Dns

Network-Wide DNS Blocking of Advertising, Telemetry, and Malicious Domains

Network-Wide DNS Blocking of Advertising, Telemetry, and Malicious Domains

Configure the DNS Settings in OPNsense to use Pi-hole

In my home network I wanted to set up a dedicated Pi-hole installation so that I could have network-wide ad blocking. Additionally, I could reduce the telemetry/tracking performed by applications and operating systems as well as potentially block malware. Pi-hole provides the ability to view the DNS traffic on my network on a per device basis, which may present valuable insight in detecting unusual activity on the network. While OPNsense can be configured to provide DNS blocking, I really like the graphs and logging of Pi-hole.
How to Use Pi-hole DNS with VLANs

How to Use Pi-hole DNS with VLANs

Configure the OPNsense firewall settings for multiple VLANs using the Pi-hole service

Setting up the Pi-hole DNS service is relatively straightforward on your home network. When you have VLANs configured, the setup is slightly more complicated. The issue is that you need to ensure that all of your VLANs have access to the Pi-hole server which is located on a different network (ideally, it should probably be located in your management VLAN to protect it from being accessed by your other network devices).