Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

How do you deal with https traffic? Wouldn't you need to MITM proxy everything and install CA certs on the client? And wouldn't that reduce client side security since all certs would be signed by the same CA?


Pi-Hole is just a DNS-based adblocker. It returns 127.0.0.1 (I believe) for ad-serving domains, so it happens before https even starts to be negotiated.


Actually, the local address of your Pi-Hole server, though that's configurable.

https://docs.pi-hole.net/ftldns/blockingmode/

For hosts files, 0.0.0.0 is generally preferred, which marks the host as unreachable, rather than localhost (127.0.0.1, etc.), which might well recieve and try to process the request.

https://serverfault.com/a/300410


Neat! I'm going to have to play with that a bit.

I'm using the defaults, but from the sounds of the documentation having it return 0.0.0.0 might be beneficial. It certainly explains some weirdness that I've seen when using Pi-Hole.

Thanks!


DNS isn't (yet) encrypted. It happens before HTTPS is negotiated.


PiHole acts as a local DNS server. So it blocks ad network domains.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: