• "Spreading the ideas of freedom loving people on matters regarding high finance, politics, constructionist Constitution, and mental masturbation of all types"

Pi-hole - a black hole for internet ads.

ToBeSelfEvident

Gold Member
Gold Chaser
Joined
Apr 10, 2010
Messages
1,374
Likes
1,219
#1
https://pi-hole.net/

It's a brilliantly simple concept. Pihole takes over DNS service for every outgoing request from all our connected devices. Usually this is handled by our ISP or the Google DNS service of 8.8.8.8. Instead, we will have pihole handle the DNS lookups.

So when you visit msnbc.com your browser will also be requesting ads from static.doubleclick.net. But pihole knows static.doubleclick.net is an ad server, so pihole says: I am static.doubleclick.net! and in a fraction of a millisecond pihole returns a blank page in place of the ad. You save tons of bandwidth because the ad requests are never sent out and never received, they are intercepted by pihole.

I've been testing pihole for about a week by only sending traffic from my personal PC to it. It was only blocking about 4% of traffic. I thought, what's the big deal? Then again, I tend to spend a lot of time on sites with very light advertising, and my WindowsXP system has been stripped of all Microsoft crap for many years.

So, this morning I decided to send all of my home network's traffic through the pihole. This includes 2 Rokus, 2 newer Windows PCs, a couple of Android tablets, a game console, etc. WOW! All of a sudden pihole is blocking 46% of the traffic! The Windows 8 machine is sending telemetry information to teredo.ipv6.microsoft.com every couple of seconds and pihole is there to kill it. The Windows 7 machine is hitting that same address but not as often. The Roku machines are constantly sending traffic to Netflix. I allowed that for now but added cloudservices.roku.com to the blacklist and Roku ads are now gone! Even the old Wii game console was phoning home multiple times per minute, trying to connect to a Wii weather server which no longer exists.

There are some specialized blocklists for smart TVs. The Samsung smart TVs phone home to Korea constantly. Pihole can fix this. The blocklists for porn have about 1.5 million domains blocked. The standard blocklist set only contains about 122,000 domains, but if you add all the available blocklists it can be over 7,000,000 domains blocked. That many might be overkill. I currently have 436,000 domains blocked and it is working well.

Looking at the stats and the logs, it's easy to see which devices are calling where. You will likely see that most of the traffic is not requested by the user and has no benefit for the user. Being able to block it is quite satisfying. Web pages load fast and aren't full of distracting crap. I can actually read a detailed article without being sidetracked by Well Endowed Asian Women Wanting To Meet Men In <insert geolocation here>.

Up to 48% now since I started writing this post.

pihole.jpg
 
Last edited:

Alton

Gold Member
Gold Chaser
Joined
Apr 1, 2010
Messages
4,180
Likes
7,639
Location
Michiana
#3
Interesting. I use AdBlocker+ and T.A.C.O. and I see relatively NO ads save for those I allow at certain websites and it is quite effective, even at youtube. Thanks for the linky!
 

ToBeSelfEvident

Gold Member
Gold Chaser
Joined
Apr 10, 2010
Messages
1,374
Likes
1,219
#5
Yes, linux is required, though some people are running pihole in a VM and some are running it directly on their router with DD-WRT. I am using a Raspberry Pi 3B+ which uses about 4w. You could run it on the $10 Raspberry Pi Zero W which draws less than 1w of power.

One guy says he is running pihole in a VM with 112mb of RAM and no swap.

Edit: Pihole now blocking 64.2% of all requests. A huge amount of telemetry between 3AM and 5AM got piholed.
 
Last edited:

Goldhedge

Moderator
Site Mgr
Sr Site Supporter
Joined
Mar 28, 2010
Messages
37,738
Likes
55,482
Location
Rocky Mountains
#6
macOS
  1. Click Apple > System Preferences > Network
  2. Highlight the connection for which you want to configure DNS
  3. Click Advanced
  4. Select the DNS tab
  5. Click + to replace any listed addresses with, or add, your Pi’s IP addresses at the top of the list:
  6. Click Apply > OK
  7. Repeat the procedure for additional network connections you want to change.
Windows
DNS settings are specified in the TCP/IP Properties window for the selected network connection.

  1. Go to the Control Panel
  2. Click Network and Internet > Network and Sharing Center > Change adapter settings
  3. Select the connection for which you want to configure
  4. Right-click Local Area Connection > Properties
  5. Select the Networking tab
  6. Select Internet Protocol Version 4 (TCP/IPv4) or Internet Protocol Version 6 (TCP/IPv6)
  7. Click Properties
  8. Click Advanced
  9. Select the DNS tab
  10. Click OK
  11. Select Use the following DNS server addresses
  12. Replace those addresses with the IP addresses of your Pi
  13. Restart the connection you selected in step 3
  14. Repeat the procedure for additional network connections you want to change.
Linux
In most modern Linux distributions, DNS settings are configured through Network Manager.

