I found that you must have a multilayer approach to security. With the new Pi-hole update you can even get more granular and create excluded devices and groups which allows me to add Roku's to the bypass ad block list since many of their services don't run with ad block turned on. One is still on a dedicated Pi3+ and the other is on the Synolgoy. I now have two Pi-hole images on docker running to have redundancy on my network. In addition I have also forced all DNS connections though DoH (DNS over HTTPS) to prevent collection of data from the ISP and prevent external DNS man in the middle attacks. Initially I did the standalone RaspberryPi but then moved to docker images for ease of update. Once IoT started to show up and these devices were making a lot of calls to "questionable" services I found Pi-hole and haven't looked back. But would only enable it for devices that did a lot of browsing and this was before IoT. I started with DNS filtering many years ago with DD-WRT in the router using ad lists etc.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |