The beauty is that you can shove Pi in it of course.
Any reason to use this instead of a free NextDNS?
Local hosting
Additionally you have control over it. Sure, you don’t need local since you’re using it in conjunction with the internet. You control it though. You decide entirely what you want to trust and don’t have to delegate that trust as much.
Nothing in this article describes it solving any problem that isn’t better solved by an ad blocker. In fact they even admit that you still need an ad blocker anyway. So why bother with the pi hole?
That means you can play free games on your phone and have no pop up ads.
You can use Netflix ads tier and crave ads tier and the pi hole blocks them It’s amazing!!
Does that also work with a VPN?
Excellent question. You can set the Pi-hole as a default DNS provider on your router which will the set it as a DNS provider for any device connected via DHCP (which in a home network should be basically everything). This means ads will be blocked across all devices and apps instead of just your browser where you installed adblock.
That was a great read. Really enjoyed that.
66.6% of all traffic is blocked with no functional impact on anything that I do
Okay. I’m convinced.
Misleading statement. It doesn’t block “traffic”, it blocks DNS requests… you don’t know how much traffic this corresponds to.
You can easily find out. 2 machines (even virtual machines) one set it’s DNS to the PiHole, one not.
Both hit the same sites in the same order. Compare network traffic.
That’s only for a single case comparison. You can’t draw statistically meaningful conclusions about what percentage of traffic the pihole has blocked over a longer period of time.
Correct. The payload of DNS requests is tiny compared to, say requesting a webpage. So there might not be a huge decrease of bandwidth usage reduction. However, having 66.6% less DNS requests is still a win. The router/gateway doesn’t have to work that hard because of the dropped requests.
Of course, because ads have zero bandwidth. /s
Are you an idiot?
As per the article
on my own network a whopping 66.6% of all traffic is blocked
I stated it’s actually 66.6% DNS requests being blocked, not the raw bandwidth utilization. Raw bandwidth savings (by not downloading the non-zero ads) would be much lesser.
Can’t we be nicer on the internet?
No, raw bandwidth savings would likely be very significant. You do realize that for many webpages the ads are most of the bandwidth? On my network (I have capped internet so this is important) if I run dns ad blocking my total bandwidth is 40% less.
I’m not sure whether it makes sense trying to discuss with you but let’s try…
You couldn’t know how much traffic you saved because you didn’t load the ad. The ad could be 1KB, 1MB or 1GB, but because you didn’t load it you wouldn’t know it’s size. Without knowing it’s size, you wouldn’t be able to calculate the savings.
As mentioned somewhere is in the thread you would have to directly compare two machines visiting the same pages and even then it’s probably only approximate because both machines might get served different ads.
I’ve compared average monthly bandwidth before and after implementation of dns based ad blocking and it has reduced my usage from anywhere from 33% to 45%.
They have been implying that ad blocking only saves the dns request, which is the most ridiculous ignorant claim I’ve ever seen.
It isn’t so much about the payload of the DNS requests, but about the content that would have been loaded if the DNS request hadn’t been blocked.
If you load a page that has 100kB of useful information, but 1MB of banner ads and trackers … you’ve blocked a lot more than 66%. But if you block 1MB of banner ads on a page that hosts a 200MB video, you’ve blocked a lot less.
Also a 66% blocked percentage seems very high. I have installed pihole on 2 networks, and I’m seeing 1.7% on my own network, but I do run uBlock on almost everything which catches most stuff before it reaches the pihole, and 25% on the other network.
Don’t fall for the trap that they recommend an expensive Pi 5: I am running Pi-hole on a Pi 2 but you can basically run this on obsolete hardware, whether that’s a Pi or a PC/laptop
Can confirm. I have 10 year old pi2 that is dedicated to pi hole and even that is not utilizing all of its 1gb of memory
I’m running Pi-hole and Pi-VPN on a Zero W (using a Geekworm case w/RJ45). It’s not very taxing at all.
