Installing a network-wide ad

blocker with a Raspberry Pi

LUG @ NCSU
Caleb Rollins
Preface & Resources

●
https://pi-hole.net/
●
https://docs.pi-hole.net/
●
https://discourse.pi-hole.net
●
Most of this presentation was shamelessly
taken and condensed from the forums and
documentation pages
●
This is merely a getting started guide with
all the essential information in a
convenient format
2
Why I was initially interested in Pihole

●
Content is blocked in non-traditional
locations, such as mobile games, Roku, and
other IOT devices on your local network
●
Caching DNS queries does not affect loading
times
●
Can function as a DHCP server, ensuring all your
devices are protected automatically
●
Blocks ads over both IPv4 and IPv6
●
Free and open-source
●
Better and more robust than a browser extension
3
At a high level, how does Pi-hole work?

●
You open your favorite web browser
●
You type amazon.com in the address bar
●
Pi-hole looks up amazon.com and begins
downloading it
●
It will detect the domains used to serve
advertisements (from crowd sourced databases)
and instead of looking up the real address of those
sites, it will send a fake address instead
●
This allows the legitimate content on amazon.com
to load, but prevents the ad images and videos from
being downloaded
4
Prereqs

●
Very lightweight
– Min. 2GB free space, 4GB recommended
– 512MB RAM
●
Pi-hole is supported on distributions utilizing systemd or
sysvinit
– Raspberry Pi OS (formerly Raspbian)
– Ubuntu
– Debian
– Fedora
– CentOS
●
Can also be installed via Docker, but I don’t have much
knowledge about this platform
5
Prereqs

●
Pi-hole needs a static IP address to properly function
“Users may run into issues because we currently install dhcpcd5, which may conflict with other running network
managers such as dhclient, dhcpcd, networkmanager, and systemd-networkd.” (documentation)

●
Stable network connection (ethernet over wifi if possible)
●
Your device is essentially a server now
●
You may have to edit your firewall config
– IPv4:
●
ufw allow 80/tcp
●
ufw allow 53/tcp
●
ufw allow 53/udp
●
ufw allow 67/tcp
●
ufw allow 67/udp
– IPv6 (including the above IPv4 rules):
●
ufw allow 546:547/udp
6
Installation Overview

●
On your device of choice that is connected to your LAN
– wget -O basic-install.sh https://install.pi-hole.net
– sudo bash basic-install.sh
– Install script will guide you through basic setup
●
Three Options
– Configure your router to have DHCP clients use Pi-hole as their
internal DNS server (this is optimal)
– Use Pi-hole's built-in DHCP server (good backup, complicated)
– Manually set each device to use Pi-hole as their DNS server
(pain in the arse)
●
The reason we must change these settings on our network
is so that all traffic is routed through the Pi-hole

7
Option 1: Setup Pi-hole as internal DNS server

●
Log into your router’s configuration
page and find the DHCP/DNS settings
●
Make sure you adjust this setting under
your LAN settings and NOT the WAN
●
Upstream WAN DNS servers options are
configured/chosen in the setup script for Pi-hole
(OpenDNS, Google, etc.)

8
Option 1: Setup Pi-hole as internal DNS server

●
From documentation
https://discourse.pi-hole.net/t/h
ow-do-i-configure-my-devices-t
o-use-pi-hole-as-their-dns-serve
r/245

Pi-hole LAN IP Address

9
Option 1: Setup Pi-hole as internal DNS server

●
Router control panels will vary (kinda like BIOS
settings)
– ie. my home router

my public ip lol

Pi-hole LAN IP Address

10
Option 1: Closing reminders

●
If you have existing devices on the
network, ads will not be blocked until
the DHCP lease is renewed
●
DHCP leases can range from a couple
hours to days, so….
●
Usually a renewal of each device’s
lease can be forced by restarting the
device

11
Option 2: Using Pi-hole as a DHCP server

●
Like mentioned earlier, very complicated
●
Uses dns service called dnsmasq to act as replacement for
built-in DHCP server that router has
●
Be sure to disable DHCP on your router first or many issues
could occur
– I made this mistake and my home network came to a
grinding halt….
●
More information is available on their documentation pages
– https://docs.pi-hole.net/main/post-install/
– https://discourse.pi-hole.net/t/how-do-i-configure-my-devices-to-use-pi-hole-a
s-their-dns-server/245
– Really helpful and complete documentation. Yay!
●
For these reasons we will not be going too deep on this option
12
Option 3: Opting In/Out

●
Hybrid option that allows for hand-
picking which device on the LAN is
protected by Pi-hole
– Think of it is an opt-in/opt-out method (ex. the
network is shared with a roommate)
●
This means that your Pi-hole was configured either
by option 1 or 2 earlier
●
“By manually setting the DNS server to something
other than Pi-hole, you override the DHCP options,
and thus what DNS server to use, provided by your
router.” (documentation)
13
Option 3: Opting In/Out

●
Getting to DNS settings on each
device/OS is a little different but they
all kinda follow this
Control Panel/Settings → Network/Internet →
Details/Advanced Settings → DNS/IP Addressing
●
To opt-in: Set your DNS server to the
Pi-hole’s LAN IP
●
To opt-out: Set your DNS server(s) to
other servers (ex. Google DNS 8.8.8.8)
14
We are now done with all the dirty
work!

15
Config

●
GUI Option → this can be accessed at
– http://MY_PIHOLE_IP_ADDRESS/admin

16
Config

●
CLI option → I typically SSH into my
Raspberry Pi when I need to do this
– pihole status
– pihole version
– pihole logging
– pihole updatePihole
– pihole enable
– Lots more….
https://docs.pi-hole.net/core/pihole-command/#pi-hole-core

17
Config

●
Custom whitelist and blacklist sites
can be added
●
Different databases/known
advertisement sites can be tweaked
●
Log files can be viewed
●
Ad blocking can be permanently or
temporarily disabled for
debug/testing

18
The Results: Advertisement Heavy Site

●
Before →

my public ip

19
The Results: Advertisement Heavy Site

●
After

my public ip

20
The Results: Roku TV

●
Before →

21
The Results: Roku TV

●
After

22
Questions?

23