As long as you’re not using DNSSEC, you can easily run your own. I’ve been running a PiHole for years now, it can pull in block lists and such from various sources, it’d be fairly easy to add a list to pull in automatically that include extra records. Those could be served from anywhere. Torrents, git repos, http calls, etc.
Note that with just pihole you would still be affected by this, since pihole needs an upstream dns server to get it’s data from.
But if you set up pihole with unbound you will be OK, since unbound then will do the job of getting data from the root servers without another upstream dns.
While others suggested adding the DNS records manually the far more secure and easier in the long term solution is to run pihole with unbound. Going this route completely eliminates third party upstream DNS servers as unbound will query the top level domain for their authoritative name server and direct the IP address from the source. Pihole has a great explanation on their website. I like crosstalk solutions on setting it up as it’s has everything you need just to copy paste your way into it working.
A PiHole functions has a full DNS server. You can configure it to serve any arbitrary records you like - which is basically how it overrides ad domains to prevent them from loading.
So, if you know the IP address that a particular domain is supposed to route to, you configure the PiHole to respond with that IP address for that domain. So, it doesn’t matter that the major DNS servers return junk because your PiHole never asks them.
$80? I run mine on a Pi Zero that I got for $9 with a $6 wired network adapter for a grand total of $15. No problems for a household of five with one of us (me) being an extremely heavy user.
I used to do that, but it comes with the problem of your DNS going down any time you want to restart or do a hardware swap on your NAS. Or since it was running in docker something as simple as reloading docker would knock out the internet for a few minutes. It’s worth the $15 to have them operate separately.
Doesn’t that just move the problem to the $15 device? Or are you saying you reboot your NAS significantly more often than your RPi? I have a RetroPie setup that I reboot about as often as my NAS, which is when I remember to run updates.
I pretty much never reboot the Pi. It currently has over 18 months of uptime on it. My NAS on the other hand I probably restart for one reason or another maybe once every 6 months. So yeah I’d say I reboot it minimum 3x more often.
Plus a reboot takes much longer on my NAS than on the Pi. The server board is slow to start, the SAS cards are slow to start, and unRAID is slow to start. Then I need to manually enter the password for disk encryption. Then wait for the array to start up. Then wait a bit more for the docker containers to start. Add all of that up and even the absolute fastest reboot is like 10 minutes while the Pi probably takes 30 seconds.
And what if I want to swap hard drives? Now it’s down for an hour. I guess I could wait until 3am to do all my upgrades so everyone is asleep, but I’d rather not. I suppose if it were just for myself it would matter a lot less. But again, it’s only $15 to not have to think about it at all.
Definitely. Though I’ll add that I ran PiHole + PiVPN on a Zero W ($10) for years. I upgraded it to a Pi Zero W 2 ($15 with extra cores) but I found that it had terrible packet drops, so I had to add a $15 usb wired adapter to it. I can max my upload speeds over vpn and dns is super low latency.
And there is https://filterlists.com/ which is a searchable index of lists. If you use uBlockOrigin you can add lists directly from fliterlists.com otherwise it provides links to Github etc.
As long as you’re not using DNSSEC, you can easily run your own. I’ve been running a PiHole for years now, it can pull in block lists and such from various sources, it’d be fairly easy to add a list to pull in automatically that include extra records. Those could be served from anywhere. Torrents, git repos, http calls, etc.
Note that with just pihole you would still be affected by this, since pihole needs an upstream dns server to get it’s data from.
But if you set up pihole with unbound you will be OK, since unbound then will do the job of getting data from the root servers without another upstream dns.
I my experience it is also faster.
Would pihole work if all the major DNS that gets pulled resolved the same? I would imagine the change would only work for a while.
While others suggested adding the DNS records manually the far more secure and easier in the long term solution is to run pihole with unbound. Going this route completely eliminates third party upstream DNS servers as unbound will query the top level domain for their authoritative name server and direct the IP address from the source. Pihole has a great explanation on their website. I like crosstalk solutions on setting it up as it’s has everything you need just to copy paste your way into it working.
A PiHole functions has a full DNS server. You can configure it to serve any arbitrary records you like - which is basically how it overrides ad domains to prevent them from loading.
So, if you know the IP address that a particular domain is supposed to route to, you configure the PiHole to respond with that IP address for that domain. So, it doesn’t matter that the major DNS servers return junk because your PiHole never asks them.
Pihole is great. Easy to setup. Runs on $80 worth of hardware on a raspberry…
$80? I run mine on a Pi Zero that I got for $9 with a $6 wired network adapter for a grand total of $15. No problems for a household of five with one of us (me) being an extremely heavy user.
Or if you have a NAS, just use that. There’s nothing special about the Raspberry Pi hardware here.
I used to do that, but it comes with the problem of your DNS going down any time you want to restart or do a hardware swap on your NAS. Or since it was running in docker something as simple as reloading docker would knock out the internet for a few minutes. It’s worth the $15 to have them operate separately.
Doesn’t that just move the problem to the $15 device? Or are you saying you reboot your NAS significantly more often than your RPi? I have a RetroPie setup that I reboot about as often as my NAS, which is when I remember to run updates.
I pretty much never reboot the Pi. It currently has over 18 months of uptime on it. My NAS on the other hand I probably restart for one reason or another maybe once every 6 months. So yeah I’d say I reboot it minimum 3x more often.
Plus a reboot takes much longer on my NAS than on the Pi. The server board is slow to start, the SAS cards are slow to start, and unRAID is slow to start. Then I need to manually enter the password for disk encryption. Then wait for the array to start up. Then wait a bit more for the docker containers to start. Add all of that up and even the absolute fastest reboot is like 10 minutes while the Pi probably takes 30 seconds.
And what if I want to swap hard drives? Now it’s down for an hour. I guess I could wait until 3am to do all my upgrades so everyone is asleep, but I’d rather not. I suppose if it were just for myself it would matter a lot less. But again, it’s only $15 to not have to think about it at all.
Definitely. Though I’ll add that I ran PiHole + PiVPN on a Zero W ($10) for years. I upgraded it to a Pi Zero W 2 ($15 with extra cores) but I found that it had terrible packet drops, so I had to add a $15 usb wired adapter to it. I can max my upload speeds over vpn and dns is super low latency.
Any good lists? Because pihole defaults to the aforementioned servers.
Pretty decent article here
https://avoidthehack.com/best-pihole-blocklists
And there is https://filterlists.com/ which is a searchable index of lists. If you use uBlockOrigin you can add lists directly from fliterlists.com otherwise it provides links to Github etc.
I believe you can use DNSSEC directly with root servers.