MyTechAccount90210

joined 1 year ago
 

So I've been a pihole user for a long long time....but seeing the advancements in AdGuard Home and some of the nicer UI facets, I was interested in giving it a try. I also have an active directory domain that I need to manage as well.

So, prior to recently, I had routed all DNS requests thought the AD DCs, and their upstream resolver was PiHole, and then Pihole routed to its internal install of cloudflared with DNS over HTTPS to the cloudflare DNS services.

More recently, I changed my DNS services in DNS to point directly to pihole, managed my local dns records in pihole and then used conditional forwarding to my AD DCs for local DNS resolution. The biggest benefit I saw in this adjustment is that I can identify what hosts are making what requests.

More recently than that, I brought Adguard Home into the environment and am using it as a secondary DNS server. I ended up taking it out of the mix for the moment. My thought process was having one DNS server on each of my active VM hosts just in case.....but managing internal DNS records in adguard home is a bit of a pain in the ass, and there is no way to import in bulk.

So, the questions, 1) do you just use one or the other... pihole, vs adguard home.... 2) do you use multiple dns servers or just a single one upstream...3) whats your preferred method of internal dns management in conjunction w/ pihole/adguard home?

 

Hello all. I'm bouncing around ideas in my head right now, and I want to take the next step in my home infrastructure. As it stands, I have my main docker server that hosts a variety of stacks and containers, and of course my nginx proxy manager as well.

Basically all the containers have the ports open that they need, and the proxy is just hairpinning back into the same VM. So DNS for my friendly name stuff points 10.178.200.4, and then the proxy points to 10.178.200.4:8787 or 8989 or whatever for the individual apps.

I feel like, at least in my mind with the docker virtual networks, that I should be able to close all the ports except 80 and 443, and route traffic to the virtual IPs that come from docker, and the networking can be done internally. Is my brain working, or is this stupid?

[–] MyTechAccount90210@alien.top 1 points 11 months ago

You don't add it from the app. You add it in server settings. And you wouldn't hairpin, you'd have the firewall rules. Having it in dmz would segregate it from your internal network so outside users could hit it .... If you so choose.

[–] MyTechAccount90210@alien.top 2 points 11 months ago (2 children)

You're doing something wrong or you have an incompatible isp. If you want to have it in your dmz, great poke firewall rules for 32400 and set up the internal subnet as an approved lan subnet.

[–] MyTechAccount90210@alien.top 1 points 11 months ago

I'd love to know, but it's best I dont.

3 HP DL380s, 4 drives each
1 HP DL380, 15 drives
1 Chenbro 1U storage server, 12 drives
1 supermicro 1U storage server, 12 drives
1 HP DL360, 4 drives I think
2 netgear business poe switches
2 fortigates
2 microtik 8 port 10G switches
2 smart UPS 1500 units

I just dont want to know.