Pi-Hole Summary

The Pi 5-50-5 Vault | Obsidian Garden

Role: Primary Network Resolver, DHCP Authority, and Security Perimeter.

"The Network Sentinel node (Pi-hole) is not just an ad-blocker; it is the logic-layer of my infrastructure. It bridges the gap between public DDNS hostnames and my internal Nginx security gateway, so that every service—from the 5-50-5 RAID to the NVR system—is accessible through a single, encrypted entry point.".

Core Functions

• Recursive DNS Resolver: Acts as the "phonebook" for the network, resolving all internal and external queries.

• DHCP IPAM: Manages dynamic IP assignments and maintains static reservations for core infrastructure (RAID, NVR, Proxy).

• Telemetry Blackhole: Network-wide advertisement and tracker blocking at the DNS level, improving privacy and bandwidth efficiency.

Hardening & Protocols

• DNSSEC: Cryptographic validation of DNS responses to prevent "Man-in-the-Middle" attacks.

• Split-Horizon Architecture: Uses dnsmasq to intercept requests for public DDNS domains, keeping traffic on the local high-speed LAN.

• Privacy Hardening: Configured to exclude Extended Client Subnet (ECS) data, preventing internal network leakage to upstream providers like Quad9 and Cloudflare.

Performance Impact

• Latency Reduction: Local DNS caching allows for near-instant resolution for frequently visited domains.

• Zero Overhead: Native installation on Raspberry Pi hardware to maximize CPU and RAM efficiency for networking tasks.

Quick Navigation (SOP Library)