Ads can be annoying, but they are necessary for some websites to finance themselves. The browse can install ad-blockers to stop the ads from popping up, but what if you want to cover your entire home or office network? What if you want to block more than ads? Pi-Hole can be used as a Local Area Network (LAN) fix.
You may think that this will require a Raspberry Pi, but you can use Pi-Hole on other systems that are running certain distros.
Requirements
Hardware-wise, Pi-Hole only requires a minimum of 2 GB storage and 512 MB of RAM.
For the Operating System (OS), it requires one of the following distros:
Functionality
When a user goes to a website, there is all the information to generate the web page. Within this HTML code are the links to generate ads. The web browser will request the ad information to display in the browser. To request the information, the systems send the Domain Name information to a DNS Server to get the IP Address of the needed ad. The DNS Server will answer the request to the web browser and it retrieves the ad from the ad server.
To prevent the ad from being retrieved, the system will send the DNS requests to the Pi-Hole system. The Pi-Hole system will check the Domain Name against its allow (whitelist) and deny (blacklist) lists. If the Domain Name is allowable, then the Pi-Hole system will acknowledge the DNS request with the IP Address. If the Domain Name is on the deny list, then the response is the loop-back IP Address (127.0.0.1) that will not load an ad. We can test this in a bit after it is all installed.
The process that Pi-Hole uses is called a DNS Sinkhole.
Prerequisites
Before installing the Pi-Hole packages, we need to set a few things up to get ready.
As with any installation, it is best to make sure you update the system on the newest packages. Perform an update and upgrade as needed for your distro. For Ubuntu, the example would be:
After your system is up-to-date, you need to set the system with a static IP Address. Since we set the Pi-Hole system as a DNS Server, the IP Address needs to be constant and not changing by the DHCP Server.
Open the network settings and change the IP4 settings for the connection. Change the setting for ‘DHCP’ to ‘Manual’. Set the IP Address as one that is not used by any other system on the network and is not part of the DHCP Address Lease range. Once you set this, it may be best to reboot the system to make sure that the static IP Address is in effect.
Keep the IP Address in mind and remember it for later. If your DHCP Server allows the designation of the DNS Server to the DHCP Clients, then set the DNS Server as the IP Address for the Pi-Hole system. This way, when a system gets an IP Address from the DHCP Server, it will also receive the Pi-Hole Address as the main DNS Server to use. You can set the secondary DNS Server as the IP Address for the Pi-Hole as well. For redundancy’s sake, you can have two Pi-Hole systems and use both IP Addresses as Primary and Secondary DNS Servers.
The Pi-Hole system should now be ready for use, so we need to get it set up.
NOTE: Until the Pi-Hole system is up and running, DNS queries will not work and the Internet will be inaccessible. Get the Pi-Hole System up and running before changing the DNS entries on the DHCP Server.
Installation
There are multiple ways to install the Pi-Hole packages, but I’ll go over the simplest way to download and start the script:
NOTE: On some distros, you may get an error that ‘curl’ does not exist. You will need to install ‘curl’.
The command downloads the script and pipes it to ‘bash’ to be executed. It is usually a best practice not to do this unless you know the script is from a trusted source.
Once you download the script to the local drive, the execution of the script occurs.
The script will check for dependencies and should install them if needed. The script will download other files that Pi-Hole needs for the program.
After everything is downloaded that is required, you’ll see a screen similar to Figure 1. The script will prompt you occasionally for input to set Pi-Hole configurations.
FIGURE 1
After you select ‘OK’, you’ll see another screen asking for donations for Pi-Hole.
The next screen, Figure 2, states that you need a static IP Address. Press ‘Continue’ once this is complete. If you have been following along, then you should have this set already.
FIGURE 2
The next screen lets you specify the DNS Server to be used by Pi-Hole to use for getting IP Addresses that are not on the list to block. See Figure 3.
FIGURE 3
Figure 4 will ask you if you wish to use the default list for blocking ads. You can select ‘Yes’ or ‘No’ for this list. You can add other lists later, which I will cover.
FIGURE 4
The net screen will ask if you want to install the ‘Admin Web Interface’. You’ll need this if you want a Graphical User Interface (GUI) to manage Pi-Hole. Trust me, it is a good choice to add it. This means it installs a web package if it is not already on the system. The next screen asks if you want to install the web packages. It also states that the web server user needs to be part of the ‘pihole’ group.
