Last weekend I had the pleasure of setting up my Raspberry Pi to act as a network-wide ad-blocker. It was incredibly simple to do and I’d recommend anyone interested in having an ad-free home network environment to look into it.
What is a Pi-Hole?
Pi-hole is a network level ad-block software that can run on the affordable Raspberry Pi, or any other Linux device with network capability. It acts as a DNS sinkhole that prevents the resolving of host names for blacklisted domains.
“So why would I need this if I already have an ad-blocker running on my browser?”
- Pi-Hole can actually speed up your network!
- Since DNS queries for potential ads are being intercepted by the Pi-hole, it is actually stopping it from being downloaded in the first place!
- Pi-Hole can reduce your bandwidth usage!
- Because these advertisements are not being downloaded at all, you are therefore using less bandwidth.
- Block Ads in Non-Browser Settings!
- Browsing the Reddit app on your phone? No more ads to interrupt your scrolling experience!
- Watching internet videos/streams on your Playstation or Xbox? No annoying pop up or border ads!
- Pi-Hole also acts as a network monitoring tool!
- Pi-hole logs all DNS queries that it intercepts, so you can view and analyze all that traffic that is zipping around your network.
- Pi-Hole can act as a second layer of defense against malware by blocking known malware domains and command and control servers used by botnets.
“Do I still need a browser ad-blocker if I’m using Pi-Hole?
While Pi-hole does a fantastic job of blocking advertisements for most people, there are still some benefits to using a browser-based blocker. In fact, I would suggest using Pi-hole and uBlock together as a part of a defense-in-depth strategy.
Pi-hole doesn’t remove the empty space from ads like uBlock will, so you will see the empty areas on websites if you’re running Pi-hole WITHOUT a traditional browser-based ad-blocker.
Pi-Hole WITHOUT Ad-Block:
Notice the gaping hole where an advertisement was supposed to load?
Pi-hole WITH Ad-Block:
uBlock cleans the page up for us. Nice!
So, my suggestion would definitely be to double up and run both the Pi-Hole and a browser extension ad-blocker if you can. Remember! Defense in depth.
Step 1: Put Raspian Lite onto your Micro-SD card
I had the luxury of already having Raspian installed on my SD card that came with my Raspberry Pi, but for those who need to do it manually, follow the instructions in these links:
Step 2: Connect your Pi to your network and power it on.
Simply plug an ethernet cord into your Pi and find a source for power (either via USB or the wall adapter) and the Pi will start up automatically. Below is a diagram explaining the various ports and parts of Model 3B+ Pi:
(Note: If your Pi came with heatsinks, you simply peel off the tape covering the adhesive and stick them directly on top of the CPU and LAN chips)
Step 3: Determine your Pi’s IP Address
The latest version of Raspian has gone away with the default enabling of the SSH daemon (as a security precaution). So we can no longer simply SSH into the Pi to set things up initially. Thus, you’re going to need to find a way to plug your Pi into a monitor or TV that has HDMI support, and log in with the default credentials of:
- Username: pi
- Password: raspberry
Once you’re in, make note of your IP address by typing ‘ifconfig’ in the terminal:
(Note: Your IP address should be found in under the ‘eth0’ interface if you’re plugged directly into Ethernet)
Once you’re successfully authenticated and logged into the Pi, you’re going to want to run the following command to simplify the configuration process:
This nifty script will present you with a simplified menu that gives you the quick access to common configuration options:
- Change the password for the current user (Strongly recommend)
- Configure Wi-Fi (If you have a suitable Wi-Fi adapter)
- Change the hostname
- Enable SSH (Make sure to enable this for easy remote access to your Pi!)
Step 4: Install Pi-Hole
Now that we have the basic configuration done, we are ready to run the install script:
curl -sSL https://install.pi-hole.net | bash
(Note: it is always a good idea to inspect a script you are going to curl|bash, as you are essentially executing arbitrary code from the Internet on your device).
Once you execute the above command, the Pi-Hole installer should begin to do its thing. The installer will present you with a familiar console which you can navigate with your keyboard.
When given the option, select your network interface. (This is what you saw when you ran ‘ifconfig’ earlier in the setup to determine your IP address).
Next, you’ll be prompted to select a DNS provider. Pi-hole will use this provider to resolve DNS queries that your devices send to it. Feel free to research these and determine one that you like. But if you’re unsure, you can default to the Google DNS servers.
After selecting your upstream DNS provider, you’ll want to set up a static IP address for your Pi-Hole. Otherwise, your router will keep assigning it a new IP address whenever the lease is up (Typically 24 hours for the average home router). If you’re interested in learning more about why your router does this, read up on DHCP.
You obviously don’t want this to happen! As this will essentially bring down your home network, since all your devices will be attempting to contact your Pi-Hole for DNS query resolution, but will be contacting the wrong IP address!
Simply click <Yes> to leave the IP address as is and move on to the next steps.
Be sure to also select <Yes> when asked to ‘install the web admin interface’ and ‘log queries’
Now sit back, and let the installer take care of the rest. Give it about 10 or so minutes and you should be greeted with this screen:
After the you exit the installation process, feel free to change the password to your web page administration interface with the following command:
pihole -a -p
If you’re curious about other command line capabilities, browse through the output of the help command:
We’re almost done! We now have a functional Pi-Hole server, but we need to configure you home router to send all DNS requests it receives to the Pi-hole, instead of your current ISP DNS server.
Unfortunately, I will only be able to provide general guidelines here, as everyone’s router web interface will be slightly different. Nonetheless, they should all offer similar functionality, and a somewhat similar UI.
Usually home routers will probably have a default IP address of either 192.168.1.1 or 192.168.0.1. Simply types these into your URL bar and see if either of these things brings you to your routers web administration page.
If you are still struggling to find your router’s IP address, type the following command on a Windows computer, and locate the ‘Default Gateway’ line. This is your router’s IP address:
(Note: You’ll probably be prompted for a username and password to access your routers web admin page. If you’re unsure or can’t remember your credentials, try looking on the side of your router for the default credentials or for information on how to reset the password).
Once you’re logged into your router’s web interface, search around for an option to change your preferred DNS server:
You’ll need to change your configuration so that your router now uses your Pi-Hole as it’s DNS server.
Type in the IP address of the Pi-Hole as both your ‘Primary DNS’ and ‘Secondary DNS’ and be sure to save your changes.
The final step is to find the setting in your router’s web interface that will allow you to ‘reserve’ and IP address. Type in the IP address of your Pi and save your changes.
You need to do this so that your router doesn’t try to assign your Pi a different IP address, which would cause a lot of chaos on your network since we’ve already hard-coded the primary DNS server for your Pi’s current address.
You can now confirm everything is working correctly by navigating to the web admin page via http://pi.hole with your preferred browser.
Start browsing around to your favorite websites and you should begin to see the ‘Queries Blocked’ indicator start to increment upwards. Congratulations! You’re now all set up and ready to brave the wild frontiers of the Internet.