Setup client which covers every possible client

Cilenco · September 21, 2021, 9:26pm

Hey everybody, I'm very new to PiHole but I absolutely love it already.

I have setup my PiHole on a vServer which is not in my own network and have set the DNS server of my FritzBox to use that vServer. This works great, domains in the default group are blocked perfectly

My problem is, that domains, which are not in the default group, get through because I haven't setup a client yet. Since I want all my devices to use the same configuration and my router IP (also prefix) can change frequently I would like to setup a Client which in fact includes all possible clients. I think of something like 0:0:0:0:0:0:0:0/0 (or 0.0.0.0/0 for IPv4) or so but this does not work, it seems like my router (DS-Lite IPv6) is not recognized by that...

I know that this is not how one should use clients and groups but I still want to get the advantage of groups to easily toggle a bunch of domains at once.

Bucking_Horn · September 22, 2021, 6:51am

Please upload a debug log and post just the token that is generated after the log is uploaded by running the following command from the Pi-hole host terminal:

pihole -d

or do it through the Web interface:

Tools > Generate Debug Log

Your requirements match Pi-hole's default behaviour:
All DNS clients are filtered by the default group.
Just assign all your allowed and blocked domains or lists to the default group.

Cilenco · September 22, 2021, 7:14am

Thanks for your help! My token is:
https://tricorder.pi-hole.net/dnA1ut6d/

Bucking_Horn · September 22, 2021, 7:37am

You are running two open resolvers at 212.<redacted>.16 and .17, which would pose a potential threat for all Internet users, e.g. by serving as a multiplier in a DNS Amplification attack.

The Pi-hole team strongly discourages Pi-hole’s usage as an open resolver , and we won't provide support in that case.

Cilenco · September 22, 2021, 7:58am

Oh yes you are right, that wasn't intended. I'm not sure how to resolve that, can you assist with that please?

Bucking_Horn · September 22, 2021, 8:36am

First, close Port 53/DNS for incoming traffic on your vServer.

Connect your aspiring clients by means of a VPN (i.e. set up a VPN server on your vServer), and configure Pi-hole to listen exclusively on the interface addresses of that VPN network.

Exact steps would depend on your personal requirements and preferences, which may be restricted by your router's support to connect as a VPN client in your case.
Alternatively (or in addition, e.g. for roaming clients like smartphones that do not use your network exclusively), you can install or enable VPN client software on your clients.

Cilenco · September 22, 2021, 12:58pm

I actually reinstalled the entire server OS (with no PiHole yet) and closed port 53 but still have two DNS servers

system · October 13, 2021, 12:59pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.