- Joined
- Aug 16, 2005
- Messages
- 27,631 (3.83/day)
- Location
- Alabama
| System Name | RogueOne |
|---|---|
| Processor | Xeon W9-3495x |
| Motherboard | ASUS w790E Sage SE |
| Cooling | SilverStone XE360-4677 |
| Memory | 128gb Gskill Zeta R5 DDR5 RDIMMs |
| Video Card(s) | MSI SUPRIM Liquid 5090 |
| Storage | 1x 2TB WD SN850X | 2x 8TB GAMMIX S70 |
| Display(s) | 49" Philips Evnia OLED (49M2C8900) |
| Case | Thermaltake Core P3 Pro Snow |
| Audio Device(s) | Moondrop S8's on Schitt Gunnr |
| Power Supply | Seasonic Prime TX-1600 |
| Mouse | Razer Viper mini signature edition (mercury white) |
| Keyboard | Wooting 80 HE White, Gateron Jades |
| VR HMD | Quest 3 |
| Software | Windows 11 Pro Workstation |
| Benchmark Scores | I dont have time for that. |
Hey Everyone! Decided to make a guide on how to leverage DNS blackholing or "blocking"/"filtering" on your network. I will cover a few different aspects and approaches and like most of my other guides an honest PRO and CON list on why or why you shouldn't utilize something like this to help protect your network.
Today we will be focusing on the open source software Pi-Hole and while this is what I will base this guide off of I will try my best to more importantly create an understanding as to what this is and why it can help you.
To get started a quick primer is in order.
So wait. What does this all mean? Its simple. Websites can contain harmful data. It could be drive by downloads of junkware. It could be malware spread through Ads on the site. Maybe you clicked a link and it opened more than one tab or window. So how can we fix this?
There are a few different ways. however all of them with pitfalls of some kind. However, DNS blackholing can help us by blocking the domain responsible for ADs or malware and a few extra benefits.
Such as?
We chose Pi-hole because we will be setting up a network level DNS blacklist. Which means we will be protecting and blocking DNS queries on every device on the network. From phones, tablets, PCs and even TVs network level DNS blackholes protects any network connected device regardless of make and OS.
Now that you have the gist of what we are talking about lets dive right into the cool stuff. If you have followed along so far great! thanks! Let's take a peek at some of the PROs and CONs to DNS blacklisting.
More importantly than ever we need to be considering these more obscure layers that we have long taken for granted. When we look at the threat landscape we see more and more web based infections and exploits with web browsers, extensions and web technologies such as Flash and Java being taken advantage of everyday resulting in more and more infections in the wild.
I think that if enough correct decisive information, suggestion and more importantly discussion is had about these topics we can have a good working knowledge of the threats that our PCs and Identities face everyday in a ever more connected world.
Now that's out of the way you should have a pretty good idea of what we are getting into. I will provide more information along the way as with my other guides. As with all my material I will update it as it becomes necessary or relevant so check back for a quick read to see if anything has changed. Feel free to PM me for more of an explanation. As always when posting on TPU I do so as myself and do not officially represent any company.
Today we will be focusing on the open source software Pi-Hole and while this is what I will base this guide off of I will try my best to more importantly create an understanding as to what this is and why it can help you.
To get started a quick primer is in order.
What is DNS Blackholing?
When we talk about DNS we kinda need to understand what it does. When you input something in your browser say www.google.com your computer needs to take the letters and words you just made and turn it into something the computer understands. So your computer takes google.com and asks other servers on the internet, DNS servers to help out. These servers have a big list. This list contains the names of websites and more importantly the corresponding IP address the numbers that PCs use as the street address for whatever you put in your browser. The list literally looks alot like this.
Code:
google.com 216.58.219.174So wait. What does this all mean? Its simple. Websites can contain harmful data. It could be drive by downloads of junkware. It could be malware spread through Ads on the site. Maybe you clicked a link and it opened more than one tab or window. So how can we fix this?
There are a few different ways. however all of them with pitfalls of some kind. However, DNS blackholing can help us by blocking the domain responsible for ADs or malware and a few extra benefits.
Such as?
We chose Pi-hole because we will be setting up a network level DNS blacklist. Which means we will be protecting and blocking DNS queries on every device on the network. From phones, tablets, PCs and even TVs network level DNS blackholes protects any network connected device regardless of make and OS.
Now that you have the gist of what we are talking about lets dive right into the cool stuff. If you have followed along so far great! thanks! Let's take a peek at some of the PROs and CONs to DNS blacklisting.