I also run two other Pi-hole instances in my server cluster (one in Docker and one in an LXC container). Mostly just for uptime reasons, so I can take any one of them down at any time to perform maintenance and/or upgrade.
I run mine on a PI 0. Also use it as a samba disk partition for transferring files.
I’ve been thinking of setting one up for a while, if I have a home server would I be better off hosting it on that or as a separate device? What are the alternatives to a raspberry pi? They’ve shot up in price over the years.
Setup and run two.
This way if one goes down, the other takes over (also makes updates / maintenance easier)
If you have a server running, I wouldn’t buy more hardware. They have good example documentation for just such a configuration:
https://docs.pi-hole.net/docker/
If your server already has those ports bound (specifically the DNS port 53) you are going to have to get creative; otherwise it’ll work well!
Worst case, a cheapo pi 3 will do the job. At one point I had it running on a pi zero, so hardware requirements are pretty low.
If your using docker and the ports are bound you can just use the network mode host so the container gets it’s own ip. It’s how I have adguard running on my unraid server
edit: Sorry I mixed up the details as @starkzarn@infosec.pub pointed out. It’s a macvlan configuration. My intention was to point out it’s possible. Here’s some documentation https://docs.docker.com/engine/network/drivers/macvlan/
I put it onto my home server and it is working great. I can’t tell you about all the options, but it was so easy to start another VM for it that I didn’t look at other options too carefully.
Definitely dont bother with buying a pi if you’ve got other hardware.
I have one physical (a 3b I had no use for anymore), and two running as containers. The containers do most of the heavy lifting, since they are so much faster than a pi they respond far faster, but the physical is nice for when I take down the clusters for maintenance (or when I lose power, the clusters shut down after about 3 minutes, the pi will keep going for a while on UPS).
I personally like it on a dedicated Pi simplly because I don’t want DNS to die if i’m doing other server maintenance. the Pi is pretty much set it and forget it.
But i guerss you might as well try it on your server first and you can always buy a Pi if you find it to be too much of a pain.
I recommend having two. Otherwise your home internet goes down everytime you update or reboot or it crashes.
Interesting… And this is not a criticism, simply an observation…
I’ve a single Pihole instance running on a RPi 4 and have experienced not a single instance of any of the 3 probs you mention. Except, of course, the very few minutes it takes for a reboot which I can schedule and am aware when it’s happening…
🤷♂️
Literally just had my pihole hard crash this weekend due to a bad update to FTL. Apparently they had a major version upgrade and didn’t bother to read the notes so I had to do a full OS reinstall.
Back up your configs people. Had to dig through documentation to find the sqlite file and then parse through it like some sort of animal.
Literally just had my pihole hard crash this weekend due to a bad update to FTL. Apparently they had a major version upgrade and didn’t bother to read the notes so I had to do a full OS reinstall.
The v6 upgrade was such a disaster. I was bitten by it too, it started the upgrade then halfway through decided it didn’t like my OS (debian-testing) and crapped out … leaving me with a b0rked installation. Luckily I was able to return to v5 using my system backup. It was a right pain to figure out how to restore though, because they write files all over /opt, /etc, /usr/bin, /usr/local and /var.
For this reason I have since dockerized my pihole installation. Not only does this allow you to choose the exact pihole version you want (a bare metal install only supports the latest version), but it allows you to centralize your configuration files neatly under a docker volume, so you only have to backup the volume.
deleted by creator
Yes especially if you’re using DHCP on Pi-hole
You specifically shouldn’t run two DHCP servers on the same network. It can cause IP conflicts when two servers assign the same address to different devices. Because the device doesn’t care which DHCP server gave it an address; It just listens to whichever one happens to respond first. And each DHCP server will have its own table of reserved/in-use addresses. And if those tables don’t match, IP conflicts can occur.
