1. 58

I looked back and saw this was submitted two years ago, but it didn’t receive much attention at the time. There has been active development on it since then. Today I set up a Pi-hole server for my home network and it appears to be working great. Are any other crustaceans using this or something similar?

  1.  

  2. 19

    I’ve been running this on a Pi 3 since 2016 and it’s been great, especially to get some blocking on mobile. It blocked about 16% of all DNS queries initiated from devices in our home network, but that number goes up to 30% if I only look at queries initiated by my girlfriend’s devices (she doesn’t use anything like uMatrix or uBlock).

    30% of her traffic is no longer resolving. She never noticed any (negative) changes, so it must have been all bullshit traffic. That’s crazy to me.

    1. 11

      I run unbound and a three line bash cron-job to do the same thing. No complex untrusted install scripts, no web interface (why would you need one?) I have a recursive resolver instead of having to send everything to goog or cloudflare etc. I am pretty happy with it.

      1. 11

        why would you need one?

        1. Graphs and other visualizations without having to write the software to process logs yourself. I use the graphs to identify devices that are accessing domains excessively and block that domain if I don’t like the behavior. I’ve done that several times in the last couple of years that I’ve been using Pihole.
        2. Allowing other users without command line confidence in the home to block domains or temporarily or permanently allow domains.
        3. Quicker temporary disabling of Pihole if I hit a strange domain behavior. There’s one site one of my family members uses frequently and I use infrequently that is poorly written and requires JS loads from a bunch of blocked domains in order to work. It’s easier for both of us to load Pihole in the browser and click “disable for 30 seconds” just long enough to get past the broken page. There are no alternatives to this site.
        4. I’ve got seven blocklist sources. I could write something to handle pulling from each of these on their own schedules but Pihole covers that for me. I need only add a URL once in a while.
        5. One less system to manage. I need only keep the Pi-powered and remember to run pihole -up once every couple of weeks. I’ve not touched the base installation in forever.

        The big ones are any time a non-technical user has to use it. I’ve not set up Pihole at the coworking space I run only because having to log-in and temporarily disable it is still a PITA for some people.

        1. 4

          And what is that three line base cron-job? If there is a simple solution out there I’d love to use it.

          1. 15

            cat /etc/cron.weekly/ad-block

            #!/bin/bash
            set -e
            
            curl -s http://sbc.io/hosts/hosts | grep '^0.0.0.0' | awk '{printf "local-zone: \"%s\" refuse \n", $2}' > /etc/unbound/unbound.conf.d/adblock.conf
            
            service unbound reload
            
              1. 1

                Oh nice

              2. 3

                Is there any particular reason you chose sbc.io instead of others, e.g. pgl.yoyo.org?

                1. 4

                  It is a port of a previous dnsmaq setup I had for a while. I do not really remember why I chose that back then. Works pretty good given how little time it took to set up..

                2. 3

                  If the hosting of that file ever throws a bad response you may break unbound. The reload might harmlessly fail but the next boot will fail to start unbound.

                  Add some error handling to wipe the file if the reload throws a non-zero exit code

              3. 2

                I have a recursive resolver

                So this queries the root servers directly? I considered doing this with my unbound setup, but my ISP seems to like to poison/hijack DNS, and I couldn’t figure out a way to have this while also having something like DNS over TLS to keep them out.

                1. 5

                  yes, I use the root.hints from here: https://www.iana.org/domains/root/files

              4. 9

                I’ve been using NextDNS since they launched, and a local recursor upstreaming to it using DNS over TLS. It works very well and the devs are very responsive to bugs and feature requests.

                1. 3

                  I was relying on unbound on my router along with Steven Black’s scripts for generating/consolidating bad hosts, as well as keeping my own black/white lists. My setup worked great, but cname cloaking and automated 3rd party tracker domains meant that ads would still poke through on some sites. Blacklisting these domains as I encountered them works but it gets tedious. NextDNS is pretty good about this, and I’ve been using it for a couple weeks without complaints.

                2. 5

                  I copy the hosts file from someonewhocares.org to /etc/hosts. On Android, I use NetGuard to block ads throughout the entire system, and ublock origin + noscript (Firefox for Android supports extensions) for blocking ads on websites.

                  If I had more machines then I might run a resolver at home, but this is good enough for me.

                  1. 1

                    Same as me. There’s a great copy of a big anti-ad/anti-malware, etc hosts file on GitHub.

                  2. 5

                    I’ve been using pi-hole on my home network, and on the go via algo-pihole for maybe a month or so now. It’s been working fine. It’s not easy to tell the difference because I already run a combination of ad-/tracker-blocking extensions in my browser and on my phone. Pi-hole reports a lot of blocked domains, and it’s interesting to see where my smart devices are phoning home to (and block them if I want!).

                    I’ve also used this to block reddit at home for a while.

                    EDIT: I found dvk‘s comment very useful. I didn’t check the stats on this but: My girlfriend doesn’t run a bunch of adblockers like I do. She also hasn’t noticed any (negative) changes.

                    1. 5

                      I coincidentally set this up last week and hooboy it’s been fantastic. I finally might buy a smart tv now knowing I have an easy way to exert granular control over its mothership beams… (by which I mean any tv at all as it seems impossible to get a modern tv that’s not “smart” and yes I know I can just not use those bits but I want to use some of it sometimes…)

                      Highly recommend the pi hole though, really worth the (pretty minimal, after procuring the raspberry pi ) effort.

                      1. 4

                        I just uninstalled my Pi-hole earlier today, and replaced it with OpenWRT’s adblocker for use on my new router.

                        1. 3

                          I set up a pihole instance at work a couple of years ago and except for having to whitelist a few domains it worked great!

                          1. 3

                            I had a self-made Pi-hole-alike on a Pi but I switched it off recently. A Pi is not as reliable as the ISP-router and if it breaks while I’m at work the family becomes quite stressed. The router is not flexible enough to be configured as fallback.

                            1. 3

                              I set up my first pi-hole about a year ago. I loved it. Then, about four months ago, I accidentally hosed it up doing some other things not related to the pi-hole code.

                              I went several months without one. Wow. Even with max ad-blocking on my PCs, I noticed a difference. So this past weekend I wiped the drive and reinstalled. Yay!

                              My only remaining question: I also have a new home network situation where I’m using an ISP-provided modem to do all the DHCP work. I want to take over that in the pi, but it might be a hassle having to call the ISP. Also I am not overly impressed with the UI for the DHCP server in the pi-hole.

                              1. 2

                                I use AdGuard on all my devices that support it.

                                1. 2

                                  I have used it happily at home on a RPi via docker.

                                  1. 2

                                    I use Pi-hole and VPN on a RaspberryPi. My mobile devices are always connected to the VPN so I get ad-blocking wherever I go.

                                    Stories with similar links:

                                    1. Blocking Adware Domains & Other Unwanted Traffic via timetoplatypus 3 years ago | 3 points | no comments