Example reasons for filtering DNS include blocking ads to filtering out harmful sites (content or malicious).
Pihole has been dockerised so you can see my example here.
If you’re running on Ubuntu, you will have to disable dnsmasq which is used to cache DNS locally. To do this edit the file /etc/systemd/resolved.conf and change the line from
save and exit the file. This will cause DNS queries to fail e.g
ping google.com -c 4
Next, edit the file /etc/resolv.conf and add the following line below the existing nameserver line:
This will point any domains to go to Google’s DNS server. Feel free to change the 220.127.116.11 to your favourite DNS.
I enabled DNSSEC and found a few issues and surprising the lack of support some domains have. For example Tesco doesn’t support it.
Pi-hole is an all or nothing. There is no way to exclude VLANs or individual devices from the block lists.
There is no way to subscribe to white lists which seems odd considering the feature exists for block lists.
Cashback sites such as Quidco are also blocked. I suspect the link referrals are part of advert block lists.
It was very easy to setup and amazed the power it gives in a simply to configure interface. I do believe this is a power user feature as in you will need to understand the networking side and be able to troubleshoot the issues.
The query log is very powerful and I can see what is going through the network and what my ISP would see too.
I hear great results from other people using the system however the default blocklists are already causing issues for me.
My plan is to potentially remove/disable the out of the box list and start my own by setting up a Git repository. It will operate on a allow first and reactively blocking.
Another point is to setup the network to disallow overriding of DNS servers on each device.