  1. Click System > Preferences > Network Connections
  2. Select the connection for which you want to configure
  3. Click Edit
  4. Select the IPv4 Settings or IPv6 Settings tab
  5. If the selected method is Automatic (DHCP), open the dropdown and select Automatic (DHCP) addresses only instead. If the method is set to something else, do not change it.
  6. In the DNS servers field, enter your Pi’s IP addresses
  7. Click Apply to save the change
  8. Repeat the procedure for additional network connections you want to change.
  9. If your distribution doesn’t use Network Manager, your DNS settings are specified in /etc/resolv.conf.
https://discourse.pi-hole.net/t/how-do-i-configure-my-devices-to-use-pi-hole-as-their-dns-server/245
 
Last edited:

ToBeSelfEvident

Gold Member
Gold Chaser
Joined
Apr 10, 2010
Messages
1,374
Likes
1,219
#9
You do not run pihole on each CPU. The OS instructions above show how to point an individual device to pihole on a local IP. The preferred method is to send all your LAN's outgoing traffic through the pihole IP by pointing your router to the pihole IP. In that case, no settings are changed on individual devices, only on the router.

It works better to pihole the whole LAN because many embedded devices can't run adblockers. Also, running an ad blocker at the browser level is non-optimal, since your browser is still connecting with the ad servers and still downloading ads. The ad blocker is limiting which ads are displayed, but the ad servers still get all your info and no bandwidth is saved.
 

gringott

Killed then Resurrected
Midas Member
Site Supporter ++
Joined
Apr 2, 2010
Messages
15,609
Likes
21,144
Location
You can't get there from here.
#10
Yes, linux is required, though some people are running pihole in a VM and some are running it directly on their router with DD-WRT. I am using a Raspberry Pi 3B+ which uses about 4w. You could run it on the $10 Raspberry Pi Zero W which draws less than 1w of power.

One guy says he is running pihole in a VM with 112mb of RAM and no swap.

Edit: Pihole now blocking 64.2% of all requests. A huge amount of telemetry between 3AM and 5AM got piholed.
I read the FAQ on the site about running it on a router [DD-WRT] and the thread had no clear success story, mostly just hopium.
Do you have a link to a success story?
 

<SLV>

Gold Member
Gold Chaser
Site Supporter ++
Joined
Apr 1, 2010
Messages
3,640
Likes
4,495
#11
Life should not be this complicated.
 

ToBeSelfEvident

Gold Member
Gold Chaser
Joined
Apr 10, 2010
Messages
1,374
Likes
1,219
#12
Setting it up on a $35 Raspberry Pi was trivial. Life is actually simpler now that all the garbage goes down the pihole. I wanted ad blocking but blocking endless tattletale calls to the mothership is even better.
 

Joe King

Gold Member
Gold Chaser
Site Supporter
Joined
Mar 31, 2010
Messages
8,011
Likes
8,438
Location
Instant Gratification Land
#13
I read the FAQ on the site about running it on a router [DD-WRT] and the thread had no clear success story, mostly just hopium.
Do you have a link to a success story?
Did you look at the list of routers to see if yours will work or not?
If it's on the list, d/l the firmware and install it on your router.
Or if yours isn't on the list, find one that is and flash the new firmware.

https://www.dd-wrt.com/site/support/router-database

There's also a forum about it. Might find more info there. https://www.dd-wrt.com/phpBB2/
 

viking

Silver Member
Silver Miner
Joined
May 12, 2010
Messages
1,459
Likes
1,354
#14
It says mine is supported (WRT400N), but not really sure how to set it up. 192.168.1.250? What else in the settings?
 

Goldhedge

Moderator
Site Mgr
Sr Site Supporter
Joined
Mar 28, 2010
Messages
37,738
Likes
55,482
Location
Rocky Mountains
#15
Setting it up on a $35 Raspberry Pi was trivial. Life is actually simpler now that all the garbage goes down the pihole. I wanted ad blocking but blocking endless tattletale calls to the mothership is even better.
Does that mean you use the raspberry as a router?
 

Joe King

Gold Member
Gold Chaser
Site Supporter
Joined
Mar 31, 2010
Messages
8,011
Likes
8,438
Location
Instant Gratification Land
#17

ToBeSelfEvident

Gold Member
Gold Chaser
Joined
Apr 10, 2010
Messages
1,374
Likes
1,219
#18
Does that mean you use the raspberry as a router?
No, just as the DNS server. It is actually spoofing a DNS server since it does no DNS lookups. It just compares the requests with its blocklist, blocks any domains that match, and passes the actual DNS lookups to Google or OpenDNS.

Correction: I said above that pihole does no DNS lookups, but it actually does keep a cache of recent DNS requests and handles those itself. The speed on these lookups is100x faster than letting Google do it. You can see from the logs that any requests that are piholed return a blank page in about 0.2 ms and cached lookups are completed in a similar timeframe, 0.2 to 0.3 ms. The lookups which are passed through to Google for DNS are taking 20 - 50 ms, which is much slower but still less than 1/20th of a second.
 

gringott

Killed then Resurrected
Midas Member
Site Supporter ++
Joined
Apr 2, 2010
Messages
15,609
Likes
21,144
Location
You can't get there from here.
#19
Ok, I really didn't want to mess with my router, so I set it up on a Raspberry Pi.
It's next to the router now, doing the work.
I set up the DNS on the router to point to the Pihole, the only address.
I also set up all my ethernet connections [static IPs] to only use the Pihole address as DNS lookup.
Pretty smooth in the end. In the future, I may have pihole do my DHCP.
And since it is just sitting there, perhaps I may have the raspbery pi do some other tasks for me.
I already have RDP setup on it.

As a test, I turned off my adblocker in my browser and went to zerohedge. No ads. ALL IS GOOD!
I am passing this info on to other family and friends.
Thanks again ToBeSelfEvident!