cancel
Showing results for 
Search instead for 
Did you mean: 

Pi-Hole

SOLVED
Highlighted
Getting noticed

Pi-Hole

I came across this Story on Business Insider about TVs selling private data. I then came across users who suggested Pi-Hole for blocking DNS request from these TVs. Is there a way to duplicate the functionality of Pi-Hole on the meraki platform? 

1 ACCEPTED SOLUTION

Accepted Solutions
Kind of a big deal
10 REPLIES 10
Kind of a big deal

Re: Pi-Hole

If you block DNS queries you'll probably limit their functionality a lot - but if you want the same thing in Meraki land - just blacklist it.

Getting noticed

Re: Pi-Hole

It's probably a feature request but it would be nice to be able to add curated black and white list files. 

 

So you'd have a publicly maintained txt file of bad domains that the meraki would then check periodically and update its own firewall. Not just rely on cisco's list. 

Getting noticed

Re: Pi-Hole

Do you think it can be done through an API? I'd have a web service running and it would use the Meraki API to add the sites on a given list to my firewall? 

Kind of a big deal

Re: Pi-Hole

Will not be possible via API either. You could just setup a pi-hole and then configure it as your DNS server though.

 

Edit: Well you could block certain domains via URL filtering, but that would just stop HTTP (and HTTPS requests to a certain extent) to them, not DNS resolutions of them. And I don't seem to see an API call to edit those whitelists either.

Kind of a big deal

Re: Pi-Hole

You could just apply a Group Policy to the TV with custom L3 Firewall rules to drop UDP 53.

 

image.png

Getting noticed

Re: Pi-Hole

But legitimate DNS request would also be dropped. The problem is there are bad URLs out there that serve adware and are used by products like this TV to send user data. At the same time there are good URLs that this TV may use. Just dropping all DNS traffic isn't a good solution. 

 

What this Pi-hole does is it keeps a list of the bad URLs and drops DNS request for those URLs while letting good ones go through. The added benefit is that it acts as a network wide adblocker. 

 

I guess this really is a feature meant for a stand alone DNS server and it's crazy of me to expect it from a router. 

Kind of a big deal
Getting noticed

Re: Pi-Hole

Well then. I guess that settles that. Is Umbrella free to use?

Kind of a big deal

Re: Pi-Hole

If you have an MX with an Advanced Security Licence you should be able to just use content filtering.

https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Content_Filtering

Kind of a big deal

Re: Pi-Hole

Nope. Not free Smiley Sad

 

*Edit*

 

I think there is a free tier for Umbrella, but that's an unintegrated solution you just point your devices at. The MR integration I linked to has a cost on it. And there's also tiers in Umbrella that also cost. 

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.