OP here. Pi-hole was designed to run on a home network, so the DNS service is wide-open to everyone. The admin panel is also listening on the same interface as the DNS server. Even unauthenticated users can access the web panel and view some basic stats without logging in.
The general recommendation is setting up OpenVPN (or similar) and make Pi-hole listen on the tunnel interface.
The general recommendation is setting up OpenVPN (or similar) and make Pi-hole listen on the tunnel interface.
Luckily, the Pi-hole project is publishing a guide for this: https://github.com/pi-hole/pi-hole/wiki/OpenVPN-server:-Setu...