole on a remote server if you ensure the server is secure with authenticated access, eg using ssh, that it is firewalled off as needed, and that you are using a VPN to create a virtual network to the server so that only you can access it over that.
If your Pi-hole is receiving traffic from remote public IP addresses, you would have turned it into an open resolver, which poses a potential threat for all Internet users, e.g. by serving as a multiplier in a DNS Amplification attack.
The Pi-hole team strongly discourages Pi-hole’s usage as an open resolver, and we won't provide support in that case.
Why Don't u Guys Tho Pi-Hole's entire Thing Is To Block Domains On a dns level Why Wouldn't You Guys Want To Find Ways To Protect It As An Open Resolver
Pi-hole is designed to be operated on your private LAN, not exposed to the internet. The large commercial providers (Google, Cloudflare, etc.) have many layers of protection against DDOS mis-use, and a home user won't have this.
As mentioned by chrislph, the recommended way to run a cloud-based Pi-hole is via VPN, granting you secure, authenticated access. The guides available at Guides > DNS in Pi-hole's documentation have quite a few hepful suggestions how to achieve that.