[chbot] [OT}Pi-hole
robitics at waghornswood.net.nz
robitics at waghornswood.net.nz
Wed Aug 21 23:29:31 BST 2019
It amazes me the ads people put up with.
I have been running Freesco http://www.freesco.org/ for something like 20 years. Among other things it has caching DNS server. I have ~11,800 blocked addresses in the hosts file, no ads !
Oscar
On Wed, 21 Aug 2019 17:37:33 +1200
Jasper Mackenzie <jasper.mackenzie at gmail.com> wrote:
> Thanks Peter!
> You touched it you own it visa vi you said it you must be the expert... so
> Have you looked into any audits of Pi-hole? Is there anything lurking?
> Have you done any comparison or have any thoughts on a comparison with
> Cloudflare's DNS app and Warp? First thought is that this is better
> due to being network wide.
>
> So lets get OT:
> Considering our OTP boxes (ie ubiquitous single point of data
> collection for everyone with fibre) I consider that for real security
> we should be VPN'ing all our traffic somewhere trustworthy, or at
> least have encryption on the fibre... cloudflare look like they could
> do this and make a much bigger claim than any ISP on auditing (even if
> it's BS, it is a claim!).
> Any thoughts/experience?
>
> Tin hat time ;)
>
> On Tue, 20 Aug 2019 at 00:01, Peter Ellens <ellensp at gmail.com> wrote:
> >
> > I was talking network security with some people tonight and found they
> > hadn't heard of a pi-hole.
> >
> > So I thought I would mention it here as I find it really useful.
> >
> > What is it? Its a Raspberry Pi based DNS server with filtering. It is
> > designed to help stop adverts on your entire network, but can be used to
> > block any domain names.
> >
> > It also provides a nice web based GUI and stats showing which devices
> > are attempting to look up advert and tracking domain names the most.
> >
> > It has advanced features for the 'paranoid'
> >
> > As you may know DNS requests are world readable, anyone in a position to
> > monitor your network traffic can see what sites your going to from your
> > DNS requests. To address this issue some cleaver people developed DNS
> > over HTTPS, its secure and can't be monitored by third parties. You can
> > setup Pi-hole to use this service.
> >
> > To activate your Pi-hole you need to update your DHCP server/router to
> > give out your Pi-Hole IP address as your DNS server.
> >
> > From running this for several months now on average 30% of my DNS
> > requests are now blocked.
> >
> > See https://pi-hole.net/ for more info.
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > _______________________________________________
> > Chchrobotics mailing list Chchrobotics at lists.ourshack.com
> > https://lists.ourshack.com/mailman/listinfo/chchrobotics
> > Mail Archives: http://lists.ourshack.com/pipermail/chchrobotics/
> > Meetings usually 3rd Monday each month. See http://kiwibots.org for venue, directions and dates.
> > When replying, please edit your Subject line to reflect new subjects.
>
> _______________________________________________
> Chchrobotics mailing list Chchrobotics at lists.ourshack.com
> https://lists.ourshack.com/mailman/listinfo/chchrobotics
> Mail Archives: http://lists.ourshack.com/pipermail/chchrobotics/
> Meetings usually 3rd Monday each month. See http://kiwibots.org for venue, directions and dates.
> When replying, please edit your Subject line to reflect new subjects.
More information about the Chchrobotics
mailing list