alex@thinkpad ~> kdig @muppetz.com +tls news.ycombinator.com
;; WARNING: connection timeout for 116.251.193.218@853(TLS)
;; ERROR: failed to query server muppetz.com@853(TCP)
1, it's bound to a particular subdomain (I'm sure you can figure that out) - And it's still the same IP so you'd have only gotten certificate mismatch warnings 2, it's behind a Firewall that only allows connections from the country I'm in - this is almost certainly what's stopped you being able to access the port.
If you meet those two criteria you'll be able to query it.
My point was it's quite easy to do this yourself though and then you don't need to bother with a VPN all the time, saving battery and the hassle of having to either a) Have it on all the time even when you're at home or b) Remembering to turn it on every time to leave home.
I have an instance on my router in my home network for covering all devices by default, and a hosted one to which I connect when outside via mobile network. Split-tunneling with only the DNS routed, so that I don't have to push all traffic through the VPN.
I ended up just going to NextDNS. All my devices are Apple so I could install the certificate and it works away from home too.
I like Pi-Hole's UI. It's functional and simple.
1. I looked at AdGuardHome but I preferred PiHole because I found its documentation a bit more helpful for my purpose (the Unbound sample, the Wireguard setup, etc)
2. I saw the docker compose package, but I wanted something that runs at the OS level. There are docker packages for Wireguard too and I had also a look at Mistborn (https://gitlab.com/cyber5k/mistborn)
3. The VPN is the main thing I wanted setup to reach resources on my home network, adblocking and DNS came a bit later, so you can run this without a VPN, but its central for my setup.
4. I really wanted this setup at the OS level and to hopefully learn more about the whole process.
Thanks again for the suggestions though!
Probably the right call, but funnily enough, I had to go the other way. PiHole started using 100% of the CPU on my Raspberry Pi 1B after an update to version 6.x, which then obviously slowed the entire network to a crawl and made it unusable. Although later versions supposedly fixed that, whatever was the latest version at the time still had that problem for me, even on a completely fresh install.
AdGuardHome worked for me without any hassle, but I would never have even considered it, given I'd been happy with PiHole for 5+ years, if it hadn't been for the fact that whatever update PiHole did completely borked its usability.
For my curiosity: because you wanted to use systemd or didn't want to run another piece of software (docker) or something else?
I went through the journey of having multiple technologies VPNs to my home lab and cross-places. This is fun, a rewarding exercice.
I switched to first Headscale, and then Tilescale for the ease of setting this up, which frees time for other home lab activities
I also excluded most of her devices from any filtering by the pihole because she wants to be able to click the sponsored links and ads on Google. Whatever.
I'm effectively always on my network because I use Wireguard to VPN back in to home, so I can easily access my server and RPi dashboards. Though at this point I've whitelisted a few dozen domains that were giving my wife or I issues, and excluded most of her devices because she doesn't want to be on it, so it's pretty hands-off. The only time I have to disable the pihole nowadays is when I'm unsubscribing from an email list and the link is a tracking link. And that's with over 3M domains blocked.
From the Firewalla Site -
How to Choose Your DNS Strategy If you have NO concerns at all, just use traditional DNS from your ISP or configure some public DNS for your LAN networks if you like. If you need simple filtering to protect your network from unwanted online content, choose Family Protect -> Native mode. It won't conflict with other DNS services. If you trust your DNS service provider but don't trust your ISP, choose DNS over HTTPS. If you do not trust any single DNS server other than the root and authoritative DNS server, choose Unbound. If you do not want any DNS queries getting changed or filtered, use Unbound. If you do not want any DNS queries getting changed or filtered and want to add a layer of encryption so that your ISP can't see your DNS requests, use Unbound and turn on DNS over VPN under it.
https://help.firewalla.com/hc/en-us/articles/4570608120979-F...
gentooflux•3mo ago
pSYoniK•3mo ago