Pi-Hole/docs
1
0
Fork 0
mirror of https://github.com/pi-hole/docs.git synced 2025-12-20 03:08:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

Markdownlint: enable MD040 rule

Browse Source 
Signed-off-by: XhmikosR <xhmikosr@gmail.com>
This commit is contained in:
XhmikosR
2025-03-04 08:21:42 +02:00
parent cbe68c0940
commit 7ca1c7b7aa
28 changed files with 135 additions and 139 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.markdownlint.json
View File

@@ -32,7 +32,6 @@
},
"MD036": false,
"MD038": false,
"MD040": false,
"MD041": false,
"MD045": false,
"MD046": {

36
docs/api/auth.md
View File

@@ -7,13 +7,13 @@ To get a session ID, you will have to send a `POST` request to the `/api/auth` e
=== "bash / cURL"
``` bash
```bash
curl -k -X POST "https://pi.hole/api/auth" --data '{"password":"your-password"}'
```
=== "Python 3"
``` python
```python
import requests
url = "https://pi.hole/api/auth"
@@ -26,7 +26,7 @@ To get a session ID, you will have to send a `POST` request to the `/api/auth` e
=== "Javascript (plain)"
``` javascript
```javascript
var data = JSON.stringify({"password":"your-password"});
var xhr = new XMLHttpRequest();
@@ -39,7 +39,7 @@ To get a session ID, you will have to send a `POST` request to the `/api/auth` e
=== "Javascript (jQuery)"
``` javascript
```javascript
$.ajax({
url: "https://pi.hole/api/auth",
type: "POST",
@@ -55,7 +55,7 @@ To get a session ID, you will have to send a `POST` request to the `/api/auth` e
=== "C"
``` c
```c
#include <stdio.h>
#include <stdlib.h>
#include <curl/curl.h>
@@ -144,14 +144,14 @@ Note that when using cookie-based authentication, you will also need to send a `
=== "bash / cURL"
``` bash
```bash
# Example: Authentication with SID in the request URI
curl -k -X GET "https://pi.hole/api/dns/blocking?sid=vFA+EP4MQ5JJvJg+3Q2Jnw="
```
=== "Python 3"
``` python
```python
# Example: Authentication with SID in the request header
import requests
@@ -169,7 +169,7 @@ Note that when using cookie-based authentication, you will also need to send a `
=== "Javascript (plain)"
``` javascript
```javascript
var data = null;
var xhr = new XMLHttpRequest();
@@ -186,7 +186,7 @@ Note that when using cookie-based authentication, you will also need to send a `
=== "Javascript (jQuery)"
``` javascript
```javascript
$.ajax({
url: "https://pi.hole/api/dns/blocking",
type: "GET",
@@ -220,13 +220,13 @@ If you have 2FA enabled for your Pi-hole, you will need to provide a TOTP token
=== "bash / cURL"
``` bash
```bash
curl -k -X POST "https://pi.hole/api/auth" --data '{"password":"your-password", "totp":"123456"}'
```
=== "Python 3"
``` python
```python
import requests
url = "https://pi.hole/api/auth"
@@ -242,7 +242,7 @@ If you have 2FA enabled for your Pi-hole, you will need to provide a TOTP token
=== "Javascript (plain)"
``` javascript
```javascript
var data = JSON.stringify({"password":"your-password", "totp":"123456"});
var xhr = new XMLHttpRequest();
@@ -255,7 +255,7 @@ If you have 2FA enabled for your Pi-hole, you will need to provide a TOTP token
=== "Javascript (jQuery)"
``` javascript
```javascript
$.ajax({
url: "https://pi.hole/api/auth",
type: "POST",
@@ -302,7 +302,7 @@ In addition to the status code, the server will also return a JSON object with m
or
``` json
```json
{
"error": {
"key": "bad_request",
@@ -325,14 +325,14 @@ To end your session before the SID expires, you can send a `DELETE` request to t
=== "bash / cURL"
``` bash
```bash
# Example: Logout with SID in the request URI
curl -k -X DELETE "https://pi.hole/api/auth?sid=vFA+EP4MQ5JJvJg+3Q2Jnw="
```
=== "Python 3"
``` python
```python
# Example: Logout with SID in the request header
import requests
@@ -349,7 +349,7 @@ To end your session before the SID expires, you can send a `DELETE` request to t
=== "Javascript (plain)"
``` javascript
```javascript
var data = null;
var xhr = new XMLHttpRequest();
@@ -365,7 +365,7 @@ To end your session before the SID expires, you can send a `DELETE` request to t
=== "Javascript (jQuery)"
``` javascript
```javascript
$.ajax({
url: "https://pi.hole/api/auth",
type: "DELETE",

6
docs/api/index.md
View File

@@ -21,7 +21,7 @@ The form of replies to successful requests strongly depends on the selected endp
Response code: `HTTP/1.1 200 OK`
``` json
```json
{
"blocking": true
}
@@ -45,7 +45,7 @@ In contrast, errors have a uniform, predictable style to ease their programmatic
Response code: `HTTP/1.1 401 Unauthorized`
``` json
```json
{
"error": {
"key": "unauthorized",
@@ -101,7 +101,7 @@ In contrast, errors have a uniform, predictable style to ease their programmatic
Examples for a failed request with `hint` being set is (domain is already on this list):
``` json
```json
{
"error": {
"key": "database_error",

12
docs/docker/build-image.md
View File

@@ -4,7 +4,7 @@ In case you wish to customize the image, or perhaps check out a branch after bei
In order to build the image locally, you will first need a copy of the repository on your computer. The following commands will clone the repository from Github and then put you into the directory
```
```bash
git clone https://github.com/pi-hole/docker-pi-hole
cd docker-pi-hole
git checkout development #NOTE: This step is only needed until V6 is released
@@ -14,7 +14,7 @@ All other commands following assume you have at least run the above steps.
## Build.sh
```
```text
Usage: ./build.sh [-l] [-f <ftl_branch>] [-c <core_branch>] [-w <web_branch>] [-t <tag>] [use_cache]
Options:
-f, --ftlbranch <branch> Specify FTL branch (cannot be used in conjunction with -l)
@@ -37,7 +37,7 @@ When contributing, it's always a good idea to test your changes before submittin
There is also `./build-and-test.sh`, which can be used to verify the tests that are run on Github pass with your changes.
```
```bash
git checkout -b myNewFeatureBranch
#make some changes
./build.sh
@@ -51,13 +51,13 @@ Occasionally you may need to try an alternative branch of one of the components
- You have been asked by a developer to checkout the FTL branch `new/Sensors`. To do so
```
```bash
./build.sh -f new/Sensors
```
- There is new docker-specific work being carried out on the branch `fix/logRotate` that you wish to test
```
```bash
git checkout fix/logRotate
./build.sh
```
@@ -74,6 +74,6 @@ services:
...
```
```
```bash
docker run [options] pihole:local
```

2
docs/docker/index.md
View File

@@ -49,7 +49,7 @@ Run `docker compose up -d` to build and start Pi-hole (on older systems, the syn
The equivalent command for `docker run` would be:
```
```bash
docker run --name pihole -p 53:53/tcp -p 53:53/udp -p 80:80/tcp -p 443:443/tcp -e TZ=Europe/London -e FTLCONF_webserver_api_password="correct horse battery staple" -e FTLCONF_dns_listeningMode=all -v ./etc-pihole:/etc/pihole -v ./etc-dnsmasq.d:/etc/dnsmasq.d --cap-add NET_ADMIN --restart unless-stopped pihole/pihole:latest
```

1
docs/docker/upgrading/index.md
View File

@@ -28,4 +28,3 @@ docker rm pihole
docker pull pihole/pihole:latest
docker run [ ... arguments (see Getting Started) ... ]
```

5
docs/docker/upgrading/v5-v6.md
View File

@@ -41,7 +41,7 @@ Nearly all environment variables from previous versions have been removed, but f
Reverse server (`REV_SERVER*`) variables should be replaced with the single `FTLCONF_dns_revServers`, which accepts an array of reverse servers (delimited by `;`) in the following format:
```
```text
<enabled>,<ip-address>[/<prefix-len>],<server>[#<port>],<domain>
```
@@ -54,7 +54,7 @@ If, for example, you had the following old style variables:
You would now set:
```
```text
FTLCONF_dns_revServers: 'true,192.168.0.0/24,192.168.0.1#53,lan'
```
@@ -93,4 +93,3 @@ The following variables can be removed without replacement, as they are no longe
- `WEB_UID`
- `WEBLOGS_STDOUT`
- `WEBPASSWORD_FILE`

11
docs/ftldns/blockingmode.md
View File

@@ -14,7 +14,7 @@ In `NULL` mode, which is both the default and recommended mode for Pi-hole *FTL*
A blocked query would look like the following:
```
```text
;; QUESTION SECTION:
;doubleclick.net. IN ANY
@@ -40,7 +40,7 @@ In `IP-NODATA-AAAA` mode, blocked queries will be answered with the local IPv4 a
Assuming your Pi-hole server is at `192.168.1.42`, then a blocked query would look like the following:
```
```text
;; QUESTION SECTION:
;doubleclick.net. IN ANY
@@ -64,7 +64,7 @@ The IP that is returned is automatically determined by FTL, however it can also
A blocked query would look like the following:
```
```text
;; QUESTION SECTION:
;doubleclick.net. IN ANY
@@ -88,7 +88,7 @@ In `NXDOMAIN` mode, blocked queries will be answered with an empty response (i.e
A blocked query would look like the following:
```
```text
;; QUESTION SECTION:
;doubleclick.net. IN ANY
```
@@ -101,10 +101,9 @@ In `NODATA` mode, blocked queries will be answered with an empty response (no an
A blocked query would look like the following:
```
```text
;; QUESTION SECTION:
;doubleclick.net. IN ANY
```
**Advantages & Disadvantages:** This mode is similar to `NXDOMAIN` blocking mode. Clients might have a better acceptance of `NODATA` replies compared to `NXDOMAIN` replies.

