-
so that my phone and other devices will always have protection against adverts and malware.
Thought you ran NetGuard to default block?
hippy-
I do run NetGuard... but I want a single config across every device of mine even when they're outside the home.
I also want to get to the point where I can write firewall rules like "block UDP port 53 that isn't from Pi-Hole".
And the biggest problem with running Pi-Hole out on the web appears to be that you really want to be running DNS-over-TLS and/or DNS-over-HTTPS and having your devices call those. This is possible (though a pain in the arse), but the risk of not doing it is that your public UDP port 53 DNS server would be used as part of a DDoS reflection attack very quickly.
Goals:
- One base config for malware/tracking/advertising protection everywhere (anything like NetGuard is additive on top)
Requirements:
- Must be able to run DNS-over-TLS and DNS-over-HTTPS... which Pi-Hole doesn't do yet (as dnsmasq doesn't support it and they're not using knot or kresd).
- Must be OK to block inbound UDP port 53
So at the moment Pi-Hole looks like it won't work... it's close, but looks like I'd need to do it myself still.
- One base config for malware/tracking/advertising protection everywhere (anything like NetGuard is additive on top)
Velocio
Is anyone running their own pi-hole on a permanently connected publicly visible server?
I'm seriously considering doing so... so that my phone and other devices will always have protection against adverts and malware.