Safe to expose Pi-Hole to the internet (for my personal use)

Just wonder if anyone else has done this? open port 53 in router, then point mobile phone to my own IP for all DNS.

I primarily want this to be able to force my familys phones to always use pihole so that I can block malicious/unwanted websites even when switching from wifi to 4g, by using one of those dns changer apps on the phone. However, im not super excited about getting hacked either.

Don't do that! That's called an open resolver. There are bots out there that scan then entire internet for open ports and will abuse your Pi for DNS amplification attacks. Use a VPN instead to access your Pi-hole from remote, e.g. wireguard

1 Like

ugh. thanks for putting me straight. well that's a bummer.

problem: teenager overly enamoured by youtube
solution: use pi-hole that blocks yt when i activate that particular block using scripts (Networkchuck: "Alexa... break the internet").
counter-attack: he simply switches over to 4g to get around my block
counter-block: obviously not by exposing pi-hole to internet and subverting his phone so he is unaware he is using a custom dns :confused:
new counter-block: any suggestions :slight_smile:

Use a VPN!

Wireguard has iOS and Android apps and the tunnel does survive a switch from wifi to cellular network. You also don't need to forward all traffic through the tunnel but only DNS.

i'll look into it. thanks. pfsense does not seem to have working wireguard yet (think it's still an experimental package after they reverted after the controversy). was thinking of switching to opnsense for this. Suppose I could just use OpenVPN in pfsense.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.