Pi-hole setup

  • I want to test Pi-hole and did set it up in a Debian virtual machine.
    I want to make sure the DNS settings are right.

    1. No DNS servers in System > General Setup
    2. Disabled DNS Forwarder
    3. DNS Resolver > General Settings = Enabled DNS Resolver & DNSSEC Support
    4. DHCP Server > LAN = Enabled DHCP Server & added (the Pi-hole IP) in DNS Server 1
    5. In Pi-hole set Upstream DNS Servers to <- pfSense LAN interface

    If this is correct what DNS server would you assign to stuff like print servers, microcontroller, WLAN access points - pfSense or Pi-hole?

  • Right now I've got this:

    • pfSense set to use ISP provided DNS.
    • DHCP static maps for all internal systems that sets DNS for the clients to be the pi-hole RPi3.
    • pi-hole set to use pfSense as it's upstream resolver.

    So all the clients get DNS from pi-hole and pi-hole can use it's blacklist and whitelist to filter out the ads and bad stuff.  If pi-hole can't resolve a request it sends it up to pfSense to handle it from there.

    It's working so far, only been running the pfSense box for a couple weeks now.  I'd like to get squid, squidguard and pfBlockerNG to take over the pi-hole duties and get a proxy working, but my first attempt at setting those up failed with practicality nothing working so I backed off to my current setup.  I'll have to do more studying on getting it all working nicely.

  • I was playing with squidguard two years ago and was not happy with it. I even payed for squidblacklist.org for a while.
    To much stuff was not working and i went back to uBlock because there you can just disable the blocker by just a click for one side/tab in your browser.

    After the installation of Pi-hole i found now pfBlockerNG and playing with that since one hour.
    Looks like pfBlockerNG can do allot more then Pi-hole - maybe different rules for different devices?

    I disabled Squid because i did not see a difference in speed with a proxy here at home (120 Mbit/s).

  • Yep, I think that's the direction I'm gonna head as well.  No proxy and set up pfBlockerNG to take over the DNS filter duties from pi-hole.

Log in to reply