ameshkov
commented
5 years ago Hi!
It creates a opendns resolver which causes serious security risks
The only risk is that your open resolver can be used for DNS amplification DDOS attacks, and there's no way you can fully solve this issue. On the other hand, AGH by default comes with ratelimit set to 20 requests per second, so your resolver won't do much harm.
If you run AGH on a VPS, I'd suggest checking the stats from time to time, and block access from unknown IP addresses when you see them. You can do it in settings -> DNS -> access settings.
Another question: Does adguardhome support multiple interfaces (vlans) if the server it's running on has multiple vlans enabled and needs to serve adblocking to clients on those vlans is this supported?
Well, you can configure it to listen to ALL network interfaces (0.0.0.0).
I know from the pihole forums it is discouraged to run pihole for home use on a VPS. It creates a opendns resolver which causes serious security risks.
How does adguardhome tackle this? Since you have a guide to install it on a VPS for home use are there any safeguards in place to prevent the security risks mentioned on the pihole forums and their articles on this subject?
Another question: Does adguardhome support multiple interfaces (vlans) if the server it's running on has multiple vlans enabled and needs to serve adblocking to clients on those vlans is this supported?