this post was submitted on 22 Mar 2025
18 points (100.0% liked)

Pi-hole

509 readers
1 users here now

The Pi-hole® is a DNS sinkhole that protects your devices from unwanted content without installing any client-side software.

founded 2 years ago
MODERATORS
[email protected]
18
How practical is it to block everything by default? (feddit.uk)
submitted 6 days ago by [email protected] to c/[email protected]
31 comments fedilink hide all child comments
 

I've just set up my pihole and I'm considering the best way to configure it. Is it a good idea to set the default group to block (almost) all domains and then manually add trusted devices to another group with a "normal" block list? My use case is untrustworthy devices that I don't want phoning home but which might change their IP address.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 6 points 6 days ago (1 children)

Untrusted devices should really be on their own VLAN. You will have much better control over them and their ability to reach out to the net, or gather info on your network and other devices. Some IoT devices have their DNS hardcoded, so they will ignore your Pihole anyway - you will need to redirect the DNS with outbound NAT to combat this.

[–] [email protected] 2 points 6 days ago

More reading for me to do then, thanks!