Post AlHeiPyX8TRbhvmLTs by stfn@fosstodon.org
 (DIR) More posts by stfn@fosstodon.org
 (DIR) Post #AlHeiPyX8TRbhvmLTs by stfn@fosstodon.org
       2024-08-24T06:37:50Z
       
       0 likes, 0 repeats
       
       I'm thinking of hosting PiHole on a publicly available VPS so that I can use it on my phone on the go. Are there any special security precautions I should take? Apart from the obvious ones like a firewall and ssh key only access.
       
 (DIR) Post #AlHxZWNvpkU86r87N2 by secretbatcave@don.secretbatcave.co.uk
       2024-08-24T10:09:05Z
       
       0 likes, 0 repeats
       
       @stfn dns is UDP, as you know so could be vulnerable to amplification attacks, where someone forges the source header of the packet. You *might* want to consider hiding it all behind a WireGuard VPN. (It’s what I’ve done for most of my services)
       
 (DIR) Post #AlI1HaYlyMZlf5uBbk by stfn@fosstodon.org
       2024-08-24T10:50:41Z
       
       0 likes, 0 repeats
       
       @secretbatcave Thank you! that VPS already has a WireGuard server (my another learning project) so I think I could use combine it with pihole
       
 (DIR) Post #AlIOIhGKpsgngWmKbw by daniel@masto.doserver.top
       2024-08-24T14:19:48Z
       
       0 likes, 0 repeats
       
       @secretbatcave @stfn That or only use DNS over HTTPS or DNS over TLS from pihole (does pihole support that? AdGuardHome does, things on the server end to forward to standard DNS probably exist too)
       
 (DIR) Post #AlIOIi7VeBDwLRenUe by stfn@fosstodon.org
       2024-08-24T15:08:35Z
       
       0 likes, 0 repeats
       
       @daniel @secretbatcave I think I have a safe working solution. I have a WireGuard VPN set up on the VPS, and I configured UFW to only allow port 53 from the wg0 interface.