Pi-Hole Whitelists and Blacklists

It's been a few days since I last posted about setting up a pi-hole.  I wanted to talk a little bit more about how a pi-hole works, and about how to set up Whitelists and Blacklists.  So, lets get started.

In my last post I spoke briefly about how a pi-hole works, and then went over an in depth view of the install. I want to get a little more in depth about how a pi-hole actually works.  I mentioned in my previous post that a pi-hole acts like a sink hole for ads.  A pi-hole sits on the edge of your network and acts as a DNS filter.  It will scan incoming and outgoing DNS requests for known malicious or ad domains and block them before they reach your network.  

How does it do this?  It makes use of a few programs.  One program is FTLDNS which is a modified version of dnsmasq.  This provides DNS caching and also allows the pi-hole to act as a DHCP server.  This program allows the pi-hole to cache Domain Names, allowing it to remember good and bad Domains.  

Pi-hole also makes use of cURL to send and receive data from domains.  cURL preforms certificate verification which helps to verify that the data being received is coming from the correct source.  This is used to prevent Man-in the-Middle attacks which can be used as a method to perform for any number of malicious activities.  

Another program used by pi-hole is lighttpd.  I spoke about this briefly in my previous post.  It is basically a small web server that is optimized for speed and simplicity.  It is easy to scale and solved the C10k problem in which servers could not handle more than 10,000 concurrent connections because of certain algorithms used in the Linux Kernal.  That's another story for another time. 

Pi-hole uses PHP which is a scripting language that is well suited for web development.  This scripting language is processed on the lighttpd server.  This combined with the AdminLTE Dashboard allows for a user friendly web interface to access data and settings on your pi-hole.

Whitelists and Blacklists

Pi-hole uses lists of malicious and advertising domains from predefined sources.  These lists are called Whitelists and Blacklists.  Pi-hole compares the DNS requests to the domains on the lists and either allows or denies the traffic.  These lists can be found on a few sites but the main site that I have found that is supported is from firebot.net


Read the header, it will help you better understand what the lists are, and how to use them.  On this first page there is a link to an auto-installer on Github.  Click on the link in "If you wish to automate the update of your blocklist sources, URL-only and CSV versions are found here".

This link will take you to the Github page for the tool.  


Read through the README.md.  This will explain how tho tool works as well as covers some of the updates that have been made to the tool.  Towards the bottom of the page is the installation instructions as well as a quick video of the install and set up.  The video moves pretty quick but the options are all explained in the terminal when setting up the tool. 

When installing the tool, I selected the non-crossed lists which require someone to be around to unblock sites that may have been accidentally blocked on the pi-hole.  This is a very easy thing to do and requires you to log into your Pi-hole Admin Console.

Once in the console, navigate to "Query Log".  Find the blocked website in the log and then select "Whitelist" to the right of the website.  This will put that website into your "Approved Domains" list and will allow traffic to flow to and from that website.



I hope this helps to improve your understanding of how a pi-hole works, and helps you lock down some of those malicious and ad producing websites.  As always, if I got something wrong feel free to comment and let me know.







Comments

Post a Comment

Popular posts from this blog

A script to check a log file. If conditions are met the script will then delete, and copy in a file into the folder.

Image
 I wrote a quick script to automate a process I found myself doing every few months.   We have software that has a maximum number of licenses available. Unfortunately, when a user logs out, the software does not release that license.  To solve this issue we simply delete a .log and .dat file, and then paste a old copy of the .dat file back into that location.  Sounds kind of complicated, but it might make a little more sense looking at the script.  Lets take a look: The software will output a license count to a logfile that looks something like this. So in order to get the license count, we need to pull that log file into PowerShell, split it on the empty space, and then count the numbers remaining.  This was a little complicated for me to figure out but this is what I came up with. $split = Import-Csv C : \Users\alexg\Desktop\Scripts\license.log -Delimiter " " -Header Name,Amount $Count = $split | Measure-Object 'Amount' -Sum | Select-Object -expandP
Read more

Laptop Battery Replacement

Image
     I recently replaced the battery in one of my laptops. For the past few months I have been living with a battery that has drained quickly, even after charging over night.        The process was simple and did not require any special tools. Best of all it only took a few minutes to complete.        The Laptop in question was a Toshiba Satellite L55t-A5186. I picked this laptop up second hand from a individual who mainly used it for work. It was well cared for, but it is older.      Anyways, to replace this battery I had to remove a number of screws (12) from the bottom of the laptop. One of the screws held the CD-ROM drive in place. The CD-ROM drive must be fully removed in order to be able to pull the bottom off of the laptop. The CD-ROM drive is located on the right side of the laptop (if looking at the bottom of the Laptop), and just slides out after removing one of the 12 screws on the bottom.     Another part that needs to be removed is the RAM compartment cover. I'm not su
Read more

Bulk AD User creation Powershell Script

Image
 As a follow up, I want to post of one of my most recent scripts.  This script is used to do bulk AD user creation.   My company has been growing rapidly and it takes up a lot of my time when creating and setting up new employee accounts and mailboxes.  I recently spent some time writing a script to automate this process.  This script takes a CSV file that has been filled out by HR with the new employee's name and other information.  It imports that information into Active Directory and creates a user profile.   Our hiring managers often include in the service ticket the name of an employee who would have the same rights/permissions/and memberships as the new employee.  So to simplify things, I put in my CSV file a column that is the "User to Copy".  This tells the script to copy that user's profile/OU/memberof details and apply them to the new user.   Once created, the script then starts a remote session into our On-prem Exchange Server, sets up a mailbox and links i
Read more