> You could expose it to the internet but that's a horrible idea.
Been there, done that. It was a mistake. Not sure which attacks my public PiHole was part of, but I surely was part of some.
It's a shame, I'd really like to offer this as a service to friends, because I think they would be able to change the DNS settings of their routers and enjoy a safer surfing experience.
I don't want to get started with distributing key pairs to connect to a VPN and whatnot. PiHole really has a sweet spot there with its ease-of-use but it fails in regards of security/protection against becoming part of DNS-based attacks.
The PiHole has some integrated logging where you can see the requests that were made. I had several IPs which were doing queries for the same domains dozens of times per second. That wasn't a poweruser but some kind of automated system, probably doing reflection attacks or sth. alike.
I think PiHole has improved since that time, you can now set throttling, but I'm not sure I'd run a public PiHole anymore.
Been there, done that. It was a mistake. Not sure which attacks my public PiHole was part of, but I surely was part of some.
It's a shame, I'd really like to offer this as a service to friends, because I think they would be able to change the DNS settings of their routers and enjoy a safer surfing experience.
I don't want to get started with distributing key pairs to connect to a VPN and whatnot. PiHole really has a sweet spot there with its ease-of-use but it fails in regards of security/protection against becoming part of DNS-based attacks.