Find a problem they are experiencing and introduce them to a solution they can self-host to fix it. Expand from there.
I began my self-hosting journey 7ish years ago with media piracy and a desire to watch/access my files wherever I was. Learned of Plex, then Emby, Reverse Proxies, Domains, SSL, and on and on...
Today I'm running 24+ docker containers and some miscellaneous stuff, across 3 systems; that's always accessible via my domain/vpn.
what does not work:
- i can not ping server.local (- for testing i have to stop the systemd-resolved.service to run the dnsmasq server, or else there are port collisions, but that should not be the problem i guess. I am happy to hear your solution :))
- i can also not use ssh to log in to server.local, ip address works
Have you added "server.local" as a DNS record in your dnsmasq container, pointing to your servers LAN IP? Sounds like dnsmasq isn't resolving that name, which would lead to both of these 'failures'.
Oh damn, I hadn't noticed. My setup is still functioning just fine.
There is an alternative though: Orbital-Sync
I haven't actually used it, so I can't say much about it; but I'll probably look into replacing gravity-sync with that.
https://docs.pi-hole.net/guides/dns/cloudflared/
I use this to translate DNS to DoH, and use cloudflare, and quad9 upstream.
environment:
- TUNNEL_DNS_UPSTREAM=https://1.1.1.1/dns-query,https://1.0.0.1/dns-query,https://9.9.9.9/dns-query,https://149.112.112.9/dns-query
Haven't really noticed any DNS based lag.
Why not both?
My primary DNS is pihole on a rpi dedicated to the task; but I run a second instance of pihole via my main docker stack for redundancy. Should one or the other be unavailable, there's a second one to pick up the slack.
I just provide both DNS IPs to LAN clients via DHCP.
Gravity Sync is a great tool to keep both piholes settings/records/lists in sync.
Same, though I'm using acme.sh and DNS-01. (had to go look at the script that triggers it to remember, lol)
I check the log file my update script writes every few months just to be sure nothings screwy, but I've had 0 issues in 7 years of using LE now.
A paid cert isn't worth it.
I can't speak for OP; but I'm interested in exploring the entire toolbox, not just 'the official family'/what the one set of developers make.
https://docs.pi-hole.net/guides/dns/cloudflared/
I use pihole+cloudflared to translate all DNS requests on my LAN to DoH requests. Regular DNS isn't permitted to leave my network. (port 53 outbound is blocked)
Can't redirect/modify/monitor DoH requests like you can plain DNS.
If they are like me, they have probably already found ways to watch porn, monitor their crush's computer, read their email, and get into their webcam.
I got into quite a bit of similar mischief as a (pre)teen; but I didn't do any of it on equipment that I knew was monitored (at least, monitored and signed out to me....)
And again; I think that's a bit of a separate issue. These devices shouldn't be equipped with cameras, let alone have the camera monitored/accessible.
The actual activity happening on the device; running applications, what's on screen/in storage, even it's location (with informed notice of said tracking) sure. but there's no need to monitor/access the camera regardless of how or where the device is used.
A simple piece of tape fixes this problem. (plus education to teach students why, ofc)
I host my own vpn from home, which keeps me behind my pihole(s) and able to access my private services without exposing them to WAN.
Also secures my mobile traffic from snooping/modifying while on public networks.