mirror of
https://github.com/pivpn/pivpn.git
synced 2024-12-18 19:00:15 +00:00
Allowing queries only from the local subnet is enough for the functionality of PiVPN.
From the man page of dnsmasq:
--local-service
Accept DNS queries only from hosts whose address is on a local subnet,
ie a subnet for which an interface exists on the server. This option only
has effect if there are no --interface, --except-interface, --listen-address
or --auth-server options. It is intended to be set as a default on installation,
to allow unconfigured installations to be useful but also safe from being
used for DNS amplification attacks.
This commit is contained in:
Orazio
parent
4fc2fbf0ef
commit
139f16594d
1 changed files with 4 additions and 4 deletions
|
|
@ -1475,10 +1475,10 @@ askClientDNS(){
|
|||
# Then create an empty hosts file or clear if it exists.
|
||||
$SUDO bash -c "> /etc/pivpn/hosts.$VPN"
|
||||
|
||||
# Set Pi-hole to "Listen on all interfaces, permit all origins" to allow dnsmasq
|
||||
# to listen on the VPN interface as well. This setting matches what's suggested
|
||||
# in the official guide: https://docs.pi-hole.net/guides/vpn/dual-operation
|
||||
$SUDO pihole -a -i all
|
||||
# Setting Pi-hole to "Listen on all interfaces" allows dnsmasq to listen on the
|
||||
# VPN interface while permitting queries only from hosts whose address is on
|
||||
# the LAN and VPN subnets.
|
||||
$SUDO pihole -a -i local
|
||||
|
||||
# Use the Raspberry Pi VPN IP as DNS server.
|
||||
pivpnDNS1="$vpnGw"
|
||||
|
|
|
|||
Loading…
Reference in a new issue