Install Pi-hole in your Raspberry PI with Raspberry Pi OS Lite

5
(2)

Last Updated on 6th February 2022 by peppe8o

Pi-hole is a DNS server that protects your devices from unwanted content, without installing any client-side software.

Clients requesting for web resources usually query public DNS servers to resolve mnemonic addresses (for example “peppe8o.com”) into IP addresses to be reached. But many internet pages include tons of internal elements redirecting to adverisement providers. It can negatively affect your download time, data amount (expecially for consume-based plans) and, in some extreme cases, also user experience.

Pi-hole works in a very simply way: it becomes your DNS server, resolving normally page traffic (by forwarding these queries to public DNSs) and answering with a name resolution error to queries related advertisement content. Your browser will discard content not resolved and will show all other content.

In this guide we’ll install Pi-hole in a Raspberry PI Zero W with Raspberry PI OS Lite. This procedure applies also to newer Raspberry PI boards.

Pi-hole Requirements

Pi-hole is really lightweight, and requires only 512MB RAM and 52MB free disk space.

It uses following ports:

ServicePortProtocolNotes
pihole-FTL53 (DNS)TCP/UDPUsed for DNS queries binding
pihole-FTL67 (DHCP)IPv4 UDPUsed to provide IPv4 DHCP service (optional)
pihole-FTL547 (DHCPv6)IPv6 UDPUsed to provide IPv6 DHCP service (optional)
lighttpd80 (HTTP)TCPUsed for web admin console
pihole-FTL4711-4720TCPUsed to expose APIs (optional)

Below, common DNS services to which Pi-hole forwards DNS queries for not-ads resolution requests:

ProviderIP AddressesNotes
Google8.8.8.8
8.8.4.4
Default upstream DNS provider on the Pi-hole. Google DNS are fast and reliable. They are widely known as the standard choice.
OpenDNS208.67.222.222
208.67.220.220
208.67.222.220
208.67.220.222
2620:119:35::35 (IPv6)
2620:119:53::53 (IPv6)
208.67.222.123 (FamilyShield)
208.67.220.123 (FamilyShield)
Owned by Cisco, include a built-in phishing filter. OpenDNS also provides the OpenDNS FamilyShield (free)- option (blocks pornographic content, including our “Pornography,” “Tasteless,” and “Sexuality” categories) in addition to proxies and anonymizers (which can render filtering useless). It also blocks phishing and some malware.
Level34.2.2.1
4.2.2.2
This DNS service does no filtering of itself, but redirects mistyped URL to Level 3 Web Search.
Comodo8.26.56.26
8.20.247.20
SecureDNS references a real-time block list (RBL) of harmful websites (i.e. phishing sites, malware sites, spyware sites, and parked domains that may contain excessive advertising including pop-up and/or pop-under advertisements, etc.) and will warn you whenever you attempt to access a site containing potentially threatening content.
DNS.WATCH84.200.69.80
84.200.70.40
2001:1608:10:25::1c04:b12f (IPv6)
2001:1608:10:25::9249:d69b (IPv6)
DNS.WATCH offers Fast, free and uncensored DNS resolution.
Quad99.9.9.9
149.112.112.112
2620:fe::fe (IPv6)
2620:fe::9 (IPv6)
Quad9 is a free, recursive, anycast DNS platform that provides end users robust security protections, high-performance, and privacy.
CloudFlare DNS1.1.1.1
1.0.0.1
2606:4700:4700::1111 (IPv6)
2606:4700:4700::1001 (IPv6)
1.1.1.2 (Malware Blocking Only)
1.0.0.2 (Malware Blocking Only)
2606:4700:4700::1112 (IPv6) (Malware Blocking Only)
2606:4700:4700::1002 (IPv6) (Malware Blocking Only)
1.1.1.3 (Malware and Adult Content)
1.0.0.3 (Malware and Adult Content)
2606:4700:4700::1113 (IPv6) (Malware and Adult Content)
2606:4700:4700::1003 (IPv6) (Malware and Adult Content)
CloudFlare will never log your IP address (the way other companies identify you). The independent DNS monitor DNSPerf ranks Cloudflare’s DNS the fastest DNS service in the world. Cloudflare also provides 1.1.1.1 for Families, a set of resolvers that can block malware only, or malware and adult content.
Custom your custom DNS provider IPWith custom, you’ll choose your favorite DNS provider. If you care about Internet independence and privacy, we suggest having a look at the OpenNIC DNS Project.
Ref: https://docs.pi-hole.net/guides/upstream-dns-providers/

What We Need

Raspberry PI Zero WH board

As usual, I suggest adding from now to your favourite e-commerce shopping cart all the needed hardware, so that at the end you will be able to evaluate overall costs and decide if continue with the project or remove them from the shopping cart. So, hardware will be only:

Step-by-Step procedure

Before starting, it is suggested to reserve IP Address for your Raspberry PI in your router. Even if most of recent routers are enought smart to identify a device and tending to assign always the same IP address, it is a best practice to have it stable for daily usage.

