Tuesday 2021-05-25
I started using PiHole several years ago for DNS on my home network. Early on, we had a lot of problems because my wife complained about how many sites it blocked that she wanted access to for her website analytics. Also I had several local web servers that I had to add entries into PiHole's /etc/hosts file so our DNS would resolve to the server's private addresses instead of our public address where the domains resolved.
Since that time, however PiHole has made their web interface much better and all of these customizations are very easy to add. It also still has a commandline client which I like.
This morning, I was informed that there were a couple of websites that were blocked that needed to be accessible so I logged into the pihole web interface and immediately saw that there had been a ton of DNS requests going out from one phone to a DNS server that was not our pihole instance which is configured for everyone to use via the pihole DHCP server.
image showing the pihole dashboard:
Since the pihole is configured to go to opendns.com for upstream DNS requests, these rogue requests worried me.
I have not yet had a chance to look at this phone to find what the source of those are but I wanted to point out one of the ways pihole can be used to catch unusual traffic and requests on your local network.