Pi-Hole Setup Tutorial

[izzuken]

Sorry for stupid question - is it possible to run this in a virtual machine under windows?

[ageekhere]

If you have pfsense you can set this up on the router using squid and squidguard. You can also create a rule that will force the network to use the route as the DNS server.

You can read the guide here https://forum.netgate.com/topic/100342/guide-to-filtering-web-content-http-and-https-with-pfsense-2-3

[Miya Zero]

Would it be possible to run it on Docker through a Synology NAS?

[DeepFriendLettuce]

I would love to see an extended guide on this about blocking adult sites on your network. 

[pamdemonia]

7 hours ago, Symphler said:

 

Hmm.. So let me get this straight... in this world of wireless communication there are three levels. I know this might sound like a big question but could you explain how the internet works or perhaps link me to a resource to help me understand?

From what I've read on the internet there's many layers. But here's what my understanding of the internet.

 

1) The internet is a bunch of connected servers that can communicate with each other.

2) ISPs (Internet Service Providers) act as a utility service to provide create the (hard-wired [like broadband or by satellite]) connection from one's home to have access to the internet.

3) The wires travel through a medium (light/sound/electric pulses) and must be translated through the modem which interprets this into websites/useful information.

4) Since most people have multiple devices, people use routers to "route" traffic and information to different devices.

5) Within this router, there are different channels that each device must speak through and these are called IP addresses.

6) IP addresses are identifiers that computers have so that packets of data know where to go. And there are many categories of IP addresses, but some categories are static addresses, dynamic addresses, local addresses, 

 

Linus explains in the video (2:28 - 3:30) the RPI acts as a sinkhole such that ad-based addresses are redirected to NULL thus "blocks" the ad.

 

Now when I was attempting Step 5 of the tutorial I didn't actually need a static IP address from the ISP, what I had to do is first redirect my data packets to the RPI (which acts as a fake static IP address or a "local" address) then the Pi will filter that data and send only non-ad related IP addresses to be fulfilled.

 

Thanks so much for reading and replying, and I urge you to correct me, or lead me in the right direction if I provide inaccurate information as this is an important part of knowledge I wish to understand better.

Yeah, that's pretty much it! Hope I was somewhat helpful. 

[Anonemous]

On 8/19/2019 at 3:47 PM, GameMaster2030 said:

For anyone who also cares about privacy I would recommend setting up DNS over HTTPS, that way all your requests are encrypted. You can find the official guide here. 

 

Thanks for the guide.  I got stuck in the middle when they start asking you to create the configuration files.  Hopefully I got it work (don't really use Linux that much).  I just want to make sure I did everything correct and maybe provide some clarification to the guide to help others.

 

So when they ask to create the cloudflared configuration files by copying the following in to /etc/default/cloudflared . I just typed in the command into putty:

 

"sudo nano /etc/default/cloudflared"

 

Cut and paste the text box ... "#Command line args for cloudflared..."

Hit Ctrl-S to save and then Ctrl-X to escape the text editor.

 

followed the rest of the commands line by line

 

Then I created the systemd script using the same process:

 

"sudo nano /lib/systemd/system/cloudflared.service"

 

Cut and pasted the text box into the text editor. CTRL-S then Ctrl-X to exit.

 

I then pasted and ran the 3 command lines:

sudo systemctl enable cloudflared
sudo systemctl start cloudflared
sudo systemctl status cloudflared

But that last command for status went into a loop and wouldn't stop so I had to terminate it using Ctrl-Z.

 

When I  ran the next command:

 

"dig @127.0.0.1 -p 5053 google.com"

 

It gave a similar output so hopefully I didn't make any mistakes.

 

Thanks again.

 

[NystriX]

Do I need a permanent IP or a normal one is fine aswell

[jjk9]

52 minutes ago, NystriX said:

Do I need a permanent IP or a normal one is fine aswell

The device Pi-hole is installed on needs a fixed IP address as that is the address you need to enter into your routers or devices dns setting.

[NystriX]

2 minutes ago, jjk9 said:

The device Pi-hole is installed on needs a fixed IP address as that is the address you need to enter into your routers or devices dns setting.