22
docs/ftldns/cache_dump.md
View File

@@ -2,13 +2,13 @@
The `dnsmasq` core embedded into `pihole-FTL` prints a dump of the current cache content into the main log file (default location `/var/log/pihole/pihole.log`) when receiving `SIGUSR1`, e.g. by
``` bash
```bash
sudo killall -USR1 pihole-FTL
```
Such a cache dump looks like
``` plain
```plain
cache size 10000, 0/20984 cache insertions reused unexpired cache entries.
queries forwarded 10247, queries answered locally 14713
queries for authoritative zones 0
@@ -79,7 +79,7 @@ where we stripped lines like `Dec 15 20:32:02 dnsmasq[4177892]:` for the sake of
### Cache metrics
``` plain
```plain
cache size 10000, 0/20984 cache insertions reused unexpired cache entries.
```
@@ -87,7 +87,7 @@ tells us that the cache size is 10000 (Pi-hole's default value). None of the 209
### Query statistics
``` plain
```plain
queries forwarded 10247, queries answered locally 14713
queries for authoritative zones 0
```
@@ -96,7 +96,7 @@ Mostly self-explanatory. Queries answered locally can both be from local configu
### Blockdata statistics
``` plain
```plain
pool memory in use 22272, max 24048, allocated 480000
```
@@ -104,7 +104,7 @@ Blockdata is used to cache records that do not fit in normal cache records. Thes
### Server statistics
```
```text
server 127.0.0.1#5353: queries sent 10801, retried or failed 69
server 192.168.2.1#53: queries sent 388, retried or failed 3
```
@@ -144,7 +144,7 @@ The `V` flag in negative DS records has a different meaning. Only validated `DS`
#### `A` (`DHCP` provided)
``` plain
```plain
Host Address Flags Expires
Internet-Radio 192.168.2.239 4F D Thu Dec 16 12:54:33 2021
Internet-Radio.lan 192.168.2.239 4FR D Thu Dec 16 12:54:33 2021
@@ -154,7 +154,7 @@ Both cache entries describe an IPv4 cache record for a device in the local netwo
#### `DNSKEY/DS`
``` plain
```plain
Host Address Flags Expires
de 57564 8 256 KF V Wed Dec 15 20:32:59 2021
de 26755 8 257 KF V Wed Dec 15 20:32:59 2021
@@ -170,7 +170,7 @@ The three numbers in the `address` field correspond to the key tag, the algorith
Note that `DS` records may have an empty `address` field when they are `NODATA` (flag `N`) like
```
```text
Host Address Flags Expires
hosted-by-discourse.com SF N V Sat Dec 18 11:06:03 2021
```
@@ -179,7 +179,7 @@ The `DS` of the root zone is marked *immortal* as it is given by the locally def
#### `CNAME`
``` plain
```plain
Host Address Flags Expires
i.stack.imgur.com ipv4.imgur.map.fastly.net CF Fri Dec 17 22:10:29 2021
```
@@ -188,7 +188,7 @@ The `address` field corresponds to the `CNAME` target record.
#### `SRV`
``` plain
```plain
Host Address Flags Expires
_sip._tcp.pcscf2.ims.telekom.d 100 10 5062 pspcscfhost2.ims.telekom.de VF Sat Dec 18 13:33:37 2021
```

2
docs/ftldns/dnsmasq_warn.md
View File

@@ -129,7 +129,7 @@ Warnings commonly seen in `dnsmasq`'s log file (`/var/log/pihole/pihole.log`) an
If you see this message continuously, you are affected by some unusual truncation on the path from your Pi-hole to the configured upstream server.
You can get rid of the warning by adding a config file like `/etc/dnsmasq.d/99-edns.conf` and adding
``` plain
```plain
edns-packet-max=1232
```

8
docs/ftldns/interfaces.md
View File

@@ -14,7 +14,7 @@ This setting accepts DNS queries only from hosts whose address is on a local sub
The `dnsmasq` option
``` plain
```plain
local-service
```
@@ -29,7 +29,7 @@ The loopback (`lo`) interface is automatically added to the list of interfaces t
The `dnsmasq` option
``` plain
```plain
interface=enp2s0
```
@@ -46,7 +46,7 @@ When this option is used, IP alias interface labels (e.g. `enp2s0:0`) are checke
The `dnsmasq` options
``` plain
```plain
interface=enp2s0
bind-interfaces
```
@@ -59,7 +59,7 @@ This truly allows any traffic to be replied to and is a dangerous thing to do as
The `dnsmasq` option
``` plain
```plain
except-interface=nonexisting
```

6
docs/ftldns/package_dump.md
View File

@@ -2,13 +2,13 @@
Pi-hole has its own embedded package dumping. It can be enabled by adding the following to a file like `/etc/dnsmasq.d/99-record.conf`:
```
```text
dumpfile=/etc/pihole/dump.pcap
```
(or any other location you prefer), in addition to
```
```text
dumpmask=<mask>
```
@@ -26,7 +26,7 @@ Each time a packet is written to the dumpfile, we log the packet sequence and th
If you just want to record everything and later filter this in Wireshark you can just add the two lines
```
```text
dumpfile=/etc/pihole/dump.pcap
dumpmask=0x00ff
```

8
docs/ftldns/valgrind.md
View File

@@ -43,14 +43,14 @@ They'll automatically be re-added when using `sudo service pihole-FTL start` nex
We suggest the following one-liner to run `pihole-FTL` in `memcheck`:
```
```bash
sudo service pihole-FTL stop && sudo setcap -r /usr/bin/pihole-FTL
sudo valgrind --trace-children=yes --leak-check=full --track-origins=yes --vgdb=full --log-file=valgrind.log -s /usr/bin/pihole-FTL
```
If you compile FTL from source, use
```
```bash
sudo service pihole-FTL stop
./build.sh && sudo valgrind --trace-children=yes --leak-check=full --track-origins=yes --vgdb=full --log-file=valgrind.log -s ./pihole-FTL
```
@@ -105,13 +105,13 @@ You can also combine `valgrind` with `gdb` to get both the memory error detectio
2. Start `pihole-FTL` in `valgrind` as described above. The `--vgdb=full` option tells `valgrind` to start a GDB server.
3. Once FTL has started, you can attach `gdb` to the running process using
``` bash
```bash
sudo gdb /usr/bin/pihole-FTL
```
and then at the `(gdb)` prompt,
``` plain
```plain
target remote | vgdb
```

12
docs/guides/dns/dnscrypt-proxy.md
View File

@@ -8,7 +8,7 @@ As an alternative tool to this end, consider [cloudflared](https://github.com/cl
Raspberry Pi OS and Debian as well as Ubuntu come with packages for `dnscrypt-proxy`, which makes its installation a breeze:
```shell
```bash
sudo apt update
sudo apt install dnscrypt-proxy
```
@@ -21,7 +21,7 @@ To avoid conflicts with `FTLDNS`, edit `/usr/lib/systemd/system/dnscrypt-proxy.s
The following settings in `/usr/lib/systemd/system/dnscrypt-proxy.socket`, let `dnscrypt-proxy` listen on localhost on port 5053:
```
```text
ListenStream=127.0.0.1:5053
ListenDatagram=127.0.0.1:5053
```
@@ -43,7 +43,7 @@ server_names = ['cloudflare-security']
Run the following command to set the upstream DNS server of Pi-hole to your local `dnscrypt-proxy` instance:
```shell
```bash
sudo pihole-FTL --config dns.upstreams '["127.0.0.1#5053"]'
```
@@ -51,7 +51,7 @@ sudo pihole-FTL --config dns.upstreams '["127.0.0.1#5053"]'
Run the following commands to restart `dnscrypt-proxy` and `FTLDNS`:
```shell
```bash
sudo systemctl restart dnscrypt-proxy.socket
sudo systemctl restart dnscrypt-proxy.service
sudo systemctl restart pihole-FTL.service
@@ -61,7 +61,7 @@ sudo systemctl restart pihole-FTL.service
Run the following commands to review the status of each restarted service:
```shell
```bash
sudo systemctl status dnscrypt-proxy.socket
sudo systemctl status dnscrypt-proxy.service
sudo systemctl status pihole-FTL.service
@@ -84,7 +84,7 @@ Optionally, confirm in the Pi-hole admin web interface that upstream DNS servers
Since you installed `dnscrypt-proxy` via APT, updating `dnscrypt-proxy` is a matter of running the following commands:
```shell
```bash
sudo apt update
sudo apt upgrade
```

8
docs/guides/dns/unbound.md
View File

@@ -236,7 +236,7 @@ server:
Second, create log dir and file, set permissions:
```
```bash
sudo mkdir -p /var/log/unbound
sudo touch /var/log/unbound/unbound.log
sudo chown unbound /var/log/unbound/unbound.log
@@ -246,20 +246,20 @@ On modern Debian/Ubuntu-based Linux systems, you'll also have to add an AppArmor
Create (or edit if existing) the file `/etc/apparmor.d/local/usr.sbin.unbound` and append
``` plain
```plain
/var/log/unbound/unbound.log rw,
```
to the end (make sure this value is the same as above). Then reload AppArmor using
``` bash
```bash
sudo apparmor_parser -r /etc/apparmor.d/usr.sbin.unbound
sudo service apparmor restart
```
Lastly, restart unbound:
```
```bash
sudo service unbound restart
```

20
docs/guides/github/how-to-fork-rebase.md
View File

@@ -4,7 +4,7 @@
2. Clone `https://github.com/<your_namespace>/<your_repo_name>/` with the tool of you choice.
3. To keep your fork in sync with our repo, add an upstream remote for pi-hole/pi-hole to your repo.
```
```bash
git remote add upstream https://github.com/pi-hole/pi-hole.git
```
@@ -30,21 +30,21 @@ Forking is a GitHub concept and cannot be done from GitHub to other git-based co
To rebase your commits and squash previous commits, you can use:
```
git rebase -i your_topic_branch~(number of commits to combine)
```bash
git rebase -i your_topic_branch~(number of commits to combine)
```
For more details visit [gitready.com](http://gitready.com/advanced/2009/02/10/squashing-commits-with-rebase.html)
1. The following would combine the last four commits in the branch `mytopic`.
```
```bash
git rebase -i mytopic~4
```
2. An editor window opens with the most recent commits indicated: (edit the commands to the left of the commit ID)
```
```text
pick 9dff55b2 existing commit comments
squash ebb1a730 existing commit comments
squash 07cc5b50 existing commit comments
@@ -53,21 +53,21 @@ For more details visit [gitready.com](http://gitready.com/advanced/2009/02/10/sq
3. Save and close the editor. The next editor window opens: (edit the new commit message). *If you select reword for a commit, an additional editor window will open for you to edit the comment.*
```
```text
new commit comments
Signed-off-by: yourname <your email address>
```
```
4. Save and close the editor for the rebase process to execute. The terminal output should say something like the following:
```
```text
Successfully rebased and updated refs/heads/mytopic.
```
5. Once you have a successful rebase, and before you sync your local clone, you have to force push origin to update your repo:
```
```bash
git push -f origin
```
```
6. Continue on from step #7 from [Forking and Cloning from GitHub to GitHub](#forking-and-cloning-from-github-to-github)

4
docs/guides/misc/tor/performance-issues.md
View File

@@ -24,7 +24,7 @@ This is not recommended, but here are some things you can do:
Edit `/etc/tor/torrc` as root and, add the following lines to the end and replace `CountryCodeN` (keep the `{` and `}`) with the country code you've chosen (you can also use only one country code; in this case, it would be just `{CountryCode1}` without a comma).
```
```text
ExitNodes {CountryCode1},{CountryCode2},{CountryCode3}
StrictNodes 1
```
@@ -45,7 +45,7 @@ This is not recommended, but here are some things you can do:
3. Make sure the relay allows Port `53` in his `IPv4 Exit Policy Summary` (and/or `IPv6 Exit Policy Summary` if you want to resolve IPv6 AAAA queries).
4. As root copy the `Fingerprint` (Top Right under Relay Details) of those two Relays to the end of your `/etc/tor/torrc` file on the Pi-hole host in the following format:
```
```text
ExitNodes Fingerprint1,Fingerprint2
StrictNodes 1
```

6
docs/guides/misc/tor/setup.md
View File

@@ -8,7 +8,7 @@ sudo apt install tor
Edit `/etc/tor/torrc` as root, include the following line at the end and save the changes
```
```text
DNSPort 127.0.10.1:53
```
@@ -21,7 +21,7 @@ Change your Pi-hole upstream DNS server to use `127.0.10.1` in the Pi-hole WebGU
If you want a recognizable hostname for the Tor DNS in your Pi-hole GUI statistics, edit `/etc/hosts` as root, include the following line at the end and save the changes
```
```text
127.0.10.1 tor.dns.local
```
@@ -47,7 +47,7 @@ dig @<IPv4/6-dns-server-address> api.mixpanel.com <A/AAAA>
For Windows:
```shell
```bash
nslookup -server=<IPv4/6-dns-server-address> -q=<A/AAAA> api.mixpanel.com
```

2
docs/guides/misc/tor/using-tor.md
View File

@@ -10,7 +10,7 @@ The easiest and most reliable solution would be to use the [Tor Browser](https:/
Edit `/etc/tor/torrc` on your Pi-hole as root, include the following line at the end and save the changes
```
```text
SocksPort 0.0.0.0:9050
```

6
docs/guides/vpn/openvpn/dual-VPN.md
View File

@@ -26,19 +26,19 @@ Next, if needed, port forward the newly configured port from your router to your
Your server line should look like this:
```
```text
server 10.9.0.0 255.255.255.0
```
Make sure that the DNS requests go through the instance of OpenVPN:
```
```text
push "dhcp-option DNS 10.9.0.1"
```
One other setting that we need to change is to comment out the `bypass-dhcp` instruction so that it looks like:
```
```text
# push "redirect-gateway def1 bypass-dhcp"`.
```