- Security awareness and mitigation
More importantly than ever we need to be considering these more obscure layers that we have long taken for granted. When we look at the threat landscape we see more and more web based infections and exploits with web browsers, extensions and web technologies such as Flash and Java being taken advantage of everyday resulting in more and more infections in the wild.
I think that if enough correct decisive information, suggestion and more importantly discussion is had about these topics we can have a good working knowledge of the threats that our PCs and Identities face everyday in a ever more connected world.
- Advantages to DNS blackholing
- Protection against malicious domains
- Protection against further infection
- Protection against data collection
- Faster web experience
- Disadvantages to DNS blackholing
- False positives can block legitimate sites
- Unpleasant browsing experience when things are blocked
- Page load failures can be hard to diagnose
Now that's out of the way you should have a pretty good idea of what we are getting into. I will provide more information along the way as with my other guides. As with all my material I will update it as it becomes necessary or relevant so check back for a quick read to see if anything has changed. Feel free to PM me for more of an explanation. As always when posting on TPU I do so as myself and do not officially represent any company.
Installation
To run this we need a device, a PC or a appliance like a raspberry PI or similar embedded computer. We need this unit to run 24/7 to act as our network's DNS server. Below I will outline some of the methods we can accomplish this and there respective installation instructions. Most units will need to run linux specifically the debian code base.
- Linux
For this one, I will be instructing you on installing pi-hole on Ubuntu Server 17.04. The machine is a simple 512mb RAM single core machine with 20GB of disk space. Nothing fancy, and it doesn't need to be. I will be posting all instruction via terminal or command line for those more familiar with the term.
Now since we will be using Ubuntu, let me link you to a install guide. It's a bit out of scope to cover in this guide but feel free to ask questions and I can try to answer the more specific ones.
Things we need to accomplish:
Set a static IP
Set DNS servers
Install PI-Hole
After we have Ubuntu or Ubuntu Server installed lets make sure its all updated. In terminal run the following command.
now that we have a list of updates needed lets install them.
Now that the OS is fully patched, lets make sure the IP is static. We need to do this so that if there is a power outage your new server doesn't get a new IP address from your router. If it does your router wont know where to send DNS "lookups" and the internet will just stop working. Fear NOT! this isn't too painful!
First, we need something to edit text with. I think a program called Nano is good for most users, so lets give that a try. In terminal type:
once that is done, for good measure lets do the following.
now lets get to configuring! Type the following:
You will get a print out that will look a little like this
At the end we will want to add values that work with your network. This example assumes you are using the 10 IP scheme. Go ahead and add this to the bottom of the document. HINT: Use arrow keys and "Enter/Return" to navigate also in Nano the carrot (^) refers to the CTRL key. so to save for example using the image above ^O would be the key combo CTRL+O and to exit CTRL+X.
After you have typed or pasted it in. We will save and exit nano. We then need to make sure the changes have stuck so we need to restart the networking service so it picks up the changes. If you are using a VNC/RDP/SSH client to access this you will probably lose connection and need to reconnect using the IP you specified in the "address" field.
After it completes we need to make sure that the changes stuck. Go ahead and type the following to bring up the connection stats.
You should get a print out like this. note that MY personal server is 10.0.0.19 instead of 10.0.0.250.
congrats! The network config is done! It seems like a lot but its not a lot once you get a knack for it! Lets go ahead and install pi-hole now.
According to the official documentation it's as simple as running this in a terminal
Your done! Move on to the next sections, to learn how to configure and start using your new Pi-Hole Server!
Now since we will be using Ubuntu, let me link you to a install guide. It's a bit out of scope to cover in this guide but feel free to ask questions and I can try to answer the more specific ones.
Things we need to accomplish:
Set a static IP
Set DNS servers
Install PI-Hole
After we have Ubuntu or Ubuntu Server installed lets make sure its all updated. In terminal run the following command.
Code:
Sudo apt-get updatenow that we have a list of updates needed lets install them.
Code:
sudo apt-get upgradeNow that the OS is fully patched, lets make sure the IP is static. We need to do this so that if there is a power outage your new server doesn't get a new IP address from your router. If it does your router wont know where to send DNS "lookups" and the internet will just stop working. Fear NOT! this isn't too painful!
First, we need something to edit text with. I think a program called Nano is good for most users, so lets give that a try. In terminal type:
Code:
sudo apt-get install nanoonce that is done, for good measure lets do the following.
