Sarah's Catalog

Disclaimer: I am not an expert. The following information is based on my experience and understanding. Research was done beforehand to make sure I'm not getting things wrong.

Storage

  • Root and boot partitions (SSD) are automatically mounted on startup using the fstab file.
  • The root partition allocates space for a swap file.

Pi-hole

  • Pi-hole is used as a DNS sinkhole and DHCP server for my entire network.
  • DNS:
  • Upstream: Google and Cloudflare (IPv4) + local DNS records → resolve domains.
  • Blocklists → sink domains.
  • Blocklists:
  • HaGeZi Multi Light
  • Adguard Base Filter
  • OISD (Big)
  • someonewhocares.org/host (Dan Pollock)
  • DHCP:
  • Pi-hole handles DHCP for all devices, while the primary router handles my two servers and downstairs router, which is used as an access point (AP).
  • The DHCP servers don't conflict with each other because the primary router's range is restricted to the devices specified above.
  • I do this to ensure my servers and router will retain their IPs if I ever have to completely reconfigure the Pi-hole.
  • (Servers' IPs are already configured via Netplan)

WireGuard

  • For secure remote access, I utilize WireGuard.
  • FreeDNS is the DDNS provider.
  • A cron script updates my public IP to bypass my router's lack of support for FreeDNS.
  • Split tunneling allows me to preserve bandwidth since it's configured to only allow the WireGuard peer and home subnet.
  • PostUp and PostDown rules:
  • Bridge traffic between the WireGuard tunnel and home LAN.
  • Masquerade WireGuard IPs with my home network's public IP or server's private IP so it can access the internet and local LAN
  • Clean up rules whenever the WireGuard interface is removed.

Terms

  • For anyone who isn't as tech savvy, or anyone else, here's a short recap of some of the things I discussed.
  • Subnet: a specific range of IPs on a network.
  • Domain name system (DNS): a system which allows IP addresses to be easily identifiable by pairing host names.
  • Pi-hole: a DNS sinkhole which resolves, or hands out IP addresses to a specific domain.
  • DNS sinkhole: DNS server which "sinks" specific domains by resolving them to non-routable IPs, or IPs that are a dead end.
  • Dynamic host configuration protocol (DHCP): automatically assigns IP addresses within a specific range to devices on a network.
  • WireGuard: a VPN service which solely uses UDP. Compared to let's say OpenVPN, it's newer.
  • Dynamic DNS (DDNS): service which updates the public IP for a specific domain

Re(sources)

Pihole Documentation https://en.wikipedia.org/wiki/DNS_sinkhole For anyone interested, this is the WireGuard guide I followed