You are reading a single comment by @Velocio and its replies. Click here to read the full conversation.
  • so that my phone and other devices will always have protection against adverts and malware.

    Thought you ran NetGuard to default block?

  • I do run NetGuard... but I want a single config across every device of mine even when they're outside the home.

    I also want to get to the point where I can write firewall rules like "block UDP port 53 that isn't from Pi-Hole".

    And the biggest problem with running Pi-Hole out on the web appears to be that you really want to be running DNS-over-TLS and/or DNS-over-HTTPS and having your devices call those. This is possible (though a pain in the arse), but the risk of not doing it is that your public UDP port 53 DNS server would be used as part of a DDoS reflection attack very quickly.


    1. One base config for malware/tracking/advertising protection everywhere (anything like NetGuard is additive on top)


    1. Must be able to run DNS-over-TLS and DNS-over-HTTPS... which Pi-Hole doesn't do yet (as dnsmasq doesn't support it and they're not using knot or kresd).
    2. Must be OK to block inbound UDP port 53

    So at the moment Pi-Hole looks like it won't work... it's close, but looks like I'd need to do it myself still.


Avatar for Velocio @Velocio started