Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I've been running an instance of this on a DigitalOcean VM for a couple of years now. Keeping my instance external is nice so I can use it from home, work, and for friends and family, with all of my devices. Fantastic project, highly recommended.


How do you stop the general public from finding it and using it? Strict firewall rules?

I have a pihole at home (not a Rasperry Pi, gosh I wish they'd ditch the marrying of the two) but to access it I establish a VPN.


I set up a simple python server that listens on a specific (highly unlikely to be guessed) url and when visited runs a shell script to add the visiting ip to iptables dns whitelist. So I can visit a relatives house, go to that page then add my dns ip to their router (if they want me to). Also helps for when traveling or when isp renews dhcp lease.


This is a beautiful solution. I love it, bravo!


You might consider adding a VPN tunnel on top of that setup so that your DNS isn't just hanging out in the wild for anyone to find.


Will you share high level steps of how to accomplish this, please? I'm a novice and haven't played with Raspberry Pi, but recently set up a Droplet running Ubuntu on DigitalOcean. Sharing with family intrigues me.


The steps should be the same regardless if running on a Pi or VPS: https://github.com/pi-hole/pi-hole/#one-step-automated-insta...


On a machine that isn't behind a firewall already you will want to set up strict firewall rules, including blocking inbound DNS from anywhere except trusted addresses. Other hardening steps should be taken as well but they're not specific to DNS resolvers.

Recursive DNS resolvers on the open Internet start getting abused really fast for DNS amplification DDoS attacks (for anyone unaware reading this).




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: