• just another dev@lemmy.my-box.devEnglish
    11·
    5 months ago

    Wouldn’t the attacker have to be on the same network as the resolver for this to work? Or could it be triggered by a “dirty hostname”? Because in the former case, most home networks would not be at much risk.

  • Nunya@lemdro.idEnglish
    4·
    5 months ago

    Sorry if this is a basic question. So if I have a pihole, do I just need to update the Raspberry Pi software, along with updating pihole software to resolve the insecurities? Or do I need to change the DNS settings of the pihole?

    • BlackEco@lemmy.blackeco.com
      OPEnglish
      8·
      5 months ago

      If you use a third-party’s DNS server (such as Cloudflare, Quad9 or Google) as your upstream DNS server, you only have to update PiHole.

      If you have set up your own upstream DNS server using a DNS resolver like unbound or Bind9, update it as well as your PiHole.

    • BlackEco@lemmy.blackeco.com
      OPEnglish
      1·
      5 months ago

      I struggle to find if it uses DNSSEC or even a change log. If it does, contact the maintainer and disable DNSSEC (if you can) until a fix is released.

  • ratzki@discuss.tchncs.deEnglish
    21·
    5 months ago

    Not sure why, but on Synology with docker, the pihole:latest releases are usually a mess and restoring settings and client lists does not work. Unfortunately, only “latest -2” seems to work most of the time.

    ¯\_(ツ)_/¯

    • BlackEco@lemmy.blackeco.com
      OPEnglish
      1·
      5 months ago

      I’m not familiar with off-the-shelf DNS filtering on mobile, but since running a DNS resolver on-device would be impractical, I think they must be using a DNS server that they maintain. Which means that unless I’m wrong, the vulnerability lies on their end, you should be fine.