Raspberry Pi-hole

Christoph Dähne18.11.2021
Tech

As mentioned in my previous blog post I use a Raspberry Pi server in my local network/LAN. So far it hosts two applications: Pi-hole for ad-blocking and HomeGallery as an internal photo gallery. In this blog post I explain the installation and configuration of the Pi-hole. 

Pi-hole Logo

Pi-hole

Pi-hole is a local DNS which blocks domains used for ads and tracking. The current default blocklist contains over 93,000 entries which the Pi-hole resolves to 0.0.0.0 thus making the domain inaccessible (for everyone using your Pi-hole as DNS). Installation is straight forward as you see in the installation instruction.

# login to your Raspberry # (see previous blog post) sudo su # download and execute install script curl -sSL https://install.pi-hole.net | bash # follow the steps in the wizard

This is the easy part. I recommend to install the Web UI. You can access it via the IP of your Raspberry server, e.g. http://192.168.12.34/admin. You can also use a local domain name, such as raspberry.lan or similar. I'll cover this in a later blog post. If everything works, you can already query your Pi-hole DNS using the following command.

# execute on your local machine dig @192.168.12.34 sandstorm.de

You should see a result like the following.

; <<>> DiG 9.10.6 <<>> @192.168.12.34 sandstorm.de ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40539 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;sandstorm.de. IN A ;; ANSWER SECTION: sandstorm.de. 51 IN A 178.63.128.131 ;; Query time: 51 msec ;; SERVER: 192.168.12.34#53(192.168.12.34) ;; WHEN: Wed Nov 17 20:07:47 CET 2021 ;; MSG SIZE rcvd: 57

Now comes the tricky part: in order to enable the Pi-hole for all devices in the network (even those which have not joined yet) you have to configure your DHCP (probably in your router) to send the Pi-hole IP as default DNS to all clients. Please search the settings of your DHCP (and the web). I cannot help you on this since routers are rather different. My Amplifi HD router allows to set the DNS via a smartphone app but does not send the configured DNS via DHCP — unless you disable some caching option you can only see in the Web UI and not in the smartphone app.

After you changed your DHCP settings and your client received the new DHCP information, querying a blocked domain should look like this.

dig trace.svc.ui.com ; <<>> DiG 9.10.6 <<>> trace.svc.ui.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36035 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;trace.svc.ui.com. IN A ;; ANSWER SECTION: trace.svc.ui.com. 2 IN A 0.0.0.0 ;; Query time: 50 msec ;; SERVER: 192.168.12.34#53(192.168.12.34) ;; WHEN: Wed Nov 17 20:17:09 CET 2021 ;; MSG SIZE rcvd: 61

Note that the Pi-hole is rather strict by default and something might not work anymore. You can always allow certain domains. Personally I added some to enable my YouTube history again, namely:

s.youtube.com video-stats.l.google.com
Pi-hole Whitelist UI

 

Individual clients in your LAN can opt-out by overriding the DNS provided via DHCP. Those clients are unaffected by the Pi-hole.

Thanks for reading this far. If you want to learn more check the website of the Pi-hole. It is an open source project so feel free to contribute or donate. As always, please get in touch if you have questions or feedback.

Autor:in

Rasperry Pi Hole Logo
Christoph Dähne