2
docs/guides/vpn/openvpn/dual-operation.md
View File

@@ -13,7 +13,7 @@ This setup assumes that your local network is in the range **192.168.2.0** (i.e.
Edit your `/etc/openvpn/server/server.conf`:
```
```text
push "route 192.168.2.0 255.255.255.0"
push "dhcp-option DNS 192.168.2.123"
```

4
docs/guides/vpn/openvpn/setup-openvpn-server.md
View File

@@ -24,7 +24,7 @@ vim /etc/openvpn/server/server.conf
Set this line to use your Pi-hole's IP address, which you determined from the `ifconfig` command and comment out or remove the other line (if it exists):
```
```text
push "dhcp-option DNS 10.8.0.1"
#push "dhcp-option DNS 8.8.8.8"
```
@@ -35,7 +35,7 @@ It's [suggested to have Pi-hole be the only resolver](https://discourse.pi-hole.
Furthermore, you might want to enable logging for your OpenVPN server. In this case, add the following lines to your server's config file:
```
```text
log /var/log/openvpn.log
verb 3
```

6
docs/guides/vpn/openvpn/troubleshooting.md
View File

@@ -4,7 +4,7 @@
OpenVPN 2.4 and newer check the validity of the Certificate Revocation List (CRL). This can result in a sudden malfunction of `openvpn` after an update even though no configuration files have changed. This error manifests in the following, not very helpful, error on the client's side:
```
```text
Wed Apr 24 11:19:07 2019 VERIFY OK: depth=0, CN=server
Wed Apr 24 11:19:07 2019 Connection reset, restarting [0]
Wed Apr 24 11:19:07 2019 SIGUSR1[soft,connection-reset] received, process restarting
@@ -17,7 +17,7 @@ Android clients simply report: "Transport error, trying to reconnect..."
On the OpenVPN server, the following messages are logged:
```
```text
Wed Apr 24 11:19:07 2019 aaa.bbb.ccc.ddd:pppp TLS: Initial packet from [AF_INET]aaa.bbb.ccc.ddd:pppp, sid=57719cb8 77945ae9
Wed Apr 24 11:19:07 2019 aaa.bbb.ccc.ddd:pppp VERIFY ERROR: depth=0, error=CRL has expired: CN=client1
Wed Apr 24 11:19:07 2019 aaa.bbb.ccc.ddd:pppp OpenSSL: error:11089086:SSL routines:ssl3_get_client_certificate:certificate verify failed
@@ -30,7 +30,7 @@ Wed Apr 24 11:19:07 2019 aaa.bbb.ccc.ddd:pppp SIGUSR1[soft,tls-error] received,
The error is `CRL has expired` and can be solved using the following commands:
```
```bash
sudo -s
cd /etc/openvpn
mv crl.pem crl.pem_old

4
docs/regex/tutorial.md
View File

@@ -110,7 +110,7 @@ After going through our quick tutorial, we provide some more advanced examples s
## Block domain with only numbers
```
```text
^[0-9][^a-z]+\.((com)|(edu))$
```
@@ -118,7 +118,7 @@ Blocks domains containing only numbers (no letters) and ending in `.com` or `.ed
### Block domains without subdomains
```
```text
^[a-z0-9]+([-]{1}[a-z0-9]+)*\.[a-z]{2,7}$
```

6
docs/routers/OPNsense.md
View File

@@ -8,7 +8,7 @@ Beware: This tutorial does not explain on how to block DoH or DoT.
SSH into your Pi-hole. A quick `ifconfig eth0` (substituting `eth0` for the applicable network interface) will get you the address information:
```
```text
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.51.2 netmask 255.255.255.0 broadcast 192.168.0.255
inet6 2001:470:5:3::8ed prefixlen 128 scopeid 0x0<global>
@@ -27,7 +27,7 @@ Take note of the `inet` address, and the `inet6` address which starts with `fe`
Choosing this option will have DNS queries taking the following path:
```
```text
(Clients) -> Pi-hole -> Upstream DNS Server
```
@@ -63,7 +63,7 @@ All client devices on your network should now automatically be configured with a
If you'd rather have your OPNsense forward all DNS traffic to Pi-hole, you can complete this *alternative* step.
Doing so will have DNS queries taking the following path:
```
```text
(Clients) -> OPNsense -> Pi-hole -> Upstream DNS Server
```

34
docs/routers/fritzbox-de.md
View File

@@ -14,7 +14,7 @@ Einige dieser Einstellungen sind nur sichtbar, wenn vorher die Ansicht auf "Erwe
Mit dieser Konfiguration wird allen Clients die IP des Pi-hole als DNS Server angeboten, wenn sie einen DHCP Lease von der Fritz!Box anfordern.
DNS Anfragen nehmen folgenden Weg
``` plain
```plain
Client -> Pi-hole -> Upstream DNS Server
```
