Pi-Hole Discussion Thread

Jurong640

High Supremacy Member
Joined
Mar 22, 2011
Messages
41,376
Reaction score
16,202
that is exactly what commercial VPNs do/advertise as a common use case!


Do they connect to public wifi a lot? Otherwise I recommend you save the hassle and their battery life and just ask them to keep to mobile data when out
Thanks. I mostly use my own 4g or 5g when outside. I was just thinking of possibilities in case of a need to use public WiFi when the area has weak network.

Their phones has WiFi always on, hence always auto connected to wireless@sgx when outside.

I have been testing on my Samsung phones for the last week using the routines modes. I can set a routine, if I get disconnected from my home WiFi, then tail scale VPN (app) will be automatically run. It works great when I leave my home and tail scale VPN app automatically run.

Using Samsung routine app, I can set automatic rules to turn on VPN automatically. The Samsung routine app, only allows Manual Configuration of VPN to be turned on automatically, if I am out of range of my home WiFi.

However, Samsung routine app told me that tail scale or surfshark VPN installed on my phone is an app installed VPN, hence unable to turn it on automatically.

So currently, I am only able to set to open tail scale app automatically if I am out of range of my home WiFi. The Tail scale app will open automatically. Then, I have to manually, click on turn on VPN on the turn left hand corner.

Till I can find other solutions like adding manual configuration of tail scale VPN in my VPN profiles
 

Jurong640

High Supremacy Member
Joined
Mar 22, 2011
Messages
41,376
Reaction score
16,202
Question for those using pihole +unbound + tailscale vpn.

When outside using tailscale or wireguard VPN on your phones. What DNS server should I be looking at when testing DNSleak?

Before setting up unbound, I was using upstream servers like Cloudflare or 9.9.9.9. So whenever, when I check what is my DNS server when outside (via Tailscale VPN), it shows as cloudflare USA.

But after i set up Unbound, when outside, I see my DNS server as M1 mobile one with my home IP address. My mobile operator is singtel, is it correct that I shouldn't be seeing singtel?

But is this the correct way, and i should be seeing M1 instead of Singtel or other cloudflare DNS? I was thinking it should be some blank DNS unbound.

Thank you
 
Last edited:

xiaofan

High Supremacy Member
Joined
Sep 16, 2018
Messages
34,901
Reaction score
11,602
Question for those using pihole +unbound + tailscale vpn.

When outside using tailscale or wireguard VPN on your phones. What DNS server should I be looking at when testing DNSleak?

Before setting up unbound, I was using upstream servers like Cloudflare or 9.9.9.9. So whenever, when I check what is my DNS server when outside (via Tailscale VPN), it shows as cloudflare USA.

But after i set up Unbound, when outside, I see my DNS server as M1 mobile one with my home IP address. My mobile operator is singtel, it is correct that I shouldn't be seeing singtel.

But is this the correct way, and i should be seeing M1 instead of Singtel or other cloudflare DNS? I was thinking it should be some blank DNS unbound.

Thank you

It is correct. It will show your home IP address as the DNS sever, when you use unbound, no matter when you test at home or outside in your case.

This was what I got as well when I was using pfSense + pfBlokerNG-devel + unbound. I did not use it outside though.
 

Jurong640

High Supremacy Member
Joined
Mar 22, 2011
Messages
41,376
Reaction score
16,202
It is correct. It will show your home IP address as the DNS sever, when you use unbound, no matter when you test at home or outside in your case.

This was what I got as well when I was using pfSense + pfBlokerNG-devel + unbound. I did not use it outside though.
ah thanks great mean working well !
 

Mach3.2

Great Supremacy Member
Joined
Apr 8, 2011
Messages
72,500
Reaction score
2,478
You can also forward DNS request to 3rd party resolvers instead of running Unbound in recursive mode. Doing so would hide your home IP address in DNS leak tests. Bur of course requests will still originate from your IP..
 

Jurong640

High Supremacy Member
Joined
Mar 22, 2011
Messages
41,376
Reaction score
16,202
Noticed after moving to unbound, i keep having this error message :
Connection error (127.0.0.1#5335): TCP connection failed while receiving payload length from upstream (Connection prematurely closed by remote server)

A check online, many have this issue too , but no solutions.

