![]() I have read that some devices (like Smart TVs) will attempt to use Google’s DNS servers or some other public DNS servers even though the devices should be automatically configured to use the local DNS server provided by the DHCP service (perhaps they do this to attempt to bypass ad blockers and/or to gather valuable data on the DNS requests made by your device). Every DNS request had to go through Pi-hole or it would be blocked. ![]() The same strategy of only allowing access to the Pi-hole DNS servers on my local network and blocking all other DNS servers works without issue. I had the Pi-holes use the Unbound DNS on my OPNsense router as the upstream DNS resolver in order to have local hostname resolution. I changed the DHCP settings of my local networks to use the IP addresses of the Pi-hole DNS servers rather than the default Unbound DNS in OPNsense so that all of my clients would go through Pi-hole. Later, I added 2 Raspberry Pi’s with Pi-hole installed to provide DNS blocking. ![]() Only the DNS resolver on the local network is allowed (unless the DNS requests are encrypted, of course – see note below). ![]() This simplistic approach works well enough since any rogue access to external DNS servers are simply blocked. When I first set up my home network using my OPNsense router and was learning firewall rules, I took the approach of allowing only the Unbound DNS service on OPNsense to be accessed and blocking access to all other DNS servers. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |