- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Pi-Hole
I came across this Story on Business Insider about TVs selling private data. I then came across users who suggested Pi-Hole for blocking DNS request from these TVs. Is there a way to duplicate the functionality of Pi-Hole on the meraki platform?
Solved! Go to solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you block DNS queries you'll probably limit their functionality a lot - but if you want the same thing in Meraki land - just blacklist it.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It's probably a feature request but it would be nice to be able to add curated black and white list files.
So you'd have a publicly maintained txt file of bad domains that the meraki would then check periodically and update its own firewall. Not just rely on cisco's list.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Do you think it can be done through an API? I'd have a web service running and it would use the Meraki API to add the sites on a given list to my firewall?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Will not be possible via API either. You could just setup a pi-hole and then configure it as your DNS server though.
Edit: Well you could block certain domains via URL filtering, but that would just stop HTTP (and HTTPS requests to a certain extent) to them, not DNS resolutions of them. And I don't seem to see an API call to edit those whitelists either.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You could just apply a Group Policy to the TV with custom L3 Firewall rules to drop UDP 53.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
But legitimate DNS request would also be dropped. The problem is there are bad URLs out there that serve adware and are used by products like this TV to send user data. At the same time there are good URLs that this TV may use. Just dropping all DNS traffic isn't a good solution.
What this Pi-hole does is it keeps a list of the bad URLs and drops DNS request for those URLs while letting good ones go through. The added benefit is that it acts as a network wide adblocker.
I guess this really is a feature meant for a stand alone DNS server and it's crazy of me to expect it from a router.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Well then. I guess that settles that. Is Umbrella free to use?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Nope. Not free 😞
*Edit*
I think there is a free tier for Umbrella, but that's an unintegrated solution you just point your devices at. The MR integration I linked to has a cost on it. And there's also tiers in Umbrella that also cost.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you have an MX with an Advanced Security Licence you should be able to just use content filtering.
https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Content_Filtering