Pihole on 1GB VPS

hikari · June 23, 2021, 2:47pm

Hello!

I'm considering subscribe a VPS with 1 core and 1GB RAM with Debian or Ubuntu and install on it Pihole, Squid and Subversion.

Would Pihole be able to run with such resources?

Might there be issues of unwanted ppl using it? How would I do to block it so only my LAN and my phone have access to it?

jfb · June 23, 2021, 2:52pm

Yes.

But, ensure you adequately secure your VPS so that only your IP has access, or set up a VPN client on the VPS so that only clients with the proper credentials (i.e. you) are able to access it. The second method is preferred. If you don't do one of these, you will have an open resolver, which is highly undesirable and will likely get your VPS service canceled.

hikari · June 23, 2021, 5:54pm

Thanks a lot!

Is there any article with more details of consequences of having open resolver? Why would the service be canceled? can't we host public DNS servers on VPS services?

I'm considering using Wireguard with certificate to connect my phone, would it be enough on Security side and would 1 CPU 1GB RAM VPS be able to run it?

IDK how I'd do it for my LAN.

yubiuser · June 23, 2021, 5:56pm

https://www.cloudflare.com/learning/ddos/dns-amplification-ddos-attack/

As long as Port 53 is not exposed to the internet it should be fine.

hikari · June 24, 2021, 6:04am

So, DNS server cannot be left open because sending queries is very cheap and would overload the server for processing all of them, and to provide public DNS server one needs a huge enough infrastructure?

Then, is a 1 CPU VPS capable of processing Wireguard for a handful of clients?

Bucking_Horn · June 24, 2021, 8:11am

We don't know the least about the performance capabilities of your VPS instance.

That's a question for your VPS provider.

hikari · June 24, 2021, 3:05pm

I'm asking because I don't have one. If I had, I'd just install and test

I'm asking to know if such resource is enough to run Wireguard + Pihole for some clients or if it won't work

jfb · June 24, 2021, 4:43pm

Likely yes, but you will need to ensure it is only used by your devices and not as an open resolver.

Bucking_Horn · June 24, 2021, 6:43pm

The answer to your question depends largely on four factors.

The maxmium Wireguard throughput of your VPS, measured in Mbit/s (known only by your VPS provider, if at all)
whether your VPS provider's internet connection does support that bandwidth, measured in Mbit/s ((known only by your VPS provider)
whether your own ISP supports that bandwidth, measured in Mbit/s (known only by you or by your ISP's plan)
the accumulated peak and average download speed by your handful of clients, measured in Mbit/s, which in turn depends on whether your VPS will handle all of your internet traffic or just DNS (known only by you, if at all)

Overall maximum throughput will be limited by the lowest value of the above.

If you are connecting to your VPS instance for DNS exclusively, then it is highly likely it will be sufficient.
If you are routing all traffic through it, you'd have to check the numbers.

None of the above is related to Pi-hole.

hikari · June 24, 2021, 10:58pm

Tnx a lot

So the relevant info is VPS's Wireguard throughput, I'm gonna ask that to the provider.

system · July 15, 2021, 10:59pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.