The next screen asks if you want to enable Query logging. It is best to enable all logging to allow for counters to be used to see that Pi-Hole works properly.
You’ll see a prompt for the configuration of Privacy Levels. Showing everything is a good place to start and you can change this later.
The script installs the web services and configured for the Pi-Hole Admin Web Interface.
The next screen shows that the installation is complete. This screen is very important for the Web Interface since it shows your password to access the Interface, see Figure 5. It also shows the web address to the Pi-Hole and the address of the Web Interface.
FIGURE 5
After you select the final ‘OK’ button, you should be back at a terminal prompt.
At any point you want to update the Pi-Hole system, just use the command:
Reboot the Pi-Hole system for all the files added in the installation to take effect.
Admin Web Interface
If you go to ‘http://pi.hole/admin’, or replace ‘pi.hole’ with the static IP Address of your Pi-Hole system, see Figure 6. Here is where you enter the password given once the installation is complete.
FIGURE 6
After entering the password and gaining access to the Interface, see the top of the Interface is like Figure 7.
FIGURE 7
Here, you can see that there are 117,419 entries loaded from the deny list. You can also see the total number of queries made to the DNS Server and how many are in the deny list.
There is more information here, but I will cover what is really necessary. Figure 8 shows the left column of the Interface.
FIGURE 8
The ‘Dashboard’ is the main screen that you first see when you log on to the Interface. Here are the stats of Pi-Hole.
You’ll see the next line is the ‘Query Log’. Here you can look at the queries made to the DNS Server. If you see an entry in here, that should be on the block list, you can click on a button for the specified to ‘Blacklist’ the entry.
‘Long-Term Data’ is the next line which can show the top entries in the ‘Query Log’.
Using ‘Groups’ let’s you create a group of users that may not be subject to some or all the Blacklists.
The ‘Clients’ option lets you specify clients on the network that can only be subject to some or no Blacklists.
You can set domain names to add to the Blacklist or Whitelist. It may be best to use the Regex tab and do something like ‘*.pornhub.com’ to block all access to the domain ‘pornhub.com’. In a business, this can be handy to prevent the employees from accessing sites that should not be accessed at work. You can also block out competitors’ websites if needed.
‘Adlists’ is where we can add more lists as we need. I’ll cover this more soon.
If you wanted to ‘Disable Blocking’ for a specified amount of time, here is where you do it. Make sure you enable the lists when you have completed what you need to do.
To set DNS names for the local network, you can use the ‘Local DNS’ tab.
The ‘Tools’ option has many sub-options, but the one to note is ‘Update Gravity’. Any time you change the lists, whether the whitelist or blacklist, you need to ‘Update Gravity’. This reloads all the lists, so do not leave the screen until you see it has successfully reloaded.
If you need to change any settings for Pi-Hole itself, the configuration options are all under ‘Settings’.
Adding Lists
I showed you how to add a domain, but to add all necessary domains can be lengthy, if not impossible. So, let’s look at adding lists to make the Pi-Hole work for you.
To add a decent comprehensive list for porn, you can go to ‘Adlists’ and under ‘Address’ add ‘https://raw.githubusercontent.com/c...ists/master/lists/pi_blocklist_porn_all.list’, then click ‘add’. You need to ‘Update Gravity’, and this should work. If you go to a search site and type in ‘porn’, you will get a list, but you should not get a page when clicking on the links.
If you want to see that the links were blocked by Pi-Hole, then go back to the ‘Query Log’ and you should see the websites you clicked on listed and should be in red. Again, if it blocks a site or it is not blocked, then you can click on the button for the line and change it from one to the other.
Another excellent site for lists is at ‘https://firebog.net’. The lists are by type, such as Suspicious Lists, Advertising Lists, Tracking and Telemetry Lists, Malicious Lists, and Other Lists. Here you can get the link and paste it into the ‘Adlists’ tab. Just remember to ‘Update Gravity’ when done. Once you have ‘Update Gravity’, go back to the ‘Dashboard’ and see the number of the ‘Domains on AdList’ has increased by the addition of the newly added lists.
NOTE: Other lists exist on the Internet. Just look around. These were the first ones I found.
Conclusion
Pi-Hole is a good way to block certain sites for your entire network. This can be beneficial for a business or even a home network. Be sure to specify the DNS Server on the DHCP Server, so when the client systems get an IP Address, they also receive the proper DNS Server Address for the Pi-Hole system.
Just monitor the log and see if you need to add or remove any sites from the Whitelist or Blacklist.
