maze88.dev


Setting up a Pi-hole on my Raspberry Pi

Michael Zeevi

Intro

Today’s personal endeavor was setting up a Pi-hole to block unwanted content for all devices connected to my home network.

How it works

For anybody unfamiliar, I’ll briefly explain how a Pi-hole works:

The Pi-hole acts as a sole (single) local DNS server, configured with a blacklist of domains which are known for serving ads and other unwanted content (such as trackers). This way, whenever an application (such as a web browser, or even a game on one’s smartphone) needs to fetch external content, then the process starts by attempting to resolve the serving domain; if the domain is in the Pi-hole’s blacklist then the Pi-hole doesn’t return the content. The importance of a Pi-hole being the sole DNS server on the network is so that when queries for unwanted content are blocked, there should not be an alternative DNS server to fall-back on, which would succeed at resolving the queries for unwanted content.

Deployment

I deployed my Pi-hole server as a Docker container, running on a Raspberry Pi 4. Specific instructions about this can be found on the Pi-hole page at DockerHub. The docker-compose.yaml file contains:

version: "3"
services:
  pihole:
    container_name: pihole
    hostname: 'pi.hole'
    image: pihole/pihole:v5.8.1-armhf-buster
    network_mode: host
    environment:
      TZ: 'Israel'
      PIHOLE_DNS_: '1.1.1.1;1.0.0.1'
      DNSSEC: 'true'
      VIRTUAL_HOST: 'pi.hole'
    volumes:
      - './etc-pihole/:/etc/pihole/'
      - './etc-dnsmasq.d/:/etc/dnsmasq.d/'
    cap_add:
      - NET_ADMIN
    restart: unless-stopped

Router configuration (DHCP and DNS)

In my router I reserved the Raspberry Pi’s IP address’ DHCP lease (so that it wouldn’t have the chance to change in case of a restart, etc.), and configured the router’s DNS nameserver to use the Raspberry Pi, which serves the Pi-hole. Note that the Secondary DNS field - which must remain empty!

Router DHCP reservation lease
Router DNS configuration

Pi-hole configuration (local DNS record)

In the Pi-hole I optionally chose to configure a local DNS record to map the domain name pi.hole to its [reserved] IP address. This allows me to access the Pi-hole’s front end dashboard (which it exposes automatically) via a comfortable domain name, instead of its IP address.

Pi-hole address bar
Pi-hole dashboard

Conclusion

In conclusion, this is a neat project which involves a nice handful of network and internet theory, bundled into an elegant solution for an everyday problem.

There is one major caveat with this solution, in regards of blocking ads: it doesn’t work for ads in YouTube videos. The reason for this is because the ads are served from the same domains as the actual video content. Therefore, if one’s a frequent consumer of YouTube, then they should consider using a browser based ad-blocker plugin in addition to a Pi-hole.