|
https://tweakers.net/nieuws/191950/openbare-pi-hole-adhole-v... This is an article (in Dutch) with the same news, but the owner responds in the comments: I started it at the time because I noticed in my circle of acquaintances that there was interest in adblocking at DNS level, but that they didn't have the knowledge to set up and maintain a Pihole themselves. Five years ago, the world looked a little different and there were almost no public services that offered this (for free) and since I had a spare server, I took the chance.
During the process, I learned a lot. From Docker to Ansible but also from DNS itself. Especially DNS amplification attacks were big troublemakers in the beginning, which Pi-hole couldn't handle. Logical too, because Pi-hole is actually not meant to be used publicly, the developers make that very clear in their documentation. At the time I tried to find a way around this with all kinds of iptable rules and that worked reasonably well, but support for things like DNS over TLS or DNS over HTTPs was missing in Pi-hole. Again logical, normally there is no need to encrypt your DNS requests on your own trusted LAN.
A year or two ago I switched to Adguard Home as backend, since Adguard does support these features and also has some basic security features on board like rate limiting. That's also when I moved everything to an Ansible Playbook so I could easily reinstall everything with one push of a button, e.g. when buying a new node.
I often bought new nodes during Black Friday or Cyber Monday on sites like Lowendspirit. Some nodes were sponsored by providers themselves, because they liked the idea.
Now after five years I stop. Lately, I put more energy into it than I got satisfaction from it. In addition, the servers were bursting at the seams, making the latency of each request far too high. You noticed this while surfing and I don't want to do that to anyone. Bigger servers are an option, but the money has to come from somewhere. By the way, I would have preferred horizontal scaling instead of vertical, but the number of (affordable) providers offering anycast IPs is scarce (BuyVM is one of them).
Fortunately, there are now plenty of other services that offer the same thing for next to nothing, so hopefully ex-Adhole users will not fall into a deep hole.
------ In the end, the 'iron' has to be paid. Part of the servers was sponsored, the rest came from donations and from my own pocket. Upgrading was easier said than done, because with 6 locations and therefore 6 servers, all costs are multiplied by 6. Going to providers for an upgrade on an already sponsored server was something I didn't do (something about a given horse). And asking for donations has never been the intention of this project. I saw it as a hobby and a hobby costs money, but it must remain fun. By the way, this was not the main reason to stop, it was really the time it took and the lack of satisfaction I got from it.
IP addresses would sometimes change for various reasons. For example because a provider cancelled his location, a migration to another node or simply a switch to another provider. That was irritating because all users then had to change the IP address of their DNS. I think if you really want to do it right, you have to have your own IP range (and that is very expensive).
I have no tips about incidents. However, since the new intermediate certificate at Let's Encrypt I have had problems getting DoH and Dot to work. In the end, I did not succeed either. Why remains a mystery to me, the chain was correct.
|