Security pi hole - large number of clients

Hi all,

I use pi hole from today new install server etc, I see when i steup Interface settings on " Bind only to interface enp0s20" i got over 30 clients!, I dont have "

On this options dns dosent work becase I got server in Paris
Allow only local requests
Allows only queries from devices that are at most one hop away (local devices)" I need forward port 53? or setup something else?

What i need to do? I must remove BIND9 beacase DNS on PIhole dosent working (red light)

my log:

Best regards Adam

Pi-hole is intended to be used as a replacement DNS server for an internal network with trusted clients.

Pi-hole is installed with a static IP on the network and then clients are told to use this IP for DNS queries. This is usually achieved using an existing DHCP server and modifying the DNS server to be the Pi-hole IP, or by turning off the existing DHCP server and turning on Pi-hole's own DHCP server.

In this configuration the default setting of Allow only local requests is the best option and works right away. There is no need to forward any ports.

You've posted your debug token so someone will take a look; in the meantime can you explain your setup in more detail? Are you trying to make the Pi-hole available over the Internet? If so, this can only be done safely using a VPN such as Wireguard, otherwise it will be discovered by untrusted clients and abused.

Allow only local requests Yes but working on server not form outside after server

I have to move the hole outside via the internet locally i have nothing plugged in and it is not possible for me to connect my laptop to paris server directly, how to install this wire guard?

Understood, the VPN is like a secure tunnel which will let you get into your server from outside. With that in place you can reach your Pi-hole from anywhere while still keeping it internal to your network and safe from unknown clients. Your DNS traffic will go through your Pi-hole even when you are away from your server. It is the VPN which becomes exposed to the outside world (not Pi-hole), and that's safe because only you will have the keys to the VPN.

There are Pi-hole guides for two popular VPNs – WireGuard and OpenVPN.

WireGuard – Overview - Pi-hole documentation
OpenVPN – Overview - Pi-hole documentation

WireGuard seems popular and modern and that's the one I linked to previously. To install one of these, go to the link and follow the instructions carefully, step by step, linked in the side menu (Install server, Add clients, etc).

   [2023-03-15 02:04:09.822 1504M] Imported 311 queries from the long-term database
   [2023-03-15 02:04:09.822 1504M]  -> Total DNS queries: 311
   [2023-03-15 02:04:09.822 1504M]  -> Cached DNS queries: 27
   [2023-03-15 02:04:09.822 1504M]  -> Forwarded DNS queries: 281
   [2023-03-15 02:04:09.823 1504M]  -> Blocked DNS queries: 0
   [2023-03-15 02:04:09.823 1504M]  -> Unknown DNS queries: 0
   [2023-03-15 02:04:09.823 1504M]  -> Unique domains: 107
   [2023-03-15 02:04:09.823 1504M]  -> Unique clients: 69
   [2023-03-15 02:04:09.823 1504M]  -> Known forward destinations: 2

   [2023-03-15 02:04:09.870 1504M] WARNING in dnsmasq core: ignoring query from non-local network (logged only once)

You've very likely created an open resolver, which can be part of an DNS amplification attack.

A public facing DNS server likely violates the terms and conditions of your ISP or hosting solution. We at the Pi-hole project do not in any circumstance recommend, condone, or support public facing DNS with the project.

The recommended course of action for PERSONAL use is to use a VPN to allow use of pi-hole outside of the LAN there is a very well written guide located here

Please get familiar with Pi-hole locally first and then they to set it up at a remote site behind a VPN.

I don't want public my dns server, how to secure only me use ?
I setup wireguard wg0 interace

I connet by wireguard, but dosent work, why?

Your debug token is:

You need to give us more information than that. What exactly is not working.

Also: don't set your local wireguard server as your upstream DNS server in Pi-hole.

pi hole doesn't work for me when I enter the dns server in the network card settings the same as I connect via wireguard supposedly connected and not blocking me, I want my remote server in paris to block malicious ads on my computer how to redirect everything so that it only works with my device and not another? especially how to secure it

Have you followed Pi-hole's WireGuard guide carefully, step by step? It explains how to do what you are asking. Follow the steps given and the sections linked in the side menu.


Yes, I browse and setup step by step

Client we got:

PrivateKey = KEY
ListenPort = 47111
Address =, fd08:4711::1/64

PublicKey = KEY
PresharedKey = KEY
AllowedIPs =, fd08:4711::/64,
Endpoint =
PersistentKeepalive = 25

I don't know why still not working I dont have any idea

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.