Pi-Hole: A DNS-based blacklist for ads and tracking for Raspberry PiMattias Geniar, Sunday, October 23, 2016
I just "upgraded" our home network with a Pi-Hole, an interesting project that implements a DNS server with a known-list of ad- and privacy trackers. The result is that everyone on your network that uses that DNS server gets an adblocker for free, without configuration work.
How DNS-based blacklisting works
The idea is simple and powerful: the project acts as your DNS server, so every time your smartphone/tablet/laptop/pc requests the IP for known adtrackers, the Pi-Hole just responds with a bogus IP address.
Instead of connecting to the server for the adtrackers, you connect to your Pi. Since that's running a webserver, it instantly connects and returns an empty reply.
There's no delay in waiting to connect to a non-existent IP address, there's just an instant "blackholed" answer.
While I usually don't like curl | bash installers, this one seems pretty safe.
I installed it on a Raspberry Pi, but it actually runs on any Ubuntu/Debian based Linux server. The Pi is just convenient as it's a low-power, easy-to-hide-away little server for your home.
On your Pi, run this;
$ curl -L https://install.pi-hole.net | bash
And you're good to go.
Your entire home gets an adblocker, without the hassle
If you want to protect the members of your home (or: anyone connected to your WiFi), it's usually a bit of a hassle: every device needs an adblocker/privacy blocker, it's a pain to get it to work on iOS, ...
Since Pi-Hole acts as a DNS server, all you need to do is to configure your router to stop handing out the DNS server(s) from your ISP, but to configure it to point to the IP of your Raspberry Pi running the Pi-Hole.
Added bonus: since that Pi-Hole can be configured to use Google's upstream namservers (220.127.116.11 & 18.104.22.168) you automatically bypass DNS based blocks implemented by your provider.
So if your ISP is preventing you from visiting certain websites, that's usually DNS based and the Pi-Hole bypasses that by not using your ISPs' nameservers.
This is actually what made me try out Pi-Hole in the first place: their reporting dashboard!
Every DNS query made gets logged: you get graphs, a list of DNS queries, you can add white- or blacklist entries, ...
Top DNS & advertisers
Full DNS query log
Control over convenience
There are already DNS-based blacklist providers you can use (like OpenDNS), but having the DNS server run on your own Raspberry Pi gives you more control and privacy. All the blocking & tracking happens in the comfort of your own home, not by a corporation you don't know.
The downside; you need to configure a Pi and you'll have to troubleshoot why DNS isn't working one day, if the service is stopped/crashed or your Pi has stopped working.
But as a sysadmin, I don't mind -- I'm happy my home gets an adblocker for everyone connected to our WiFi for free.