Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Categories

In this Discussion

Pi Hole - Help
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Pi Hole - Help

acjmacjm Member
in Help

I’ve got a spare VPS and I have installed Pi Hole on it so my home LAN devices can communicate via WAN for DNS resolution and restricted access to it from IP so it can’t get abused.

I don’t have a static IP from my ISP but I have a registered DDNS name, is it possible to configure Pi Hole to look at my DDNS name to allow connections from the current IP I’ve been assigned my my ISP and update automatically when my ISP changes it?

I hope that makes sense?

Any help is appreciated :)

Comments

  • yoursunnyyoursunny Member, IPv6 Advocate

    I don't know about this software specifically, but a general method is:

    1. Setup a cron script that polls the dynamic IP every 10 minutes.
    2. If the IP is changed, edit the config/firewall to allow the new IP and deny the old IP.
  • shellshell Member

    setup vpn betwen home router to vps ?

  • deltatuxdeltatux Member

    Setting up a VPN is probably the best way to do it. It encrypts your traffic and solves your dynamic IP issue.

    Remember, regular DNS traffic is not encrypted.

  • acjmacjm Member

    My home router doesn’t support VPN and I’m reluctant to by a replacement since I’ve just replaced it and put in Wi-Fi APs around the house.

    Never mind, I’ll just install it locally rather than putting it over WAN.

  • deltatuxdeltatux Member

    @acjm said:
    My home router doesn’t support VPN and I’m reluctant to by a replacement since I’ve just replaced it and put in Wi-Fi APs around the house.

    Never mind, I’ll just install it locally rather than putting it over WAN.

    Another solution might be getting a Raspberry Pi, install Wireguard VPN on that and then set up an Unbound resolver on the Pi to upstream from the Pihole. That or take the Pihole off the VPS and host it locally on a Raspberry Pi.

    Doing it locally might work better since the Pihole devs already stated that Pihole was meant to be run inside the LAN. If you want to run it on your VPS, Adguard Home is a better solution.

  • painfreepcpainfreepc Member

    Did you ask your ISP if they offer a block of static IP's ??

  • AlefAlef Member

    I personally run Pi-hole on a VPS. I block all inbound traffic with ufw then whitelist permitted inbound traffic. I run the following script via cron to periodically whitelist a given domain.

    #!/bin/bash

#Allow access from home ipv4 address
HOSTNAME="example.com"

if [[ $EUID -ne 0 ]]; then
   echo "This script must be run as root"
   exit 1
fi

new_ip=$(/usr/bin/nslookup $HOSTNAME | awk '/^Address: / { print $2 }' | awk 'NR==1 {print; exit}')
old_ip=$(/usr/sbin/ufw status | grep $HOSTNAME | head -n1 | tr -s ' ' | cut -f3 -d ' ')

if [ -z $new_ip ]; then
    echo "Unable to lookup dns name"
    echo "Exiting with no changes"
    exit 1
fi

if [ "$new_ip" = "$old_ip" ] ; then
    echo IP address has not changed
else
    if [ -n "$old_ip" ] ; then
        /usr/sbin/ufw delete allow from $old_ip to any
    fi
    /usr/sbin/ufw allow from $new_ip to any comment $HOSTNAME
    echo Firewall rules have been updated
fi
    Thanked by 2Void sebkehl
  • DazzleDazzle Member

    @Freek

  • DogbertPrimeDogbertPrime Member

    @yoursunny said:
    I don't know about this software specifically, but a general method is:

    1. Setup a cron script that polls the dynamic IP every 10 minutes.
    2. If the IP is changed, edit the config/firewall to allow the new IP and deny the old IP.

    That's how I would do it.

    For years I've been running piholes behind VPNs, but since the pandemic started I've also been running a public-facing pihole VPS to open it up to my whole household. Fortunately my 'dynamic' home IP hasn't changed in years, so I didn't have to worry about scripting it, I just firewalled all other IPs.

    I managed to catch a Pi Zero 2 W in stock a couple days ago, so I'll be transitioning to a traditional in-house setup once the mail arrives.

  • TimboJonesTimboJones Member

    I started out with pihole nearly from the start and just got fed up with it breaking down and the devs being douches about decisions they made, blah blah. As someone said before, they don't support the VPS use case whenever they caused a bug unnecessarily and don't want to fix.

    I recommend giving up on pihole and using NextDNS instead. Along with the chrome extension that gives advanced features to NextDNS.

    Thanked by 1acjm
  • FreekFreek Member

    @Dazzle said:
    @Freek

    Sorry, don't know the answer to this one.

  • TimboJonesTimboJones Member

    Putting DNS servers on WiFi devices seems like bad idea.

  • painfreepcpainfreepc Member

    @TimboJones said:
    Putting DNS servers on WiFi devices seems like bad idea.

    that's why i use a VPS, only my home network and a few friends have access.

Sign In or Register to comment.