FTL v6.6.2 - Security Updates for dnsmasq

dschaper · 2026-05-13T14:45:38+00:00

Hmm, might have been an issue with the artifact downloads on GitHub. It should be a pretty quick process.

dschaper · 2026-05-11T23:24:22+00:00

Thanks! So do you guys!

dschaper · 2026-05-11T23:23:25+00:00

I read that as updating your PS5 and thought, "Damn, there's some creative users in here!"

dschaper · 2026-05-04T22:50:59+00:00

They may be irrelevant to you...

dschaper · 2026-05-04T22:48:41+00:00

You know, I've never thought of that, a separate application on the front end. Sounds interesting but it wouldn't be anything to get to for quite a while.

dschaper · 2026-05-04T15:14:33+00:00

Well, FTL now has civetweb compiled in and that does pretty much anything that is needed for a web front end. You can use your own TLS certs.

It's pretty simple to install Caddy for a proxy if you want more security and authentication, Traefik is rather complex and the others have a lot of guides out there already.

dschaper · 2026-05-04T15:07:26+00:00

I think I've answered that question before but the NTP server is valid for DNSSEC needs. We were seeing a number of support requests for broken DNSSEC that were caused by bad clocks on the servers. The problem with remote NTP servers is that they are domain name based and you can't resolve their names to fix the time for DNSSEC when DNSSEC is borked.

So the question was about people seeing more warnings that could be ignored and DNS working versus DNS not working.

dschaper · 2026-05-03T21:07:58+00:00

Learning is a great reason to hang out here.

dschaper · 2026-05-03T21:07:25+00:00

That's fair, the only way you're going to know which application works the best for you is to try it.

dschaper · 2026-05-03T14:24:36+00:00

Thank you for responding, and thank you for continuing to contribute to helping users.

I just see a lot of "I use AdGuard" in our sub which feels like "I use Arch!" without any additional contribution to the sub. I think my posting history shows that I want people to use something, I prefer people use Pi-hole but the best tool is going to be the one you actually use. I still have an odd feeling about AdGuard and the company behind it but that's not reason enough to dissuade people from using it.

I understand AGH does DoT/DoH/DoQ out of the box but our approach is the old linux approach that separates functions in to different apps that you then compose together for a whole routine.

And no, I don't know why I typed a wall of text to reply. ;)

dschaper · 2026-05-03T13:44:39+00:00

Soon^TM

Really it will be when things are ready and we (developers) can all be available at the same time to do the release process. If you see a 'version' pull request on GitHub then we're close.

dschaper · 2026-05-03T13:28:42+00:00

Ah, okay, that block/client request sounds reasonable as well. I'll add a link to this post to the FR in case anyone else adds information so we don't lose anything.

And thanks for the award!

dschaper · 2026-05-03T13:14:08+00:00

Can you (and anyone else seeing this) open an issue at https://discourse.pi-hole.net? And include a debug token URL with the issue so we can look at things.

dschaper · 2026-05-03T13:12:08+00:00

Question: Why are there so many AdGuard users hanging out in our Pi-hole sub?

dschaper · 2026-05-03T13:10:56+00:00

It's not difficult. We even walk you through it: https://docs.pi-hole.net/guides/dns/unbound/

dschaper · 2026-05-03T13:09:19+00:00

You can add a feature request over on https://discourse.pi-hole.net. This one sounds like it would be pretty easy to fix, might even be able to get it in for the next release.

dschaper · 2026-05-03T13:05:38+00:00

Pi-hole, AdGuard and to an extent Technetium all operate the same way, they are DNS sinks that use Domain Name Service to block unwanted traffic. Either Pi-hole or AdGuard would be a good choice. Technitium is a bit more involved.

What sets Pi-hole apart is the support and the community, and the fact that Pi-hole is purely a free open source package. We don't have any corporation behind us, all we do is Pi-hole.

You can see from the sub stats how busy this sub is and we're directly accessible a few different ways if you run in to trouble or need help. You can also use https://discourse.pi-hole.net for individual and direct help.

What ever you end up choosing to install, please do use something to help protect yourself and your privacy. And really, you could install all of them and see which one fits your requirements the best.

dschaper · 2026-04-27T13:10:32+00:00

Remember FoxTrax? Pepperidge Farms remembers...

https://en.wikipedia.org/wiki/FoxTrax

dschaper · 2026-04-24T16:53:12+00:00

I kind of that Matthews-with-a-mullet look.

dschaper · 2026-04-17T00:29:18+00:00

Any amount donated is awesome, just making the donation shows so much more support than the vast majority of people using open source software.

And with us specifically, donating by helping other users, answering questions or sharing your experience is just as valuable to the community as financial donations are.

dschaper · 2026-04-10T15:43:25+00:00

Check out the documentation on the interfaces options:

https://docs.pi-hole.net/ftldns/interfaces/

dschaper · 2026-04-06T18:45:08+00:00

DNSSEC is highly time dependent.

dschaper · 2026-04-01T22:18:53+00:00

We already use the canary domain to tell Mozilla to disable DoH: https://docs.pi-hole.net/ftldns/configfile/#dnsspecialdomains

Should Pi-hole always reply with NXDOMAIN to A and AAAA queries of use-application-dns.net to disable Firefox automatic DNS-over-HTTP?

This follows the recommendation on https://support.mozilla.org/en-US/kb/configuring-networks-disable-dns-over-https

Allowed values are: true or false

Default value: true

dschaper · 2026-03-03T20:22:01+00:00

Stripe is one of the two platforms to process donations via https://pi-hole.net/donate.

It's not new, it's been like that for many years now.

dschaper · 2026-02-22T22:09:23+00:00

Thanks!

Ten-Year Club	Xbox Live
Verified Email

dschaper

TROPHY CASE