Podman ftw!
Podman ftw!
Sounds like the DNS TTL (Time to Live) is set extremely low, preventing clients caching the record. Each time your browser makes a request (such as updating the graphs), it’s submitting a new DNS query each time.
According to this post, this is intentional behaviour for PiHole to support situations where you change a domain from the block to allowed. The same post also references the necessary file modifications, should you wish to extend the TTL regardless.
The only downside you’ll notice is a delay after whitlisting a domain, and it actually being unblocked. You’ll need to wait for the TTL to expire. Setting it to something like 15 minutes would be a reasonable compromise.
IPv6 has NPTv6, which allows you to translate from one prefix into another.
Useful if you’ve got dual WAN, and can’t advertise your own addressing via the ISP. You can use NPTv6 to translate between your local prefix and the public prefixes. But NPTv6 is completely stateless. It’s literally a 1:1 mapping between the prefixes.
I don’t know, but my electric bill is certainly painful.
It wouldn’t stop against volumetric attacks…
They’d still fully consume the WAN bearer regardless of Crowdsec protecting the endpoint. For that you need a scrubbing centre to dump the traffic onto.