The Pi-hole has a static IP or he needs to get it from the router?(sorry for the silliness I have zero knowledge about this subject)

 

Does it matter if the IP address is static or changing sometimes? 
I need to know cuz a static IP is an extra-fee from my internet provider...

 

sry for the bad english btw

[jjk9]

22 minutes ago, NystriX said:

The Pi-hole has a static IP or he needs to get it from the router?(sorry for the silliness I have zero knowledge about this subject)

 

Does it matter if the IP address is static or changing sometimes? 
I need to know cuz a static IP is an extra-fee from my internet provider...

 

sry for the bad english btw

You need to set up a static IP address either on the Pi-hole device or through your router by assigning a IP address to the device. Internet provider static IP I think is for connecting to your router from outside your network which you don't need for this.

[deadpoolsITguy]

I have done this with a Virgin media superhub 3 (im in the UK) and it works like a dream. I ended up disabling the Superhub DHCP and enabling it on the Pi Hole and this has made it much better as now the DNS is automatically applied to all devices and i dont have to look at that crappy webporal for the superhub anymore.

[chuckydude]

So I set this up and its really cool. Just ordered the a pi zero w kit from amazon followed the guide and everything is working great. I wanted to enable this at a router level but my charter router does not allow me to change dns settings. The drop down box is greyed out. So I set it up on every device in my home instead. On my pc i never get any ads at all now. but on my phone oneplus 7 pro and my apple tv and wifes iphone still seeing tons of ads on every youtube video.

[jakkuh_t]

1 minute ago, chuckydude said:

So I set this up and its really cool. Just ordered the a pi zero w kit from amazon followed the guide and everything is working great. I wanted to enable this at a router level but my charter router does not allow me to change dns settings. The drop down box is greyed out. So I set it up on every device in my home instead. On my pc i never get any ads at all now. but on my phone oneplus 7 pro and my apple tv and wifes iphone still seeing tons of ads on every youtube video.

Pi-Hole isn't great at blocking YouTube ads because YouTube's ad URL's change constantly (at least from what I've heard)...

 

Try some Google Fu, there might be some better block lists for YouTube out there, than what is available in the defaults. 

[2FA]

18 hours ago, Miya Zero said:

Would it be possible to run it on Docker through a Synology NAS?

You should be able to, there is a Docker image for it.

[zosha]

Hi , 

i installed it with curl -sSL https://install.pi-hole.net | bash

on my intel NUC running Ubuntu 

it works !

[Psywar]

Thank you guys for the video - I have been considering doing this for a couple years.
When I heard that Google was going to remove the adblocker extension from Chrome it pushed me over to use my rPi to create this.

[Kisai]

On 8/29/2019 at 8:48 PM, Phenix51 said:

I would love to see an extended guide on this about blocking adult sites on your network. 

That would just be adding more sites to the blacklist.

 

Keep in mind that the this entire pi-hole solution is NOT a proxy or a firewall, it's a DNS relay. If you want to block access to adult sites you have to null-route the actual IP addresses they operate on. If they're behind a CDN however (eg cloudflare) that won't help you block it.

 

If you know certain people in your house/business have a penchant for visiting a certain site, log the DNS requests and then block them. Then they would have to manually set the DNS in their computer to access it, but you can also just block the ip addresses at your router that point the landing pages of the sites, and that saves having to deal with the DNS at all.

 

Which is the problem with this pi-hole solution. This is a solution for blocking ads, not entire sites. Ads domains change frequently, and (presumably) the most effective way of blocking ads is by setting the ip address of the javascripts domains (or better yet the javascript frameworks like jquery) used by the ad networks, because these won't change frequently (because then the ads need to be recompiled.)

 

If you are looking for a solution to actually block sites, this is not the correct solution for people who know what DNS is. The correct solution has to sit between your internet router and your hardware connected to the router and behave as a firewall, and if you do that, you also cripple all latency-sensitive software behind the firewall. As an example, you have 5ms over fiber that travels 1000 miles, but with the firewall intercepting everything and relaying the packets, it ends up being 40ms.

