The extremely simple set-it-and-forget-it local MS compatible DNS server?

Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.
BoredSysadmin

BoredSysadmin

Not affiliated with Maxell
Mar 2, 2019
1,053
437
83
If you have an AD domain, running built-in DNS and DHCP is critical and replacing them isn't for the faint of heart. However, nothing stops you from using a Pi-Hole as a DNS forwarder set up on your AD DNS server. The same goes for outsourced managed DNS like OpenDNS.
IF you want people not to be able to cheat by using their own DNS setting there is a way to mostly block it as well:

Your Smart TV is probably ignoring your PiHole - LabZilla

Welcome Hacker News readers!• Thank you to M. Hammad Mazhar for his research that inspired this guide.• @healyio made some great additional suggestions in th...
labzilla.io labzilla.io
 
SecCon

SecCon

Arkham Asylum Server Mgmt
May 26, 2022
280
55
28
No AD.
No PiHole (or any Pie for that matter).

Just a local simple SoHo Lan with a few servers. I can do virtual guests and hosts.
 
BoredSysadmin

BoredSysadmin

Not affiliated with Maxell
Mar 2, 2019
1,053
437
83
SoHo Lan with few (windows based?) servers and no AD?

p.s: Pi-hole can be easily installed on a virtual machine. no need to add any additional hardware. The software is extremely easy to use.
 
SecCon

SecCon

Arkham Asylum Server Mgmt
May 26, 2022
280
55
28
yes soho Lan with windows ( not forgetting a small forest of random devices ) and no AD... last time i tried setting up an AD I managed to **** up that server so badly the HDD went ablaze ...

I thought Pi was hardware? Ahh, this: Pi-hole – Network-wide protection . Sure I could give that a shot assuming it can be configured with a pedagogical and intelligible UI and not some crap CLI.
 
SecCon

SecCon

Arkham Asylum Server Mgmt
May 26, 2022
280
55
28
fires up fedora 36 with cockpit-project and docker....
 
BoredSysadmin

BoredSysadmin

Not affiliated with Maxell
Mar 2, 2019
1,053
437
83
Cockpit is pretty awesome. Running it on my NUC/Plex ubuntu 20.04 lts server. I mean I already know how to do sudo apt update etc.., but in cockpin things are just a bit easier.
 
BoredSysadmin

BoredSysadmin

Not affiliated with Maxell
Mar 2, 2019
1,053
437
83
ccie4526

ccie4526

Member
Jan 25, 2021
92
59
18
++ for pihole.

I've got it deployed as a forwarder for AD, as well as being a direct resolver for inside devices.

The important thing is that outbound firewall rules are necessary as there are some devices that will still try to reach out to google dns or other external resolvers in spite of what you may tell your devices either via static or dhcp. Permit outbound tcp/udp 53 only from the pihole servers, and deny all other outbound tcp/udp 53. You'll be surprised at how much of that traffic was going on. Chromecast and Roku are big on trying to use 8.8.8.8 in addition to whatever is locally provisioned, for example.

DNS over HTTPS (DoH) is another story. Gotta have layer 7 inspection to watch for that stuff.

@SecCon - saw your rant in the network thread... I've been doing network engineering since the late 80s, and I learned Cisco when all they had was CLI. Even when they introduced GUI, I found it had many limitations and that to do what I really wanted, I had to roll up the sleeves and get dirty.
 
  • Like
Reactions: itronin
SecCon

SecCon

Arkham Asylum Server Mgmt
May 26, 2022
280
55
28
BoredSysadmin said:
what a crybaby afraid of a black screen which a blinking cursor. 99% of pihole is managed thru it's pretty GUI:
Click to expand...
I despise CLI. Sure it is useful if you have no other option, but to me it's only UI wanting to be developed. Very 1984 and Orwellian.

But thanks for those additional links.

@ccie4526 Appreciate your input, but I was never in network engineering. Nor should I need it.
 
BoredSysadmin

BoredSysadmin

Not affiliated with Maxell
Mar 2, 2019
1,053
437
83
ccie4526 said:
The important thing is that outbound firewall rules are necessary as there are some devices that will still try to reach out to google dns or other external resolvers in spite of what you may tell your devices either via static or dhcp. Permit outbound tcp/udp 53 only from the pihole servers, and deny all other outbound tcp/udp 53. You'll be surprised at how much of that traffic was going on. Chromecast and Roku are big on trying to use 8.8.8.8 in addition to whatever is locally provisioned, for example.

DNS over HTTPS (DoH) is another story. Gotta have layer 7 inspection to watch for that stuff.
Click to expand...
agreed, this is why I posted an easy to follow guide on how to configure pfSense to restrict external DNS only from pihole above
 
L

LodeRunner

Active Member
Apr 27, 2019
540
227
43
I can't think of anything, other than updating PiHole and trying to do some of the encrypted DNS stuff that requires me to use the CLI. Install on a supported OS is braindead simple:
Code: 
curl -sSL https://install.pi-hole.net | bash
Updating is also easy:
Code: 
pihole -up
Pihole update can include the restarting the lighttpd process which would kill the update process if run via the UI.

If that's too 'Orwellian' then I don't really know what to say. GUI's have a hard time covering all the options enterprise level switches present, with the possible exception of wireless (looking at you, Cisco WLC command syntax). I have yet to encounter a GUI on an enterprise switch from Cisco, Juniper, Brocade, or HP, where I couldn't do the same thing faster, more easily, and more accurately, from the CLI.
 
You must log in or register to reply here.
Top Bottom