If I'm the authoritative server for, e.g.,, then I know which IP is the correct answer for a query. The first distinction we have to be aware of is whether a DNS server is authoritative or not. When you operate your own (tiny) recursive DNS server, then the likeliness of getting affected by such an attack is greatly reduced. This scenario has already happened and it isn't unlikely to happen again. Instead of your bank's actual IP address, you could be sent to a phishing site hosted on some island. However, as has been mentioned by several users in the past, this leads to some privacy concerns as it ultimately raises the question: Whom can you trust? Recently, more and more small (and not so small) DNS upstream providers have appeared on the market, advertising free and private DNS service, but how can you know that they keep their promises? Right, you can't.įurthermore, from the point of an attacker, the DNS servers of larger providers are very worthwhile targets, as they only need to poison one DNS server, but millions of users might be affected. After applying the blocking lists, it forwards requests made by the clients to configured upstream DNS server(s). Pi-hole includes a caching and forwarding DNS server, now known as FTL DNS. Unbound Pi-hole as All-Around DNS Solution ¶ The problem: Whom can you trust? ¶
Optional: Dual operation: LAN & VPN at the same time Setting up Pi-hole as a recursive DNS server solutionĭisable nf entry for unbound (Required for Debian Bullseye+ releases)
0 kommentar(er)