Preparing Raspberry PI OS Lite

We need to start with OS installation. If not already done, please install Raspberry PI OS Lite to have a lightweight OS. From terminal, make your OS up to date:

sudo apt update
sudo apt upgrade

Install Pi-hole

This phase is really simple with the convenient automated install script from pi-hole. Installation will show a number of configuration steps that can be left as default and can be also edited in a second moment.

From terminal:

sudo curl -sSL https://install.pi-hole.net | bash

From here a simple wizard will start. Before all, some basic checks are performed:

Raspberry PI pihole setup pre-checks

You will see that the “root user check” hasn’t passed. We are launching installation setup from pi user (not root) user, but following checks will verify that sudo is available and it is enought to proceed with correct setup.

Raspberry PI pihole setup (1)
Raspberry PI pihole setup (2)
Raspberry PI pihole setup (3)

Next steps will ask you to confirm or edit default settings. As said, I suggest to use default settings to start, tuning them after a first working usage. Moreover, you will be able to edit them after installation completion.

Raspberry PI pihole setup (4)
Raspberry PI pihole setup (5)
Raspberry PI pihole setup (6)
Raspberry PI pihole setup (7)
Raspberry PI pihole setup (8)
Raspberry PI pihole setup (9)
Raspberry PI pihole setup (10)
Raspberry PI pihole setup (11)
Raspberry PI pihole setup (12)
Raspberry PI pihole setup (13)

Last page screen summarized main installation variables. You will find here your Raspberry PI IP address exposing DNS service (in may case 192.168.1.78) and gave you default password for your web admin console logging. Do you discarded it or didn’s see it? Don’t worry… Once installation is completed, the first operation suggested is changing web admin password with following terminal command:

pihole -a -p <<yourNewWebPassword>>

We’ll use it later…

From here, your Pi-hole is ready and listening to incoming DNS queries.

Setup Devices DNS to Use Pi-hole

From here, you have 2 different options to use. You can test Pi-hole from 1 single device or you can use it from your whole local network.

Use Pi-hole From a Single Device

This way is useful to check if your installation is correctly working. It will be applied only to these devices where you set the new DNS service. You will need to edit your personal computer or smartphone connection setup to use your Raspberry PI as DNS server. Bleow some common examples:

In Windows 10 PCs, this can be done from Control Panel -> Network and Internet -> Network and Sharing Center -> Change adapter settings. Right-click on active network interface and select Properties. Select (activating) Internet Protocol Version 4 (TCP/IPv4) option and click Properties button. Select “Use the following DNS server addresses” option and use your Raspberry Pi IP address.

In Linux PCs you can usually manage DNS servers by editing /etc/resolv.conf and modifying “nameserver” parameters with your Raspberry PI IP address.

With Android and Apple devices you can use free DNS changer apps.

Use Pi-hole From a Whole Network

If you want to use Pi-hole from your entire network, you will need to edit in your Router the DNS address passed via DHCP. It depends on Router configurations, but it is usually located under Advanced Settings, LAN, DHCP settings.

Manage Your Pi-hole From Web Console

From here, you can go on Web Console to see Pi-hole in action and manage its settings.

With your favourite web browser, browse http://<<yourRpiIpAddress>>/admin/. (in my case: http://192.168.1.78/admin/). First page will appear like following:

Raspberry PI pihole web admin home

It will show basic stats. To have a more complete management dashboard, please login using password previously set. Admin Dashboard will appear:

Raspberry PI pihole web admin dashboard

From here you will have full control on your Pi-hole server.

Between other options, there are some cool capabilities.

With Whitelist and Blacklist you will be able to manually permit (whitelist) or deny (blacklist) specific domain you want close from your DNS queries.

Raspberry PI pihole web admin whitelist

With Local DNS Records, you can create your private dns records to be used in your local network instead of ip addresses.

Raspberry PI pihole web admin local dns records

Using TOR Proxy Server With Pi-hole

A common mix includes using TOR proxy server and Pi-hole to merge IP anonimization and advertisement blocking features.

This is a simple task. If you aregoing to use the same Raspberry PI for both services, after installing TOR proxy server, you only need to add following row in your /etc/tor/torrc file:

DNSPort 127.0.10.1:53

Enjoy!

Check hardware prices with following links:

Amazon raspberry pi boards box
Amazon raspberry pi Zero W box
Amazon Micro SD box

How useful was this post?

Click on a star to rate it anonymously!

Average rating 5 / 5. Vote count: 2

No votes so far! Be the first to rate this post.

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?