1. 9
  1.  

  2. 6

    Posts like these always make me feel like I’m living on another planet than some people. Why use docker? Why use a pi-hole at all? Is this all just for the web interface?

    I personally think it’s much better to run DNSCrypt Proxy and just either point it to an upstream adblocking DNS or host my internal one with it’s own set of blocklists that use the same list from the Pi-hole. That could probably even be simplified to a set of firewall rules instead of DNS, or just DNS local resolver without DNSCrypt.

    1. 3

      I signed up for NextDNS about two weeks ago due to some excited Slack chatter about it (and to test my Handshake domain) and I quite like it. I’m gonna see about applying it to my router, if possible, next week.

      1. 3

        Honestly I just use one of the public resolvers that does AdBlocking on my phone or mobile device and at home I run an internal resolver that blackholes using the uBlock origin lists and a tiny script that turns it into unbound format. All of these solutions seem… Massively complex for what they really are.

        1. 1

          Oh that’s neat, thanks for sharing!

          1. 1

            Since public resolvers can see DNS request originating from your network, the privacy impact can be quite severe. I’d suggest to choose your upstream provider wisely. That’s why I’d never chose a public DNS server from google for example. Since you are already running unbound, you could also chose to take another way:

            I’ve set up unbound to query the root dns servers directly and increased cache size to 128 megs. When the prefetch option is set, cache entries are revalidated before they expire. Not only does this increase privacy, but also dramatically reduces response times for most sites when the cache is warmed up. Be aware that the DNS traffic goes up by around 10 percent or so.

        2. 2

          People don’t understand how things work, so instead of learning how to build something simple, the, throw heaps of complex software on top of each other, because that is how things are done in 2020.

          I too have a cron job that creates an unbound block list. The great thing is that I can easily debug it, because I understand all of it

          1. 1

            How many devices do you own that talk to the internet?

            If it’s literally just me, then I would configure a thing on my laptop and call it done. I live with a bunch of other people, and even if I could individually configure all of their devices (some of them are too locked down for that), I wouldn’t really want to have to learn how to configure ad blocking on six different operating systems from three different vendors.

            A centralized solution is actually easier, and it inherently gives ad blocking to everyone. It also has a web interface, so you can teach someone how to turn the ad blocker off if they really, really need to, but turning it off is enough of a pain in the neck that they usually just decide that reading such and such a listicle isn’t work it.

            1. 1

              8 physical devices and 30 virtual machines (technically 20 talking to the internet because the others are active directory labs for testing and they switch around depending on my needs). The reality is that if I were in your situation I’d just set my router to give out the DHCP nameserver for dns.adguard.com or to the local resolver to recurse up. That wouldn’t even require software installs but does rely entirely on a third party resolver.

              1. 1

                That would’ve been an option, too. I did consider it.

                OTOH, as you mentioned, “is it just for the web interface?” Yes, that’s one of the biggest reasons.

          2. 2

            If you like k8s, there’s some Helm charts for deploying PiHole to your cluster. It’s been running mostly ok for me here for months.

            1. 1

              git clone [email protected]:pawurb/pi-hole-docker-compose.git

              :)