Public faced pi-hole

ksl28 · January 15, 2021, 7:51pm

Hi,

Ive been using pi-hole for a few years now, and i really like it - actually so much, that i want to let other people use it

Im considering hosting an pi-hole server for some family members / friends, and allowing UDP/TCP 53 to be open on my public IP.
But im concerned about the security regarding hosting an small "private" DNS server.
A few years back i read that you could amplify and DDoS attack using public DNS servers.

So is it safe to open up for DNS requests, from the internet to my pihole?

OBS - The friends and family are using dynamic IPs, and its therefor not an option, to limit the source.

jfb · January 15, 2021, 7:56pm

No. Never has been and never will be. Use a VPN to connect to the Pi-hole and never open port 53 to the internet.

With an open port 53, it is no longer private. The entire internet can use it.

ksl28 · January 16, 2021, 6:35pm

Hi,

Im aware that the entire internet, can use that server - but what is the risk of that?
Its not any different, than having my website hosted on HTTP?

yubiuser · January 16, 2021, 6:37pm

Your server could be part of a DNS amplification attack easily
https://www.cloudflare.com/learning/ddos/dns-amplification-ddos-attack/?utm_referrer=https://www.cloudflare.com/de-de/learning/ddos/what-is-a-ddos-attack/

DanSchaper · January 16, 2021, 6:42pm

We do not provide support or guidance for people that chose to run open resolvers.