@@ -24,7 +24,7 @@ Client -> Pi-hole -> Upstream DNS Server
Um diese Konfiguration zu nutzen, muss die IP des Pi-hole als "Lokaler DNS-Server" in
``` plain
```plain
Heimnetz/Netzwerk/Netzwerkeinstellungen/IP-Adressen/IPv4-Konfiguration/Heimnetz
```
@@ -41,13 +41,13 @@ Nun sollten einzelne Clients im Pi-hole Dashboard auftauchen.
Mit dieser Konfiguration wird Pi-hole auch von der Fritz!Box selbst als Upstream DNS Server genutzt. DNS Anfragen nehmen folgenden Weg
``` plain
```plain
(Clients) -> Fritz!Box -> Pi-hole -> Upstream DNS Server
```
Zum Einstellen muss die IP des Pi-hole als "Bevorzugter DNSv4-Server" **und** "Alternativer DNSv4-Server" in
``` plain
```plain
Internet/Zugangsdaten/DNS-Server
```
@@ -64,7 +64,7 @@ Wird ausschließlich diese Konfiguration genutzt, sind im Pi-hole Dashboard kein
Es gibt in der Fritz!Box keine Möglichkeit unter
``` plain
```plain
Heimnetz/Netzwerk/Netzwerkeinstellungen/IP-Adressen/IPv4-Konfiguration/Gastnetz
```
@@ -100,7 +100,7 @@ Unique Local Addresses (ULAs) sind lokale IPv6-Adressen, die nicht über das Int
Zum aktivieren, wähle "Unique Local Addresses (ULA) immer zuweisen" aus in
``` plain
```plain
Heimnetz/Netzwerk/Netzwerkeinstellungen/IP-Adressen/IPv6-Konfiguration/Unique Local Addresses
```
@@ -113,7 +113,7 @@ Heimnetz/Netzwerk/Netzwerkeinstellungen/IP-Adressen/IPv6-Konfiguration/Unique Lo
Damit das Pi-hole eine ULA-Adresse erhält, muss der Pi-hole Server kurz vom Netzwerk getrennt werden oder neu gestartet werden. Die erhaltene Adresse kann man dann auf dem Pi-hole mit dem Befehl
``` bash
```bash
ip address | grep "inet6 fd"
```
@@ -123,7 +123,7 @@ erhalten. Diese Adresse wird im folgenden Abschnitt verwendet.
Nun kann die IPv6 Adresse des Pi-hole als "Lokaler DNSv6-Server" in
``` plain
```plain
Heimnetz/Netzwerk/Netzwerkeinstellungen/IP-Adressen/IPv6-Konfiguration/DNSv6-Server im Heimnetz
```
@@ -138,13 +138,13 @@ eingetragen werden.
Bei ausgelasteter Internetverbindung werden DNS-Anfragen u.U. stark verzögert bearbeitet. Dies kann in der Fritz!Box durch Hinterlegen von DNS als priorisierter Echtzeitanwendung vermieden werden. Falls nicht bereits geschehen, fügen Sie hierfür zunächst "`DNS`" als neuen Answendungstyp unter
``` plain
```plain
Internet/Filter/Listen -> Netzwerkanwendungen -> Netzwerkanwendung hinzufügen
```
mit den Eigenschaften
``` plain
```plain
Netzwerkanwendung: DNS
Protokoll: UDP
Quellport: beliebig
@@ -153,7 +153,7 @@ Zielport: 53
sowie
``` plain
```plain
Netzwerkanwendung: DNS
Protokoll: TCP
Quellport: beliebig
@@ -164,7 +164,7 @@ hinzu.
Dieser Eintrag kann dann unter
``` plain
```plain
Internet/Filter/Priorisierung -> Echtzeitanwendungen -> Neue Regel
```
@@ -178,13 +178,13 @@ Nach der Konfiguration des Pi-holes als DNS Server des Netzwerks ist die Einrich
Einige Geräte oder Programme nutzen fest hinterlegte DNS Server und funktionieren ggfs. nicht mehr ordnungsgemäß falls sie diesen DNS Server nicht erreichen können. Fall solch ein Verhalten auftritt, können Sie dieses Gerät von der Filterregel ausnehmen.
Insofern nicht bereits vorhanden, legen Sie unter
``` plain
```plain
Internet/Filter/Zugangsprofile -> Zugangsprofile verwalten und optimal nutzen
```
zwei Zugangsprofile an (z.B. "`Standard`" und "`Unbeschränkt`"). Im Profil "`Standard`" fügen Sie unter
``` plain
```plain
Erweiterte Einstellungen -> Gesperrte Netzwerkanwendungen
```
@@ -193,7 +193,7 @@ Im Profil "`Unbeschränkt`" darf "`DNS`" *nicht* als gesperrt hinterlegt werden.
Nun werden die Zugangsprofile unter
``` plain
```plain
Internet/Filter/Kindersicherung -> Zugangsprofile ändern (am Ende der Seite)
```
@@ -201,13 +201,13 @@ so konfiguriert, dass *sämtliche* Geräte *außer* dem Pi-hole (inkl. "`Alle an
Die neue Filterregel kann z.B. durch den Aufruf von
``` bash
```bash
dig google.com @8.8.8.8 +short
```
auf dem Pi-Hole und auf einem beliebigen anderen Gerät im Netzwerk getestet werden. Während die Abfrage auf dem Pi-hole wie erwartet eine IP-Adresse zurückgeben sollte, sollte auf allen anderen Geräten eine Fehlermeldung wie
``` plain
```plain
;; communications error to 8.8.8.8#53: host unreachable
```