Device 1 connects to the network, and requests an IP address. DHCP server 1 checks its table of available addresses, and responds with “your address is 192.168.1.50.” It marks that address as in-use, so it won’t assign it to anything else in the meantime. Device 2 connects to the network, and requests an address. DHCP server 2 checks its table of available addresses (which doesn’t match server 1’s table) and responds with “your address is 192.168.1.50.” Now you have two devices occupying the same IP address, which breaks all kinds of things.
The largest reason to run two is because DNS queries are split amongst the primary and secondary DNS servers. If you only have a primary pihole, you’ll still occasionally get ads when devices use their secondary DNS servers.
Huh? Typically you have a secondary DNS entry on your router
Secondary DNS is not for redundancy!
The way secondary DNS works is that a client distributes DNS requests across the primary and secondary DNS servers. So if you have pihole as your primary DNS and, say, 8.8.8.8 as your secondary DNS, you’re sending half of your DNS requests to google unfiltered. And if your pihole DNS goes down, half of your DNS queries time out.
The way to have redundancy with DNS is with a standby server that takes over the IP of the primary server if it goes down. You can do this with keepalived.
And what do you set that secondary DNS entry to? Operating systems may use both, so you need the secondary to point to a pi hole or else you’re letting ads through randomly.
Edit: Apparently years of seeing it called primary and secondary led to a fundamental misunderstanding of how it works lol. Just use a pi and ad guard.
Randomly? No, only when your pi goes down. Or when ever you’re looking at something that gets around the simple DNS based ad filtering pinhole does. It’s foolish to spend twice as much money for this level of fail over protection to prevent ads. It’s not like if you see an ad you’re going to die lol. If you’re that opposed to them, sure, go for it, but you’re better off spending your time doing other things to stop ads than maintaining two pi holes because one might fail.
And like the other person said, just use ad guard’s public DNS. I use it on my router and on my phone.
Randomly? No, only when your pi goes down
Not how secondary DNS works. It round robins the requests across primary and secondary DNS servers.
Why call it secondary then, that’s so counterintuitive lol 😭 I guess “the second hardest problem in computer science” applies because I can’t think of a better name either.
Why call it secondary then, that’s so counterintuitive lol
I don’t think that’s even the official naming. It probably comes from what Windows 95 called it back in the day:
On Linux, it’s just an additional “nameserver x.x.x.x” line in
/etc/resolv.conf, with no indication of which is the “primary” or “secondary”.Different Operating Systems call it different things. Windows calls it Alternate. Even if it was only used when the primary was down, DNS doesn’t provide any sort of guidance or standard on when to switch between primary and secondary. Is one query timeout enough to switch? How often do you reattempt to the first DNS server? When do you switch back? With individual queries, you can timeout and hit another NS server, but that’s a lot easier at an individual level than to infer a global system state from one query timing out.
I use adguard home in conjunction with NextDNS.
I find adguard a little better in the UI department. Have it in a docker container so it’s a set and forget.
Ive got a pi hole running, but I’m not sure if it’s worth the hassle. To me it feels like it breaks more things than it helps.
If it’s websites that are breaking, maybe you are using some really aggressive blocklist. Also, you can use multiple blocklists and assign clients to them however you please.
phrasing
I’m reasonably certain the name was intentional because of the way it could be phrased.
I played with a pi-hole setup for a bit. It was nice. I got distracted and set up NextDNS. That’s where I am now.
I like I can easily turn it on/off when I just need to do something and no time to fuss with it.
I’ve got a home server, just not fully setup and going yet, but someday…
Any thoughts on why I might do pi-hole over something like NextDNS? I think the cost is roughly $1/mo.
Used pihole for years. Loved it. Made the switch to nextdns a year ago. Not going back to pihole. There is nothing wrong with pihole. I got tired of all the time I spent tinkering with it. But, the biggest win for me…nextdns works when I’m off my home network. So I don’t have to deal with the whole vpn back into my home network for dns thing.