You may think that this will require a Raspberry Pi, but you can use Pi-Hole on other systems that are running certain distros.
Requirements
Hardware-wise, Pi-Hole only requires a minimum of 2 GB storage and 512 MB of RAM.
For the Operating System (OS), it requires one of the following distros:
- Armbian OS
- CentOS Stream
- Debian
- Fedora
- Raspberry Pi OS
- Ubuntu
Functionality
When a user goes to a website, there is all the information to generate the web page. Within this HTML code are the links to generate ads. The web browser will request the ad information to display in the browser. To request the information, the systems send the Domain Name information to a DNS Server to get the IP Address of the needed ad. The DNS Server will answer the request to the web browser and it retrieves the ad from the ad server.
To prevent the ad from being retrieved, the system will send the DNS requests to the Pi-Hole system. The Pi-Hole system will check the Domain Name against its allow (whitelist) and deny (blacklist) lists. If the Domain Name is allowable, then the Pi-Hole system will acknowledge the DNS request with the IP Address. If the Domain Name is on the deny list, then the response is the loop-back IP Address (127.0.0.1) that will not load an ad. We can test this in a bit after it is all installed.
The process that Pi-Hole uses is called a DNS Sinkhole.
Prerequisites
Before installing the Pi-Hole packages, we need to set a few things up to get ready.
As with any installation, it is best to make sure you update the system on the newest packages. Perform an update and upgrade as needed for your distro. For Ubuntu, the example would be:
Code:
sudo apt update && sudo apt upgrade -y
After your system is up-to-date, you need to set the system with a static IP Address. Since we set the Pi-Hole system as a DNS Server, the IP Address needs to be constant and not changing by the DHCP Server.
Open the network settings and change the IP4 settings for the connection. Change the setting for ‘DHCP’ to ‘Manual’. Set the IP Address as one that is not used by any other system on the network and is not part of the DHCP Address Lease range. Once you set this, it may be best to reboot the system to make sure that the static IP Address is in effect.
Keep the IP Address in mind and remember it for later. If your DHCP Server allows the designation of the DNS Server to the DHCP Clients, then set the DNS Server as the IP Address for the Pi-Hole system. This way, when a system gets an IP Address from the DHCP Server, it will also receive the Pi-Hole Address as the main DNS Server to use. You can set the secondary DNS Server as the IP Address for the Pi-Hole as well. For redundancy’s sake, you can have two Pi-Hole systems and use both IP Addresses as Primary and Secondary DNS Servers.
The Pi-Hole system should now be ready for use, so we need to get it set up.
NOTE: Until the Pi-Hole system is up and running, DNS queries will not work and the Internet will be inaccessible. Get the Pi-Hole System up and running before changing the DNS entries on the DHCP Server.
Installation
There are multiple ways to install the Pi-Hole packages, but I’ll go over the simplest way to download and start the script:
Code:
curl -sSL https://install.pi-hole.net | bash
NOTE: On some distros, you may get an error that ‘curl’ does not exist. You will need to install ‘curl’.
The command downloads the script and pipes it to ‘bash’ to be executed. It is usually a best practice not to do this unless you know the script is from a trusted source.
Once you download the script to the local drive, the execution of the script occurs.
The script will check for dependencies and should install them if needed. The script will download other files that Pi-Hole needs for the program.
After everything is downloaded that is required, you’ll see a screen similar to Figure 1. The script will prompt you occasionally for input to set Pi-Hole configurations.
FIGURE 1
After you select ‘OK’, you’ll see another screen asking for donations for Pi-Hole.
The next screen, Figure 2, states that you need a static IP Address. Press ‘Continue’ once this is complete. If you have been following along, then you should have this set already.
FIGURE 2
The next screen lets you specify the DNS Server to be used by Pi-Hole to use for getting IP Addresses that are not on the list to block. See Figure 3.
FIGURE 3
Figure 4 will ask you if you wish to use the default list for blocking ads. You can select ‘Yes’ or ‘No’ for this list. You can add other lists later, which I will cover.
FIGURE 4
The net screen will ask if you want to install the ‘Admin Web Interface’. You’ll need this if you want a Graphical User Interface (GUI) to manage Pi-Hole. Trust me, it is a good choice to add it. This means it installs a web package if it is not already on the system. The next screen asks if you want to install the web packages. It also states that the web server user needs to be part of the ‘pihole’ group.
The next screen asks if you want to enable Query logging. It is best to enable all logging to allow for counters to be used to see that Pi-Hole works properly.
