Pi-Hole: A DNS-based blacklist for ads and tracking for Raspberry Pi

Image of Mattias Geniar

Mattias Geniar, October 23, 2016

Follow me on Twitter as @mattiasgeniar

I just “upgraded” our home network with a Pi-Hole, an interesting project that implements a DNS server with a known-list of ad- and privacy trackers. The result is that everyone on your network that uses that DNS server gets an adblocker for free, without configuration work.

How DNS-based blacklisting works

The idea is simple and powerful: the project acts as your DNS server, so every time your smartphone/tablet/laptop/pc requests the IP for known adtrackers, the Pi-Hole just responds with a bogus IP address.

Instead of connecting to the server for the adtrackers, you connect to your Pi. Since that’s running a webserver, it instantly connects and returns an empty reply.

There’s no delay in waiting to connect to a non-existent IP address, there’s just an instant “blackholed” answer.

Pi-Hole configuration

While I usually don’t like _curl | bash _installers, this one seems pretty safe.

I installed it on a Raspberry Pi, but it actually runs on any Ubuntu/Debian based Linux server. The Pi is just convenient as it’s a low-power, easy-to-hide-away little server for your home.

On your Pi, run this;

$ curl -L https://install.pi-hole.net | bash

And you’re good to go.

Your entire home gets an adblocker, without the hassle

If you want to protect the members of your home (or: anyone connected to your WiFi), it’s usually a bit of a hassle: every device needs an adblocker/privacy blocker, it’s a pain to get it to work on iOS, …

Since Pi-Hole acts as a DNS server, all you need to do is to configure your router to stop handing out the DNS server(s) from your ISP, but to configure it to point to the IP of your Raspberry Pi running the Pi-Hole.

Added bonus: since that Pi-Hole can be configured to use Google’s upstream namservers (8.8.8.8 & 8.8.4.4) you automatically bypass DNS based blocks implemented by your provider.

So if your ISP is preventing you from visiting certain websites, that’s usually DNS based and the Pi-Hole bypasses that by not using your ISPs’ nameservers.

Web interface

This is actually what made me try out Pi-Hole in the first place: their reporting dashboard!

Every DNS query made gets logged: you get graphs, a list of DNS queries, you can add white- or blacklist entries, …

Graphs

pihole_1

Pie-charts

pihole_2

Top DNS & advertisers

pihole_3

Full DNS query log

pihole_4

Control over convenience

There are already DNS-based blacklist providers you can use (like OpenDNS), but having the DNS server run on your own Raspberry Pi gives you more control and privacy. All the blocking & tracking happens in the comfort of your own home, not by a corporation you don’t know.

The downside; you need to configure a Pi and you’ll have to troubleshoot why DNS isn’t working one day, if the service is stopped/crashed or your Pi has stopped working.

But as a sysadmin, I don’t mind – I’m happy my home gets an adblocker for everyone connected to our WiFi for free.

Give it a try: Pi-Hole, a Black Hole for Internet Advertisers for your Raspberry Pi



Want to subscribe to the cron.weekly newsletter?

I write a weekly-ish newsletter on Linux, open source & webdevelopment called cron.weekly.

It features the latest news, guides & tutorials and new open source projects. You can sign up via email below.

No spam. Just some good, practical Linux & open source content.