[Windows Helps]

Pretty cool, I`ve set everything up and it's running, I can access it over the Browser, works like a charm.

But which of these IPs and number and stuff must I enter in my device, I don't understand which of them is which.

IP-adress

Gateway

Präfix

DNS 1

DNS 2

And now I have to enter the numbers, but I don't understand anything, but I took photos of the numbers shown in the setup.

Can anyone help me ???

[Windows Helps]

On 8/21/2019 at 8:12 AM, azariah said:

Obviously, you need iptables installed which for the docker image you'll find they aren't by default but the official docker image uses Debian so it's a trivial step to install it. Interestingly this does work to block Google's QUIC ad system which was designed to bypass this sort of adblocking solution.

But HOW can I install these iptables?

[crimsonnight]

Thanks for this guide! I have it all set up but have a few questions if you don't mind:

 

1. I have it set up to run over WiFi (Pi Zero W) so that I don't have to plug it directly into my router, but will this slow down all traffic on my network? Would it be better to buy a USB Ethernet adaptor?
2. I want to reroute all traffic to the Pi via my router, but if the Pi is off/unplugged, will it effect my network in any way?
3. I've done some research, but I can't really find a definitive answer, which Upstream DNS Provider should I use?
4. You can select multiple Upstream DNS Servers in the Pi-Hole settings - how does this work?
5. I only have a 64GB micro SD card at the moment, so I'll swap it out for a smaller one - can I just copy the files over?

[AngryBeaver]

On 8/28/2019 at 1:48 PM, steelo said:

I've done this in the past and it worked great as far as blocking unwanted ads.

 

The reason why I no longer use it though is it seemed to severely bottleneck the connection speed of my devices.

This shouldn't be the case unless you are using that same pi-hole as a full firewall or something. This only sends the DNS queries to the pi-hole which are very small in size and can happen in less than 2-3ms. Now if you are using something that is doing packet inspection of some sort then yes the old pi with only 300mb of bandwidth would be a limiting factor, but that type of software isn't pihole.

[WeeemRCB]

I thought I was pretty well covered with ABP and Ghostery, but now I have this installed, I can see what other non-browser traffic is getting through.

Especially from my "free" Antivirus sending analytics .... wth?

 

As we already use the other programs I haven't seen much of a difference ... except on Twitch.

Holy hell. Some streamers have frequent ads, but now. Nada  

 

Good to put one of my my old Pi 2b's to use too. (retired after we got an NVidia Shield)

Because the Pi2 is low power, it can run over USB, so I hooked it into the spare USB slot of our Shield which stays on 24/7  

 

The only change to our setup was to use 1.1.1.1 as a secondary DNS on our devices.

That way if something is off with the Pi then we can still access the internet.

[jackrdenick]

Can you help me run this in VMware Workstation Pro?  I can't get it to boot.

[Euchre]

On 8/29/2019 at 1:37 AM, Symphler said:

I've been trying to set this up for a couple hours now, and I realized that it might impossible for me. The step I'm stuck at-- Step 5 Now that we've found our Raspberry Pi's IP address + MAC Address, we need to assign it a static IP address-- is impossible for me because my ISP (TWC/Spectrum USA) requires users to have a "business connection" in order to obtain a static IP address or I could pay a VPN extra to have a static ip service and use that instead both of which costing money that I don't have.

I think you completely misunderstand this part of the setup. The static IP you are setting is internal, so your router doesn't use DHCP anymore. All the other devices in your network will now point to the Pi-Hole for all of their network traffic, so the Pi-Hole's IP (which is again, internal) needs to be static to act as a reliable proxy. Your external IP that shows to everything on the internet still is applied as normal by your ISP, to your modem.

[EEE]

Installed and everything is working great, with the exception of accessing via web browser (Chrome and Firefox):

 

If I put in 192.168.7.7 I get site cannot be reached

If I put in https://192.168.7.7 I get site cannot be reached

If I put in http://192.168.7.7 I get 400 Bad Request

 

I don't get any ads, and I can access it via ssh so it seems to be working.