Credits: The creators of the awesome Pi-hole© project (here and here).
Why? The Pi-hole© project allows you to run your own DNS sever that is separate of any router/modem, allowing much you more control and visibility in your network. You can see what devices are doing what name look ups and spot patterns such as if a device is being overly chatty (Samsung TV's are notorious for this), mis-configured or up to something malicious (such as DNS tunneling, cryptolocker, etc.). Plus, advertisements are blocked, well, never actually downloaded in the first place. When a domain that blocked is queried, Pi-hole responds with the address of 0.0.0.0 instead of forwarding to the upstream DNS server and getting something like 12.132.445.96. Since 0.0.0.0 is not a real or even a routable IP address, the domain is sinkholed.
Purpose: To obtain greater visibility and security in a small to medium sized networks. Probably not for corporate networks, but can be used as an upstream forwarder after a Domain Controller, for example.
1) A Raspberry Pi, a physical or virtualized Linux server or container.
2) Root access to said device
3) 15+ minutes
How Pi-hole© works: My understanding and this is a very high overview, is that the engine behind the project, uses a customized version of dnsmasq, a well known DNS forwarder and DHCP server. Written in C, FTLDNS™ collects, displays, forwards the query. Much of the data is stored in RAM, hence the 'FTL' (Faster than light). More information on FTLDNS™, dnsmasq, and Pi-hole are here, here and here. The whole project is Star Trek themed, so it has been fun looking through the source code at some of the variable names that are used.
How to install Pi-hole© : The project creators have really great documentation on how to install the software and even have a bash script that automates the whole process for you. So, installation is not covered here.
Pi-hole for network security©: Why not just use Cloudflare, Google DNS, or the ISPs DNS and call it good? For one, you have little to no granular data about DNS queries inside the network unless you have something in place for this already. The value from an Info Sec standpoint is that you can easily see what device is requesting what domain to be resolved and when. If a device was infected with something, one could query the Pi-hole© database to see those details. In addition, if you wanted to you could add you own blacklist/whitelist entries. And for added security, you could just use Cloudflare as the upstream DNS server to get the benefits of that service while having local access to the DNS information.
About me: I am an IT professional who is passionate about technology and it's uses to propel people to their potential. I would love to talk to you!