Code:
sudo apt-get autoremovenow lets get to configuring! Type the following:
Code:
sudo nano /etc/network/interfacesYou will get a print out that will look a little like this
At the end we will want to add values that work with your network. This example assumes you are using the 10 IP scheme. Go ahead and add this to the bottom of the document. HINT: Use arrow keys and "Enter/Return" to navigate also in Nano the carrot (^) refers to the CTRL key. so to save for example using the image above ^O would be the key combo CTRL+O and to exit CTRL+X.
Code:
auto eth0
iface eth0 inet static
address 10.0.0.250
netmask 255.255.0.0
gateway 10.0.0.1
dns-nameservers 8.8.8.8 4.2.2.2After you have typed or pasted it in. We will save and exit nano. We then need to make sure the changes have stuck so we need to restart the networking service so it picks up the changes. If you are using a VNC/RDP/SSH client to access this you will probably lose connection and need to reconnect using the IP you specified in the "address" field.
Code:
sudo /etc/init.d/networking restartAfter it completes we need to make sure that the changes stuck. Go ahead and type the following to bring up the connection stats.
Code:
ifconfig -aYou should get a print out like this. note that MY personal server is 10.0.0.19 instead of 10.0.0.250.
congrats! The network config is done! It seems like a lot but its not a lot once you get a knack for it! Lets go ahead and install pi-hole now.
According to the official documentation it's as simple as running this in a terminal
Code:
sudo curl -sSL https://install.pi-hole.net | bashYour done! Move on to the next sections, to learn how to configure and start using your new Pi-Hole Server!
- Unix systems
CentOS and RHEL (RedHat) are supported by default on all current releases and can be installed using the same command linux releases use.
Code:
curl -sSL https://install.pi-hole.net | bash- Configuring your machines
Assuming our router is still handing out DNS we will need to manually configure our windows machine to use the Pi-Hole as our new DNS server manually.
Thankfully this is not very painful. Later we will get into disabling your routers DNS services and using the Pi-Hole exclusively.
With windows there are several ways we can go about doing this. I use the following method which doesn't vary much between OSs.
First lets right click on your network interface be it the wifi or ethernet icon and select "Open Network and Internet settings"
Next click on "Change adapter options"
You might be greeted with multiple adapters. For most people we will have 1 to 3. The main two will be the wifi adapter and the built in ethernet. For other systems you may have more than 1 of either. I'll let you use your discretion but we will be applying changes to the main adapters you use.
After you have picked one out lets right click on it and select "Properties" we will get the configuration menu for that adapter.
Highlight "Internet Protocol Version 4 (TCP/IPv4)" (Note the process is the same if you are using an ipv6 network) and click "Properties" once again.
Next we will come to the manual configuration page for our adapters IP and DNS servers. For this we will just be modifying DNS. Find DNS toward the bottom it will be the second set of configuration options. click the radial "Use the following DNS server addresses" in the first field we will enter the Pi-Hole IP address we configured before. In my case once again its 10.0.0.19. In the second field you can leave it blank or enter another DNS server of your choice such as public providers like Quad9, google or openDNS.
Finally click "Ok" and "Ok" again to save your changes.
Thankfully this is not very painful. Later we will get into disabling your routers DNS services and using the Pi-Hole exclusively.
With windows there are several ways we can go about doing this. I use the following method which doesn't vary much between OSs.
First lets right click on your network interface be it the wifi or ethernet icon and select "Open Network and Internet settings"
Next click on "Change adapter options"
You might be greeted with multiple adapters. For most people we will have 1 to 3. The main two will be the wifi adapter and the built in ethernet. For other systems you may have more than 1 of either. I'll let you use your discretion but we will be applying changes to the main adapters you use.
After you have picked one out lets right click on it and select "Properties" we will get the configuration menu for that adapter.
Highlight "Internet Protocol Version 4 (TCP/IPv4)" (Note the process is the same if you are using an ipv6 network) and click "Properties" once again.
Next we will come to the manual configuration page for our adapters IP and DNS servers. For this we will just be modifying DNS. Find DNS toward the bottom it will be the second set of configuration options. click the radial "Use the following DNS server addresses" in the first field we will enter the Pi-Hole IP address we configured before. In my case once again its 10.0.0.19. In the second field you can leave it blank or enter another DNS server of your choice such as public providers like Quad9, google or openDNS.
Finally click "Ok" and "Ok" again to save your changes.
