Last Updated on
Pi-hole is a DNS server that protects your devices from unwanted content, without installing any client-side software.
Clients requesting for web resources usually query public DNS servers to resolve mnemonic addresses (for example “peppe8o.com”) into IP addresses to be reached. But many internet pages include tons of internal elements redirecting to adverisement providers. It can negatively affect your download time, data amount (expecially for consume-based plans) and, in some extreme cases, also user experience.
Pi-hole works in a very simply way: it becomes your DNS server, resolving normally page traffic (by forwarding these queries to public DNSs) and answering with a name resolution error to queries related advertisement content. Your browser will discard content not resolved and will show all other content.
In this guide we’ll install Pi-hole in a Raspberry PI Zero W with Raspberry PI OS Lite. This procedure applies also to newer Raspberry PI boards.
Pi-hole is really lightweight, and requires only 512MB RAM and 52MB free disk space.
It uses following ports:
|pihole-FTL||53 (DNS)||TCP/UDP||Used for DNS queries binding|
|pihole-FTL||67 (DHCP)||IPv4 UDP||Used to provide IPv4 DHCP service (optional)|
|pihole-FTL||547 (DHCPv6)||IPv6 UDP||Used to provide IPv6 DHCP service (optional)|
|lighttpd||80 (HTTP)||TCP||Used for web admin console|
|pihole-FTL||4711-4720||TCP||Used to expose APIs (optional)|
Below, common DNS services to which Pi-hole forwards DNS queries for not-ads resolution requests:
|Default upstream DNS provider on the Pi-hole. Google DNS are fast and reliable. They are widely known as the standard choice.|
|Owned by Cisco, include a built-in phishing filter. OpenDNS also provides the OpenDNS FamilyShield (free)- option (blocks pornographic content, including our “Pornography,” “Tasteless,” and “Sexuality” categories) in addition to proxies and anonymizers (which can render filtering useless). It also blocks phishing and some malware.|
|This DNS service does no filtering of itself, but redirects mistyped URL to Level 3 Web Search.|
|SecureDNS references a real-time block list (RBL) of harmful websites (i.e. phishing sites, malware sites, spyware sites, and parked domains that may contain excessive advertising including pop-up and/or pop-under advertisements, etc.) and will warn you whenever you attempt to access a site containing potentially threatening content.|
|DNS.WATCH offers Fast, free and uncensored DNS resolution.|
|Quad9 is a free, recursive, anycast DNS platform that provides end users robust security protections, high-performance, and privacy.|
126.96.36.199 (Malware Blocking Only)
188.8.131.52 (Malware Blocking Only)
2606:4700:4700::1112 (IPv6) (Malware Blocking Only)
2606:4700:4700::1002 (IPv6) (Malware Blocking Only)
184.108.40.206 (Malware and Adult Content)
220.127.116.11 (Malware and Adult Content)
2606:4700:4700::1113 (IPv6) (Malware and Adult Content)
2606:4700:4700::1003 (IPv6) (Malware and Adult Content)
|CloudFlare will never log your IP address (the way other companies identify you). The independent DNS monitor DNSPerf ranks Cloudflare’s DNS the fastest DNS service in the world. Cloudflare also provides 18.104.22.168 for Families, a set of resolvers that can block malware only, or malware and adult content.|
|Custom||your custom DNS provider IP||With custom, you’ll choose your favorite DNS provider. If you care about Internet independence and privacy, we suggest having a look at the OpenNIC DNS Project.|
What We Need
As usual, I suggest adding from now to your favourite ecommerce shopping chart all needed hardware, so that at the end you will be able to evaluate overall costs and decide if continuing with the project or removing them from shopping chart. So, hardware will be only:
- Raspberry PI Zero W (including proper power supply or using a smartphone micro usb charger with at least 3A) or newer Raspberry PI board
- micro SD card (at least 16 GB, at least class 10)
Before starting, it is suggested to reserve IP Address for your Raspberry PI in your router. Even if most of recent routers are enought smart to identify a device and tending to assign always the same IP address, it is a best practice to have it stable for daily usage.
Preparing Raspberry PI OS Lite
We need to start with OS installation. If not already done, please install Raspberry PI OS Lite to have a lightweight OS. From terminal, make your OS up to date:
sudo apt update sudo apt upgrade
This phase is really simple with the convenient automated install script from pi-hole. Installation will show a number of configuration steps that can be left as default and can be also edited in a second moment.
sudo curl -sSL https://install.pi-hole.net | bash
From here a simple wizard will start. Before all, some basic checks are performed:
You will see that the “root user check” hasn’t passed. We are launching installation setup from pi user (not root) user, but following checks will verify that sudo is available and it is enought to proceed with correct setup.
Next steps will ask you to confirm or edit default settings. As said, I suggest to use default settings to start, tuning them after a first working usage. Moreover, you will be able to edit them after installation completion.
Last page screen summarized main installation variables. You will find here your Raspberry PI IP address exposing DNS service (in may case 192.168.1.78) and gave you default password for your web admin console logging. Do you discarded it or didn’s see it? Don’t worry… Once installation is completed, the first operation suggested is changing web admin password with following terminal command:
pihole -a -p <<yourNewWebPassword>>
We’ll use it later…
From here, your Pi-hole is ready and listening to incoming DNS queries.
Setup Devices DNS to Use Pi-hole
From here, you have 2 different options to use. You can test Pi-hole from 1 single device or you can use it from your whole local network.
Use Pi-hole From a Single Device
This way is useful to check if your installation is correctly working. It will be applied only to these devices where you set the new DNS service. You will need to edit your personal computer or smartphone connection setup to use your Raspberry PI as DNS server. Bleow some common examples:
In Windows 10 PCs, this can be done from Control Panel -> Network and Internet -> Network and Sharing Center -> Change adapter settings. Right-click on active network interface and select Properties. Select (activating) Internet Protocol Version 4 (TCP/IPv4) option and click Properties button. Select “Use the following DNS server addresses” option and use your Raspberry Pi IP address.
In Linux PCs you can usually manage DNS servers by editing /etc/resolv.conf and modifying “nameserver” parameters with your Raspberry PI IP address.
With Android and Apple devices you can use free DNS changer apps.
Use Pi-hole From a Whole Network
If you want to use Pi-hole from your entire network, you will need to edit in your Router the DNS address passed via DHCP. It depends on Router configurations, but it is usually located under Advanced Settings, LAN, DHCP settings.
Manage Your Pi-hole From Web Console
From here, you can go on Web Console to see Pi-hole in action and manage its settings.
With your favourite web browser, browse http://<<yourRpiIpAddress>>/admin/. (in my case: http://192.168.1.78/admin/). First page will appear like following:
It will show basic stats. To have a more complete management dashboard, please login using password previously set. Admin Dashboard will appear:
From here you will have full control on your Pi-hole server.
Between other options, there are some cool capabilities.
With Whitelist and Blacklist you will be able to manually permit (whitelist) or deny (blacklist) specific domain you want close from your DNS queries.
With Local DNS Records, you can create your private dns records to be used in your local network instead of ip addresses.
Using TOR Proxy Server With Pi-hole
A common mix includes using TOR proxy server and Pi-hole to merge IP anonimization and advertisement blocking features.
This is a simple task. If you aregoing to use the same Raspberry PI for both services, after installing TOR proxy server, you only need to add following row in your /etc/tor/torrc file:
Check hardware prices with following links: