apt install bind9
Note: i have the IP : 192.168.1.109 by DHCP
edit the network settings file
nano /etc/network/interfaces
and I add this to create a virtual eth0:1 with 192.168.2.2 for IP with a /16 subnet
iface eth0:1 inet static
address 192.168.2.2
netmask 255.255.0.0
broadcast 192.168.2.255
edit bind9 configuration
nano /etc/bind/named.conf.options
and I add/modify this
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { 127.0.0.1; 192.168.2.2; };
listen-on { 127.0.0.1; 192.168.2.2; };
recursion yes;
allow-query { any; };
wget -O basic-install.sh https://install.pi-hole.net
chmod +x basic-install.sh
./basic-install.sh
Note: during the installation you wil be asked for DNS, simply enter 127.0.0.1, 192.168.2.2
/etc/dnsmasq.d/01-pihole.conf
# Pi-hole: A black hole for Internet advertisements
# (c) 2015, 2016 by Jacob Salmela
# Network-wide ad blocking via your Raspberry Pi
# http://pi-hole.net
# dnsmasq config for Pi-hole
#
# Pi-hole is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 2 of the License, or
# (at your option) any later version.
###############################################################################
# FILE AUTOMATICALLY POPULATED BY PI-HOLE INSTALL/UPDATE PROCEDURE. #
# ANY CHANGES MADE TO THIS FILE AFTER INSTALL WILL BE LOST ON THE NEXT UPDATE #
# #
# IF YOU WISH TO CHANGE THE UPSTREAM SERVERS, CHANGE THEM IN: #
# /etc/pihole/setupVars.conf #
# #
# ANY OTHER CHANGES SHOULD BE MADE IN A SEPERATE CONFIG FILE #
# OR IN /etc/dnsmasq.conf #
###############################################################################
address=/pi.hole/192.168.1.109
address=/pi-hole/192.168.1.109
addn-hosts=/etc/pihole/gravity.list
domain-needed
bogus-priv
no-resolv
server=127.0.0.1
server=192.168.2.2
interface=eth0
cache-size=100000
log-queries
log-facility=/var/log/pihole.log
local-ttl=600
log-async
ifconfig :
root@pi-hole:~# ifconfig
eth0 Link encap:Ethernet HWaddr 08:00:00:00:00:00
inet adr:192.168.1.109 Bcast:192.168.1.255 Masque:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:106118 errors:0 dropped:0 overruns:0 frame:0
TX packets:99749 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:1000
RX bytes:61093835 (58.2 MiB) TX bytes:44930671 (42.8 MiB)
eth0:1 Link encap:Ethernet HWaddr 08:00:00:00:00:00
inet adr:192.168.2.2 Bcast:192.168.2.255 Masque:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
lo Link encap:Boucle locale
inet adr:127.0.0.1 Masque:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:8428 errors:0 dropped:0 overruns:0 frame:0
TX packets:8428 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:0
RX bytes:757064 (739.3 KiB) TX bytes:757064 (739.3 KiB)
/etc/pihole/adlists.list
## Pi-hole ad-list default sources. Updated 26/11/2016 by janus57 to include W7 telemetry
# The below list amalgamates several lists we used previously.
# See `https://github.com/StevenBlack/hosts` for details
https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
# Other lists we consider safe:
http://mirror1.malwaredomains.com/files/justdomains
http://sysctl.org/cameleon/hosts
https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist
https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt
https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
# hosts-file.net list. Updated frequently, but has been known to block legitimate sites.
https://hosts-file.net/ad_servers.txt
# Mahakala list. Has been known to block legitimage domains including the entire .com range.
# Warning: Due to the sheer size of this list, the web admin console will be unresponsive.
#http://adblock.mahakala.is/
# ADZHOSTS list. Has been known to block legitimate domains
#http://optimate.dl.sourceforge.net/project/adzhosts/HOSTS.txt
# Windows 10 telemetry list
https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/win10/spy.txt
# Windows 7 telemetry list
https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/win7/spy.txt
# Securemecca.com list - Also blocks "adult" sites (pornography/gambling etc)
#http://securemecca.com/Downloads/hosts.txt
# Quidsup's tracker list
https://raw.githubusercontent.com/quidsup/notrack/master/trackers.txt
# Block the BBC News website Breaking News banner
#https://raw.githubusercontent.com/BreakingTheNews/BreakingTheNews.github.io/master/hosts
# Untested Lists:
#https://raw.githubusercontent.com/reek/anti-adblock-killer/master/anti-adblock-killer-filters.txt
#https://raw.githubusercontent.com/Dawsey21/Lists/master/main-blacklist.txt
#http://malwaredomains.lehigh.edu/files/domains.txt
# Following two lists should be used simultaneously: (readme https://github.com/notracking/hosts-blocklists/)
#https://raw.github.com/notracking/hosts-blocklists/master/hostnames.txt
#https://raw.github.com/notracking/hosts-blocklists/master/domains.txt
# Combination of serveral host files on the internet (warning some facebook domains are also blocked but you can g$
#https://raw.githubusercontent.com/mat1th/Dns-add-block/master/hosts
Hello,
in this case i wanted a /16 to cover all the private subnet and have internal DNS zone not described in this gist, and avoid internal routing.
I could have use a /24 with vlan and virtuel interface per vlan, but at this time i don't have L2 switch to do this, so i use the "simple" methode.
Cordially, janus57