Pi-Hole

SOLVED
trunolimit
Building a reputation

Pi-Hole

I came across this Story on Business Insider about TVs selling private data. I then came across users who suggested Pi-Hole for blocking DNS request from these TVs. Is there a way to duplicate the functionality of Pi-Hole on the meraki platform? 

1 ACCEPTED SOLUTION
10 REPLIES 10
PhilipDAth
Kind of a big deal
Kind of a big deal

If you block DNS queries you'll probably limit their functionality a lot - but if you want the same thing in Meraki land - just blacklist it.

trunolimit
Building a reputation

It's probably a feature request but it would be nice to be able to add curated black and white list files. 

 

So you'd have a publicly maintained txt file of bad domains that the meraki would then check periodically and update its own firewall. Not just rely on cisco's list. 

trunolimit
Building a reputation

Do you think it can be done through an API? I'd have a web service running and it would use the Meraki API to add the sites on a given list to my firewall? 

Will not be possible via API either. You could just setup a pi-hole and then configure it as your DNS server though.

 

Edit: Well you could block certain domains via URL filtering, but that would just stop HTTP (and HTTPS requests to a certain extent) to them, not DNS resolutions of them. And I don't seem to see an API call to edit those whitelists either.

You could just apply a Group Policy to the TV with custom L3 Firewall rules to drop UDP 53.

 

image.png

trunolimit
Building a reputation

But legitimate DNS request would also be dropped. The problem is there are bad URLs out there that serve adware and are used by products like this TV to send user data. At the same time there are good URLs that this TV may use. Just dropping all DNS traffic isn't a good solution. 

 

What this Pi-hole does is it keeps a list of the bad URLs and drops DNS request for those URLs while letting good ones go through. The added benefit is that it acts as a network wide adblocker. 

 

I guess this really is a feature meant for a stand alone DNS server and it's crazy of me to expect it from a router. 

trunolimit
Building a reputation

Well then. I guess that settles that. Is Umbrella free to use?

jdsilva
Kind of a big deal

Nope. Not free 😞

 

*Edit*

 

I think there is a free tier for Umbrella, but that's an unintegrated solution you just point your devices at. The MR integration I linked to has a cost on it. And there's also tiers in Umbrella that also cost. 

PhilipDAth
Kind of a big deal
Kind of a big deal

If you have an MX with an Advanced Security Licence you should be able to just use content filtering.

https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Content_Filtering

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels