However, the standard Pi-Hole install for Raspberry Pi required additional setup steps on my network. Firstly, Pi-hole lacks built-in support for secure DNS, necessitating an additional configuration. Secondly, the default Raspberry Pi lacked VLAN support, prompting me to configure it to function seamlessly within our network.
Raspberry Pi and Pi-hole Setup
I began by installing the Raspberry Pi OS Lite 64-bit on the Raspberry Pi, intending to use it as a headless device on the network. Once the operating system was installed and updated, I proceeded to install Pi-hole. This was a straightforward process, thanks to Pi-hole's automated installation script.curl -sSL https://install.pi-hole.net | bash
Setting up DNS over HTTPS for Pi-hole
To ensure secure DNS, I followed the instructions on the Pi-hole site to configure cloudflared, allowing DNS requests to be made over HTTPS. Once configured, Pi-hole forwards requests to cloudflared, which handles DNS requests securely.Enabling Support for Multiple VLANs
While Pi-hole successfully handled requests for the native network, extending its support to other VLANs posed a challenge. Instead of opting for solutions involving firewall rule modifications to permit VLAN requests to the native network, I chose to ensure the Raspberry Pi could seamlessly join the VLAN networks I intended to use Pi-hole on.Following the instructions on this page for enabling VLAN support on the Raspberry Pi, I configured an interface for each VLAN I wanted the Pi-hole to respond on.
Enabling Firewall Rules
To secure the Raspberry Pi, especially since I had relocated some less trusted devices to certain VLANs, I implemented the following steps:Firstly, accepting connections on localhost and on eth0 (default network):
sudo ufw allow in on lo
sudo ufw allow in on eth0
Then, accepting DNS connections (applying to all interfaces/VLANs):
sudo ufw allow DNS
By taking these steps, I successfully configured a secure DNS setup for our home network, ensuring the Raspberry Pi and Pi-hole worked seamlessly across multiple VLANs while maintaining robust firewall rules for enhanced security.
No comments:
Post a Comment