A check with my query log, I noticed some query was "forwarded, awaiting reply" instead of Forwarded, reply from 127.0.0.1#5335. i think this what caused the issue. Wonder if anyone encounter this?

https://discourse.pi-hole.net/t/con...n-prematurely-closed-by-remote-server/76148/8



Edit: I have added "incoming-num-tcp: 30" to the top of the Unbound configuration file "/etc/unbound/unbound.conf.d/pi-hole.conf"

I shall monitor and see how
 
Last edited:

Jurong640

High Supremacy Member
Joined
Mar 22, 2011
Messages
41,376
Reaction score
16,202
Noticed after moving to unbound, i keep having this error message :
Connection error (127.0.0.1#5335): TCP connection failed while receiving payload length from upstream (Connection prematurely closed by remote server)

A check online, many have this issue too , but no solutions.

A check with my query log, I noticed some query was "forwarded, awaiting reply" instead of Forwarded, reply from 127.0.0.1#5335. i think this what caused the issue. Wonder if anyone encounter this?

https://discourse.pi-hole.net/t/con...n-prematurely-closed-by-remote-server/76148/8



Edit: I have added "incoming-num-tcp: 30" to the top of the Unbound configuration file "/etc/unbound/unbound.conf.d/pi-hole.conf"

I shall monitor and see how
So far working well after i put in the script to increase TCP: 30. no more error messages
 

endoguy70

Junior Member
Joined
Jul 15, 2024
Messages
53
Reaction score
19
Hi,
can the gurus here advise on how I can use pi hole as a DNS resolver for internal IPs? I am currently using Cloudflare, figure it should be easier to do so on pihole?
 

xiaofan

High Supremacy Member
Joined
Sep 16, 2018
Messages
34,901
Reaction score
11,602
I just installed two instances on PVE LxC containers. I have two other instances of Adguard Home as well.

Now I need to see whether I want to switch from the simple OpenWRT adblock-fast/ adblock back to Pi-hole or Adguard Home.

Pi-hole and Adguard Home apparently have more functions and nicer UI compared to OpenWRT's simple built-in utility. BTW, OpenWRT does have a package for Adguard Home.

https://openwrt.org/docs/guide-user/services/ad-blocking
 

Jurong640

High Supremacy Member
Joined
Mar 22, 2011
Messages
41,376
Reaction score
16,202
Recently, my Pi Hole have been unstable after upgrading to the latest FTL and have to rollback to Core v6.1.4FTL, and to Core v6.1.4, and also using unbound upstream server. Performance is inconsistent—sometimes it works fine, other times it doesn’t.

I recently switched my router’s DNS back to the default ISP settings, but I still keep Pi-hole running for my mobile device, which connects through it via Tailscale.

I’ve been considering doing a clean install of Pi-hole, but I’ve been putting it off since it’s time-consuming and I’ve been a bit lazy about it.
 

Jurong640

High Supremacy Member
Joined
Mar 22, 2011
Messages
41,376
Reaction score
16,202
Pi-hole FTL v6.3, Web v6.3 and Core v6.2 Released!

Highlights​

Security & TLS Enhancements​

Shorter validity for self-signed TLS certificate (#2463) – The default validity period for self-signed TLS certificates has been reduced, aligning with modern security best practices and ensuring compatibility with Apple devices. To compensate for the shorter validity, automatic renewal has been implemented. Certificates now default to a 47-day validity period (configurable via webserver.tls.validity) and automatically renew when nearing expiration.

Improved Content Security Policy (#2575) – Improved default CSP headers provide better protection against XSS attacks while maintaining functionality.

  • Network & DNS Improvements​

    Smart Interface Detection (#2456, #2607) – FTL now automatically detects the appropriate DNS interface when dns.interface is empty in pihole.toml, eliminating manual configuration in most scenarios.
    Netlink ARP Cache Handling (#2600) – Replaced external ip neigh show calls with internal netlink-based communication, dramatically improving performance and reducing resource usage. This addresses “database locked” issues seen in some environments.
    Special Domain Handling (#2474) – Added support for .internal domain blocking (following RFC draft-davies-internal-tld-03), preventing these queries from being sent to upstream DNS servers while still allowing local resolution.
    DNS Localization (#2524) – New dns.localise configuration option provides better control over DNS query handling.
    IPv6 DHCP Support (#2554) – Enhanced the DHCP API to properly support IPv6 addresses and configurations.

    Platform & Installation​

    Alpine Linux Support (pi-hole/pi-hole#6275) – Full native support for Alpine Linux has been added, including proper package management with apk, OpenRC init system support, and comprehensive testing. This expands Pi-hole’s reach to lightweight container environments and minimal installations.