OSX like Windows is very simple. We will use System Preferences for this example.
First click the "System Preferences" icon in your dock. If settings is not in your dock simply click the magnifying glass icon in your tool bar and search for it. The system preferences icon will look like a grey gear cog.
Once the system preferences panel opens up find and click on "Network"
After you click on network the interface configuration screen will open. Thankfully OSX makes this easy in all of its current supported editions the in use interfaces have a green dot next to them so no guess work!
From here we select the interface we want to modify by clicking on it in the left hand pane. Next we will then click the "Advanced" button inside the right hand pane to modify that specific adapter. We dont need to mess with IPs here unless you know what you are doing. We just need to modify DNS.
After you click "Advanced" click on the "DNS" tab on the top bar. This will allow us to add a new DNS address. Single or double click in the DNS box on the left hand side, alternativly you can press the '+' button towards the bottom. Next enter the IP address we configured earlier for the Pi-hole. In my case it is 10.0.0.19.
Thanks it! Now click "Ok" on the current screen followed by "Apply" on the previous screen which should no longer be grayed out to save the settings.
Congrats you are now using your Pi-hole on this machine!
First click the "System Preferences" icon in your dock. If settings is not in your dock simply click the magnifying glass icon in your tool bar and search for it. The system preferences icon will look like a grey gear cog.
Once the system preferences panel opens up find and click on "Network"
After you click on network the interface configuration screen will open. Thankfully OSX makes this easy in all of its current supported editions the in use interfaces have a green dot next to them so no guess work!
From here we select the interface we want to modify by clicking on it in the left hand pane. Next we will then click the "Advanced" button inside the right hand pane to modify that specific adapter. We dont need to mess with IPs here unless you know what you are doing. We just need to modify DNS.
After you click "Advanced" click on the "DNS" tab on the top bar. This will allow us to add a new DNS address. Single or double click in the DNS box on the left hand side, alternativly you can press the '+' button towards the bottom. Next enter the IP address we configured earlier for the Pi-hole. In my case it is 10.0.0.19.
Thanks it! Now click "Ok" on the current screen followed by "Apply" on the previous screen which should no longer be grayed out to save the settings.
Congrats you are now using your Pi-hole on this machine!
For linux most users generally use something based off of the Debian code base. Namely Debian, Ubuntu and Mint. To that end the setup is similar, so in our example we will configure a static DNS server using Ubuntu 18.04. Please not depending on release version and flavor some steps will differ slightly but generally these 3 main distributions are close enough for you to contextually navigate the menu system.
First at our desktop lets click our network icon to reveal our network adapters. In recent debian distributions like those mentioned above this is very easy. Like OSX is will indicate what adapter is in use. Even further in Linux' case is will only show the adapters currently in use. Click on the type of connection you have and then click "Wired or Wireless Settings" after the menu expands.
It should automatically select the settings page for the adapter selected. If not you can manually choose it by clicking on the adapter you would like to modify on the left hand pane. Next we will click the gear cog next to the adapter we chose. To make it even more clear Ubuntu will even tell you if this adapter is "Connected" meaning online so its less confusing.
After you click on the gear cog that adapters configuration can now be modified. Click the "IPv4" tab along the top of the window. Next we will turn off automatic DNS by flipping the switch too "Off" above the DNS field. After that is done we can enter the IP address of our DNS server. In my case it is 10.0.0.19.
Now we can continue by hitting Apply at the top right of the window! Congrats! you have set the DNS server to your Pi-hole on Linux!
First at our desktop lets click our network icon to reveal our network adapters. In recent debian distributions like those mentioned above this is very easy. Like OSX is will indicate what adapter is in use. Even further in Linux' case is will only show the adapters currently in use. Click on the type of connection you have and then click "Wired or Wireless Settings" after the menu expands.
It should automatically select the settings page for the adapter selected. If not you can manually choose it by clicking on the adapter you would like to modify on the left hand pane. Next we will click the gear cog next to the adapter we chose. To make it even more clear Ubuntu will even tell you if this adapter is "Connected" meaning online so its less confusing.
After you click on the gear cog that adapters configuration can now be modified. Click the "IPv4" tab along the top of the window. Next we will turn off automatic DNS by flipping the switch too "Off" above the DNS field. After that is done we can enter the IP address of our DNS server. In my case it is 10.0.0.19.
Now we can continue by hitting Apply at the top right of the window! Congrats! you have set the DNS server to your Pi-hole on Linux!
Last edited:
