Friday, January 5, 2024

Mastering Home Network Security: A Step-by-Step Guide to Fortify Your DNS with Pi-Hole and Raspberry Pi Across Multiple VLANs

Recently, I delved into the realm of setting up secure DNS for our home network, aiming to encrypt DNS requests en route to the name server. Unfortunately, Unifi lacks support for secure DNS (neither DoH nor DoT). To address this, I decided to explore the installation of Pi-hole on a Raspberry Pi at home.

However, the standard Pi-Hole install for Raspberry Pi required additional setup steps on my network. Firstly, Pi-hole lacks built-in support for secure DNS, necessitating an additional configuration. Secondly, the default Raspberry Pi lacked VLAN support, prompting me to configure it to function seamlessly within our network.

Raspberry Pi and Pi-hole Setup

I began by installing the Raspberry Pi OS Lite 64-bit on the Raspberry Pi, intending to use it as a headless device on the network. Once the operating system was installed and updated, I proceeded to install Pi-hole. This was a straightforward process, thanks to Pi-hole's automated installation script.

curl -sSL https://install.pi-hole.net | bash

Setting up DNS over HTTPS for Pi-hole

To ensure secure DNS, I followed the instructions on the Pi-hole site to configure cloudflared, allowing DNS requests to be made over HTTPS. Once configured, Pi-hole forwards requests to cloudflared, which handles DNS requests securely.

Enabling Support for Multiple VLANs

While Pi-hole successfully handled requests for the native network, extending its support to other VLANs posed a challenge. Instead of opting for solutions involving firewall rule modifications to permit VLAN requests to the native network, I chose to ensure the Raspberry Pi could seamlessly join the VLAN networks I intended to use Pi-hole on.

Following the instructions on this page for enabling VLAN support on the Raspberry Pi, I configured an interface for each VLAN I wanted the Pi-hole to respond on.

Mastering Home Network Security: A Step-by-Step Guide to Fortify Your DNS with Pi-Hole and Raspberry Pi Across Multiple VLANs

Recently, I delved into the realm of setting up secure DNS for our home network, aiming to encrypt DNS requests en route to the name server....