You’ll see a prompt for the configuration of Privacy Levels. Showing everything is a good place to start and you can change this later.
The script installs the web services and configured for the Pi-Hole Admin Web Interface.
The next screen shows that the installation is complete. This screen is very important for the Web Interface since it shows your password to access the Interface, see Figure 5. It also shows the web address to the Pi-Hole and the address of the Web Interface.
FIGURE 5
After you select the final ‘OK’ button, you should be back at a terminal prompt.
At any point you want to update the Pi-Hole system, just use the command:
Code:
pihole -up
Reboot the Pi-Hole system for all the files added in the installation to take effect.
Admin Web Interface
If you go to ‘http://pi.hole/admin’, or replace ‘pi.hole’ with the static IP Address of your Pi-Hole system, see Figure 6. Here is where you enter the password given once the installation is complete.
FIGURE 6
After entering the password and gaining access to the Interface, see the top of the Interface is like Figure 7.
FIGURE 7
Here, you can see that there are 117,419 entries loaded from the deny list. You can also see the total number of queries made to the DNS Server and how many are in the deny list.
There is more information here, but I will cover what is really necessary. Figure 8 shows the left column of the Interface.
FIGURE 8
The ‘Dashboard’ is the main screen that you first see when you log on to the Interface. Here are the stats of Pi-Hole.
You’ll see the next line is the ‘Query Log’. Here you can look at the queries made to the DNS Server. If you see an entry in here, that should be on the block list, you can click on a button for the specified to ‘Blacklist’ the entry.
‘Long-Term Data’ is the next line which can show the top entries in the ‘Query Log’.
Using ‘Groups’ let’s you create a group of users that may not be subject to some or all the Blacklists.
The ‘Clients’ option lets you specify clients on the network that can only be subject to some or no Blacklists.
You can set domain names to add to the Blacklist or Whitelist. It may be best to use the Regex tab and do something like ‘*.pornhub.com’ to block all access to the domain ‘pornhub.com’. In a business, this can be handy to prevent the employees from accessing sites that should not be accessed at work. You can also block out competitors’ websites if needed.
‘Adlists’ is where we can add more lists as we need. I’ll cover this more soon.
If you wanted to ‘Disable Blocking’ for a specified amount of time, here is where you do it. Make sure you enable the lists when you have completed what you need to do.
To set DNS names for the local network, you can use the ‘Local DNS’ tab.
The ‘Tools’ option has many sub-options, but the one to note is ‘Update Gravity’. Any time you change the lists, whether the whitelist or blacklist, you need to ‘Update Gravity’. This reloads all the lists, so do not leave the screen until you see it has successfully reloaded.
If you need to change any settings for Pi-Hole itself, the configuration options are all under ‘Settings’.
Adding Lists
I showed you how to add a domain, but to add all necessary domains can be lengthy, if not impossible. So, let’s look at adding lists to make the Pi-Hole work for you.
To add a decent comprehensive list for porn, you can go to ‘Adlists’ and under ‘Address’ add ‘https://raw.githubusercontent.com/c...ists/master/lists/pi_blocklist_porn_all.list’, then click ‘add’. You need to ‘Update Gravity’, and this should work. If you go to a search site and type in ‘porn’, you will get a list, but you should not get a page when clicking on the links.
If you want to see that the links were blocked by Pi-Hole, then go back to the ‘Query Log’ and you should see the websites you clicked on listed and should be in red. Again, if it blocks a site or it is not blocked, then you can click on the button for the line and change it from one to the other.
Another excellent site for lists is at ‘https://firebog.net’. The lists are by type, such as Suspicious Lists, Advertising Lists, Tracking and Telemetry Lists, Malicious Lists, and Other Lists. Here you can get the link and paste it into the ‘Adlists’ tab. Just remember to ‘Update Gravity’ when done. Once you have ‘Update Gravity’, go back to the ‘Dashboard’ and see the number of the ‘Domains on AdList’ has increased by the addition of the newly added lists.
NOTE: Other lists exist on the Internet. Just look around. These were the first ones I found.
Conclusion
Pi-Hole is a good way to block certain sites for your entire network. This can be beneficial for a business or even a home network. Be sure to specify the DNS Server on the DHCP Server, so when the client systems get an IP Address, they also receive the proper DNS Server Address for the Pi-Hole system.
Just monitor the log and see if you need to add or remove any sites from the Whitelist or Blacklist.