34
docs/routers/fritzbox.md
View File

@@ -14,7 +14,7 @@ Some of the following settings might be visible only if advanced settings are en
Using this configuration, all clients will get Pi-hole's IP offered as DNS server when they request a DHCP lease from your Fritz!Box.
DNS queries take the following path
``` plain
```plain
Client -> Pi-hole -> Upstream DNS Server
```
@@ -24,7 +24,7 @@ Client -> Pi-hole -> Upstream DNS Server
To set it up, enter Pi-hole's IP as "Local DNS server" in
``` plain
```plain
Home Network/Network/Network Settings/IP Addresses/IPv4 Configuration/Home Network
```
@@ -40,13 +40,13 @@ Now you should see individual clients in Pi-hole's web dashboard.
With this configuration, Pi-hole is also used by the Fritz!Box itself as an upstream DNS server. DNS queries take the following path
``` plain
```plain
(Clients) -> Fritz!Box -> Pi-hole -> Upstream DNS Server
```
To set it up, enter Pi-hole's IP as "Preferred DNSv4 server" **and** "Alternative DNSv4 server" in
``` plain
```plain
Internet/Account Information/DNS server
```
@@ -61,7 +61,7 @@ If only this configuration is used, you won't see individual clients in Pi-hole'
There is no option to set the DNS server for the guest network in
``` plain
```plain
Home Network/Network/Network Settings/IP Addresses/IPv4 Configuration/Guest Network
```
@@ -95,7 +95,7 @@ Unique local addresses (ULA) are local IPv6 addresses which are not routed on th
To enable ULA addresses, select "Always assign unique local addresses (ULA)" in
``` plain
```plain
Home Network/Network/Network Settings/IP Addresses/IPv6 Addresses/Unique Local Addresses
```
@@ -108,7 +108,7 @@ Home Network/Network/Network Settings/IP Addresses/IPv6 Addresses/Unique Local A
To obtain the new address, reconnect or reboot your Pi-hole server. The obtained ULA address of your Pi-hole can be seen when running the command
``` bash
```bash
ip address | grep "inet6 fd"
```
@@ -118,7 +118,7 @@ on your Pi-hole. This address will be used in the following section.
It is now possible to enter Pi-hole's stable IPv6 address as "Local DNSv6 server" in
``` plain
```plain
Home Network/Network/Network Settings/IP Addresses/IPv6 Addresses/DNSv6 Server in the Home Network
```
@@ -131,13 +131,13 @@ Home Network/Network/Network Settings/IP Addresses/IPv6 Addresses/DNSv6 Server i
When the Internet connection is busy, DNS queries may only be processed with a long delay. This can be avoided in the Fritz!Box by adding DNS as a prioritized real-time application. If you have not already done so, first add "`DNS`" as a new application type under
``` plain
```plain
Internet/Filter/Lists -> Network Applications -> Add Network Application
```
with the properties
``` plain
```plain
Network application: DNS
Protocol: UDP
Source port: any
@@ -146,7 +146,7 @@ Destination port: 53
and
``` plain
```plain
Network application: DNS
Protocol: TCP
Source port: any
@@ -156,7 +156,7 @@ Destination port: 53
This entry can then be added under
``` plain
```plain
Internet/Filter/Prioritization -> Real-time applications -> New rule
```
@@ -171,13 +171,13 @@ After configuring the Pi-hole as the network's DNS server, the setup is complete
If not already present, create two access profiles (e.g. "`Standard`" and "`Unrestricted`") under
``` plain
```plain
Internet/Filters/Access Profiles -> Manage and Optimize Access Profiles
```
In the profile "`Standard`" add the network application "`DNS`" ([created above](#optional-increasing-the-priority-of-dns-requests)) under:
``` plain
```plain
Advanced settings -> Locked network applications
```
@@ -185,7 +185,7 @@ In the profile "`Unrestricted`" "`DNS`" must *not* be set as blocked.
Now the access profiles under
``` plain
```plain
Internet/Filters/Parental Control -> Change Access Profiles (at the bottom of the page)
```
@@ -193,13 +193,13 @@ are configured such that *all* devices *except* the Pi-hole (including "`All oth
You can easily test whether this is working by trying
``` bash
```bash
dig google.com @8.8.8.8 +short
```
once on your Pi-hole and once on any other device in your network. While the query on your Pi-hole should return an IP address as expected, you should see an error such as
``` plain
```plain
;; communications error to 8.8.8.8#53: host unreachable
```

6
docs/routers/ubiquiti-usg.md
View File

@@ -7,7 +7,7 @@ This guide was developed using a Ubiquiti Cloud Key v2 with UniFi Network v7.1.6
SSH into your Raspi. A quick `ifconfig eth0` (substituting `eth0` for the applicable network interface) will get you the address information:
```
```text
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.0.9 netmask 255.255.255.0 broadcast 192.168.0.255
inet6 2001:470:5:3::8ed prefixlen 128 scopeid 0x0<global>
@@ -26,7 +26,7 @@ Take note of the `inet` address, and the `inet6` address which starts with `fe`
Choosing this option will have DNS queries taking the following path:
```
```text
(Clients) -> Pi-hole -> Upstream DNS Server
```
@@ -48,7 +48,7 @@ All client devices on your network should now automatically be configured with a
If you'd rather have your USG forward all DNS traffic to Pi-hole, you can complete this *alternative* step. Doing so will have DNS queries taking the following path:
```
```text
(Clients) -> USG -> Pi-hole -> Upstream DNS Server
```