## Operation: Network Sinkhole

One of the most critical steps in securing any network—whether it is an enterprise environment or a home network—is controlling the DNS traffic.

For my current home lab architecture, I wanted a lightweight, low-overhead solution to act as a network-wide ad blocker and security sinkhole.

### The Stack

* **Hardware:** Raspberry Pi

* **OS:** DietPi (chosen for its incredibly minimal footprint)

* **DNS Sinkhole:** AdGuard Home

* **Dashboard:** Heimdall

### Deployment Notes

Running DietPi on the Raspberry Pi drastically reduces the background noise compared to a full Raspberry Pi OS deployment. AdGuard Home was deployed to intercept all outbound DNS requests, immediately blacklisting known malicious domains, trackers, and ad-serving networks before they ever reach the endpoints.

To keep everything centralized, I spun up Heimdall as the primary dashboard. It gives me a clean, quick-glance interface to monitor the AdGuard metrics and easily access my other local web services without having to memorize a dozen different local IP addresses and ports.

Next up on the lab block: segmenting this setup further and diving deeper into the firewall traffic logs.