Hardware, Open Source, Technology News

Blocking ads before they enter your house at the DNS level with pi-hole and a cheap Raspberry Pi

Tags: ,


Lots of folks ask me about Raspberry Pis. How many I have, what I use them for. At last count there’s at least 22 Raspberry Pis in use in our house.

A Pi-hole is a Raspbery Pi appliance that takes the form of an DNS blocker at the network level. You image a Pi, set up your network to use that Pi as a DNS server and maybe white-list a few sites when things don’t work.

I was initially skeptical, but I’m giving it a try. It doesn’t process all network traffic, it’s a DNS hop on the way out that intercepts DNS requests for known problematic sites and serves back nothing.

Installation is trivial if you just run unread and untrusted code from the ‘net 😉

curl -sSL https://install.pi-hole.net | bash

Otherwise, follow their instructions and download the installer, study it, and run it.

I put my pi-hole installation on the metal, but there’s also a very nice Docker Pi-hole setup if you prefer that. You can even go further, if, like me, you have Synology NAS which can also run Docker, which can in turn run a Pi-hole.

Within the admin interface you can tail the logs for the entire network, which is also amazing to see. You think you know what’s talking to the internet from your house – you don’t. Everything is logged and listed. After installing the Pi-hole roughly 18% of the DNS queries heading out of my house were blocked. At one point over 23% were blocked. Oy.

NOTE: If you’re using an Amplifi HD or any “clever” router, you’ll want to change the setting “Bypass DNS cache” otherwise the Amplifi will still remain the DNS lookup of choice on your network. This setting will also confuse the Pi-hole and you’ll end up with just one “client” of the Pi-hole – the router itself.

For me it’s less about advertising – especially on small blogs or news sites I want to support – it’s about just obnoxious tracking cookies and JavaScript. I’m going to keep using Pi-hole for a few months and see how it goes. Do be aware that some things WILL break. Could be a kid’s iPhone free-to-play game that won’t work unless it can download an add, could be your company’s VPN. You’ll need to log into http://pi.hole/admin (make sure you save your password when you first install, and you can only change it at the SSH command line with “pihole -a -p”) and sometimes disable it for a few minutes to test, then whitelist certain domains. I suspect after a few weeks I’ll have it nicely dialed in.

Sponsor: Seq delivers the diagnostics, dashboarding, and alerting capabilities needed by modern development teams – all on your infrastructure. Download at https://datalust.co/seq.

© 2018 Scott Hanselman. All rights reserved.