    User Interface & Experience​

    CLI Autocomplete (#2593, pi-hole/pi-hole#6376) – Added bash-style completion support for pihole-FTL commands, making configuration much more user-friendly. Tab completion works for the entire --config path and suggests appropriate values.
    Web Interface Improvements (web#3530, web#3551, web#3533, web#3592, FTL#2645, FTL#2647, FTL#2644, web#3622) – Many small improvements: better visualization of DNS metrics, improved query log handling, enhanced gravity output with colors, refined button styling for blocked/allowed domain actions, improved load average detection and better system information gathering.

    Configuration & Management​

    Advanced Web Server Options (#2635) – New webserver.advancedOpts configuration for fine-tuning web server behavior.
    Enhanced API Endpoints (#2530, #2632, #2466) – Multiple API improvements including better error handling, optional restart parameters, and enhanced response formatting.
    Web documentation for the config file – https://docs.pi-hole.net/ftldns/configfile/ – we have added some automation and a Python script to parse the latest pihole-FTL config file and to keep the documentation up to date on the web

    Performance & Reliability​

    Updated Core Components (#2544, #2576, #2592, #2570, #2587, #2603, #2614, #2621, #2579):
    • SQLite3 updated to 3.50.4 for better database performance
    • dnsmasq updated to v2.92test21 with latest fixes
    • CivetWeb updated for improved web server functionality
    • Migrate TOML library to tomlc17 (tomlc99 has been marked as deprecated)
  • Memory Management (#2617) – Improved memory handling throughout the codebase to reduce resource usage and improve stability.
    Database Resilience (#2605, #2602, #2646) – Enhanced gravity database handling with custom SQLite busy callbacks and better error recovery.

    Bug Fixes & Stability​

    • Fixed PTR query handling for .localhost domains (#2517)
    • Resolved DHCP string processing issues (#2519)
    • Fixed cache-optimizer query display in logs (#2619)
    • Improved NTP IPv6 crash handling (#2569)
    • Better foreign fork PR handling in CI (#2543)
 

Jurong640

High Supremacy Member
Joined
Mar 22, 2011
Messages
41,376
Reaction score
16,202
IMHO.
Everyday I find new things to be discovered yet I don't have the time. :ROFLMAO:
You have 24 hours a day.

9 hours of work
8 hours of sleep.

Left 7 hours. Minus one hour for dinner. You have 6 hours.

Say 3 hours of scrolling tiktok and scrolling through edmw.

You have 3 more hours, say you use 30 mins to clean your room. You have 2.5 hours left to research and learn.

;)
 

keenklee

Arch-Supremacy Member
Joined
Sep 9, 2000
Messages
18,712
Reaction score
6,552
You have 24 hours a day.

9 hours of work
8 hours of sleep.

Left 7 hours. Minus one hour for dinner. You have 6 hours.

Say 3 hours of scrolling tiktok and scrolling through edmw.

You have 3 more hours, say you use 30 mins to clean your room. You have 2.5 hours left to research and learn.

;)
IMHO.
Let's see.
sleep 8 hours
work 9 hours
meals 1.5 hours
drive 2 hours
tiktok/edmw 3 hours
clean/laundry 1 hour

total - 24.5 hours. :ROFLMAO: i "lost" 0.5 hours.
 

TanKianW

Supremacy Member
Joined
Apr 21, 2005
Messages
6,829
Reaction score
3,519
IMHO.
Let's see.
sleep 8 hours
work 9 hours
meals 1.5 hours
drive 2 hours
tiktok/edmw 3 hours
clean/laundry 1 hour

total - 24.5 hours. :ROFLMAO: i "lost" 0.5 hours.

I figured every week I maybe only have like 1hr for homelabbing, but from the way I am running my homelab, it is like I have an hour everyday. :ROFLMAO:
 

keenklee

Arch-Supremacy Member
Joined
Sep 9, 2000
Messages
18,712
Reaction score
6,552
I figured every week I maybe only have like 1hr for homelabbing, but from the way I am running my homelab, it is like I have an hour everyday. :ROFLMAO:
IMHO.
I am trying to figure how to have a corner at my place to house all the hardware to maximize the time. Now, if i need to use tinker with mini PC or routers, I have to take out and setup. Maybe have something movable. 🤔
 
Important Forum Advisory Note
This forum is moderated by volunteer moderators who will react only to members' feedback on posts. Moderators are not employees or representatives of HWZ Forums. Forum members and moderators are responsible for their own posts. Please refer to our Community Guidelines and Standards and Terms and Conditions for more information.
Top