Pi-hole setup
-
I want to test Pi-hole and did set it up in a Debian virtual machine.
I want to make sure the DNS settings are right.1. No DNS servers in System > General Setup
2. Disabled DNS Forwarder
3. DNS Resolver > General Settings = Enabled DNS Resolver & DNSSEC Support
4. DHCP Server > LAN = Enabled DHCP Server & added 10.1.0.10 (the Pi-hole IP) in DNS Server 1
5. In Pi-hole set Upstream DNS Servers to 10.1.0.1 <- pfSense LAN interfaceIf this is correct what DNS server would you assign to stuff like print servers, microcontroller, WLAN access points - pfSense or Pi-hole?
-
Right now I've got this:
- pfSense set to use ISP provided DNS.
- DHCP static maps for all internal systems that sets DNS for the clients to be the pi-hole RPi3.
- pi-hole set to use pfSense as it's upstream resolver.
So all the clients get DNS from pi-hole and pi-hole can use it's blacklist and whitelist to filter out the ads and bad stuff. If pi-hole can't resolve a request it sends it up to pfSense to handle it from there.
It's working so far, only been running the pfSense box for a couple weeks now. I'd like to get squid, squidguard and pfBlockerNG to take over the pi-hole duties and get a proxy working, but my first attempt at setting those up failed with practicality nothing working so I backed off to my current setup. I'll have to do more studying on getting it all working nicely.
-
I was playing with squidguard two years ago and was not happy with it. I even payed for squidblacklist.org for a while.
To much stuff was not working and i went back to uBlock because there you can just disable the blocker by just a click for one side/tab in your browser.After the installation of Pi-hole i found now pfBlockerNG and playing with that since one hour.
Looks like pfBlockerNG can do allot more then Pi-hole - maybe different rules for different devices?I disabled Squid because i did not see a difference in speed with a proxy here at home (120 Mbit/s).
-
Yep, I think that's the direction I'm gonna head as well. No proxy and set up pfBlockerNG to take over the DNS filter duties from pi-hole.