Introduction
Pi-hole provides numerous benefits as a network-wide ad blocker and privacy tool. It eliminates annoying ads and pop-ups across all devices, resulting in a cleaner and more streamlined browsing experience.
By blocking ad-related domains, Pi-hole accelerates webpage loading times, saving bandwidth and reducing data consumption.
It also enhances online security by blocking access to malicious domains and preventing tracking and data collection by advertisers.
Overall, Pi-hole offers an effective and convenient solution to improve browsing speed, reduce data usage, bolster privacy, and enhance online security and this is a guide on how to setup a pi-hole.
EtherApe
Using EtherApe, I'm going to demonstrate the effectiveness of Pi-hole on a well established bastion of truth and a British institution (cough) and particularly high in Adverts, the Dailymail.
Before the Pi-hole is enabled there's numerous and sustained....
Video pop-ups
Header Ads
Ads on both sides of the news articles
The network noise is... outrageous, both in the number of connections to Ad-sites and the amount of traffic, represented by the heat map.
After the Pi-hole is enabled:
Video pop-ups - gone
Header Ad - gone
Ads on both sides of the news articles - gone
EtherApe is showing a much calmer heat map with farless outbound connections.
Equipment
The following equipment is required, mines from Amazon.
Raspberry Pi 4 Model B - £97.99
SanDisk 128Gb Extreme microSDXC - $16.99
Raspberry Pi 4 USB-C Power Supply - £11.99
Total £126.17
Raspberry Pi Installation
Raspberry Pi makes downloading and burning the image to SSD easy, needing only the Imager executable.
Download and install from https://www.raspberrypi.com/software, the wizard will guide you through the burning process.
Run the Imager and select Operating System.
Select 'Raspberry Pi OS (64-bit)'.
Insert the microSSD into the PC and select Storage and then choose the correct storage.
Click on the cog:
Set credentials, used to manage the pi-hole.
Enable SSH
Save
Click on Write and Yes to the warning message.
The writing process takes a while, its exhausting work, go and top up with a coffee.
Click continue.
If the Format Disk message appears select Canel.
Remove the microSD card from the PC and insert it into the Raspberry Pi device.
Attach the power and ethernet cables, it will power on automatically.
Pi-hole installation
There are a couple of options for the initial configuration, including connecting a monitor, keyboard and mouse.
I've opted for interrogating DHCP for the IP address of the pi-hole, then reserving.
Putty to the to the IP address.
Type admin and the password set earlier.
The first item on the itinerary is installing the latest patches for Raspberry Pi :
sudo apt-get update
sudo apt-get upgrade
I'm stuck behind a firewall and need to point the pi-hole to an internal timesource.
Configure NTP.
sudo nano /etc/systemd/timesyncd.conf
NTP=192.168.0.249
To save changes.
Ctrl + o (output to file)
Ctrl + x (exit file)
sudo timedatectl set-ntp true
sudo reboot
Log back on via Putty
Installing Pi-hole is one command, followed by a wizard.
curl -sSL https://install.pi-hole.net | bash
Click Ok to start the Pi-hole configuration.
Read and then click Ok.
Continue.
Yes to set the current IP address assigned.
Ignore, the IP has been reserved in DHCP.
Select the preferred DNS server or add custom DNS entries.
You may wish to consider doubling up on the DNS filtering with the following free services.
OpenDNS provides Family Sheild for blocking adult content:
208.67.222.123
208.67.220.123
Cloudflare provides 1.1.1.1 for Families with the following 2 options
Malware Blocking Only:
1.1.1.2
1.0.0.2
Malware and Adult Content
1.1.1.3
1.0.0.3
Yes to install the default block list.
Yes to install the Admin Web Interface.
Yes to install the pre-requisites.
Yes to enable logging.
Of course, I want to see everything.
Make a note of the Web Admin password and Ok.
The Web Admin password will be updated to something more complex later.
Pi-hole Configuration
Open a browser and enter the IP of the Raspberry Pi, enter the Web Admin password.
Clearly, the most important issue to resolve is the interface, go to the Web Interface in Tools and set the Start Trek theme.
Pi-hole block lists are extensible, consider adding the following adlists.
Don't feel it necessary to add all the lists at once, one at a time and test, some lists may be too restrictive and you'll be forever whitelisting.
Adaway Default Blocklist: Blocking ads and known tracking domains.
https://adaway.org/hosts.txt
OISD: Blocks most Ad, Malware, Porn etc.
https://oisd.nl/setup
EasyList: A popular list that blocks various types of ads.
https://easylist.to/easylist/easylist.txt
EasyPrivacy: A list that focuses on blocking privacy-invading trackers.
https://easylist.to/easylist/easyprivacy.txt
MVPS: Blocks ads, banners, and known malicious sites
http://winhelp2002.mvps.org/hosts.txt
AD Guard DNS Filter: A DNS filter list by AdGuard that blocks ads and trackers.
https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt
Chad Mayfield: Porn Filter
https://raw.githubusercontent.com/chadmayfield/my-pihole- blocklists/master/lists/pi_blocklist_porn_all.list
Click on ADLists and add the URL's.
Pi-hole won't automatically block the additional lists, they require processing.
Click on Tools and then Update Gravity and Update.
Gravity will require monthly checks as the online lists are amended.
Updating the Web Admin Password to something a little more complex via Putty. Login with admin and the initial password set in Imager, then type the following.
pihole -a -p
Maintenance
Updating Raspberry Pi and Pi-Hole is essential for security and stability. Regular updates patch vulnerabilities, protecting against cyber threats. They improve system performance and fix bugs.
Every month run the following commands by logging in via Putty and the admin account.
Update Raspberry Pi OS
apt-get update
apt-get upgrade
Update Pi-hole
pihole -up
Update Gravity
pihole -g
Update the Client's DNS Settings
Home User
For home users, DNS, the bit that resolves domain names to IP addresses is handled by the router, either BT, Virgin or Sky etc. Due to the different types of router and potential configurations I'm unable to provide clear and concise guidance. The router's DNS settings need updating to that of the IP of the pi-hole.
My Setup
Meh what can I say, it flips between 2 configurations depending on the cost of energy, my preferred setup is definetly off the cards at this moment.
Current config, a pair of Pi-holes act as DNS proxies, with forwarders from the Domain Controllers (DC's). All client resolution is via the DC's.
Or my preferred setup. The clients point their DNS to a pair of Pi-holes, these pass any queries on to the DC's and finally proxy out via a pair of synology NAS's. The benefit of this config, the Pi-holes log the clients hostnames. The downside is the cost of running the hardware.
Thanks for your time and support by reading this blog. If you found it useful, please share.
Comments