Blog
Pihole
Series: home improvement
Tags: ads, tracking, pihole, raspberrypi, privacy
The big picture
Have you ever wonder why you can have ads blocker on your desktop/laptop but then you still see ads on your phone?
Have you ever wish that you don’t have to see ads after every round of a F2P game (looking at you Among Us🤨)
Have you ever think that does your IoT devices (Amazon Echo, Google Home, Homepod) is sending some sneaking analytics back to their server?
I had those question and concerns, and on my quest to get track-free, I discovered Pihole - a DNS blocking system!
Pihole - a blackhole for the internet
Pihole is a DNS Sink hole for your internet. It apply a blocklist for the whole household that connect to your router and does not have weird DNS configuration in each device.
How Pihole work is you have a (bunch of) list of blocklist, which whenever your device want to send a request to those addresses, Pihole will return back empty request so it prevent your device to connect to such addresses. This is like having an adblocker on every device of your network, not just browser only!
Here is what a Pihole dashboard look like on my local network for my past 24 hours.
This chart make me wondering why more than 1/3 of my internet usage is purely on tracking myself. This is an alarming stat because it show how much effort people are putting in to make you (or me) as just another of their datapoint. What can they do with those data when they have it? How will those companies affect my internet usage in the future?
If you haven’t watch *The Social Dilema", I highly recommend you to give it a go and some food for thought.
If you are not paying for a product, then you are the product.
So how did I set all of this up? Actually, it’s surprisingly easy with Docker!
Advantages of running Pihole in Docker
Personally, I prefer to run as much stuff in Docker as possible. It help keep my base OS run less bloat-ly and reduce all this installation clash madness. Also if I want to update or upgrade the component, I just need to re-pull the latest docker images and restart the container. If those words doesn’t make sense to you, don’t worry since you can install using normal way too.
To install pihole on your raspberry pi normally, it’s dead simple with 1 command:
curl -sSL https://install.pi-hole.net | bash
(source)[https://docs.pi-hole.net/main/basic-install/]
But since I’m running in docker, I’ll put the docker instruction below
Running pihole with Docker
Create volumes
You will need to create some volumes to keep the data persistent with Pihole. It need something to write the data into.
You need to run 2 commands:
docker volume create pihole
docker volume create dnsmasq
Run container
After altering the command variable to your setting, running this is almost the last step
docker run \
--name=pihole \
-e TZ=America/New_York \
-e WEBPASSWORD=YOURPASS \
-e SERVERIP=YOUR.SERVER.IP \
-v pihole:/etc/pihole \
-v dnsmasq:/etc/dnsmasq.d \
-p 80:80 \
-p 53:53/tcp \
-p 53:53/udp \
--restart=unless-stopped \
pihole/pihole
Variables
Make sure to edit the variables in the command to match your setup. Below is a table of information about the variables used in the above command.
| Variable | Information |
|---|---|
| -e TZ=america/new_york | Change your time zone with the correct time zone from the TZ Database. |
| -e WEBPASSWORD=YOURPASS | Change YOURPASS with a password that you will use to access the application. |
| -e SERVERIP=YOUR.SERVER.IP | Change YOURSERVERIP to the IP address of your docker host machine. |
| -v pihole:/etc/pihole | Volume mapping the pihole volume that you created to the /etc/pihole folder within the container. |
| -v dnsmasq:/etc/dnsmasq.d | Volume mapping the dnsmasq volume that you created to the /etc/dnsmasq.d folder within the container. |
| -p 80:80 | Mapping port 80 on the host machine to port 80 on the application container. This is for the admin container and to ensure that ads that are blocked on your network show up blank. |
| -p 53:53/tcp | Mapping tcp port 53 for DNS requests on the host machine to port 53 on the application container. |
| -p 53:53/udp | Same as above, except adding udp port 53. |
| –restart=unless-stopped | Ensures that the container restarts if there should be a power cycle or and issue that causes the container to unexpectedly stop. |
Setup to be DNS server
Going to your http://YOURSERVERIP/admin in your browser and login with your YOURPASS in the previous command
From there, you can open settings -> DNS and tick like the following picture. We will use Google and Cloudflare DNS, which then eliminate most of the “1.1.1.1” or “8.8.8.8” trick out there.
What happening here is your Pihole will be the first connection point for any DNS query, it will check the adress agaisnt the pre-defined list then if it’s not in the list, it will pass your query toward the Google/Cloudflare DNS to continue.
After hitting save at the bottom of the screen, the final bit is to point your home router to Pihole!
Setup the blocklist
Under Group Management there is a panel for Adlists, which is where you can config your blocklist. Personally I use all the block list from here
Setup the Router
This is the final step! Your router may varies so you should consult your router manual. Here is what I did on my home Talktalk hub router.
After this, just restart your device and enjoy a more ad-free experience in everything in your devices. Sometime you will feel that your webpage loading is faster too since no more of those invasive tracking requests need to get processed.
Final
If you have the resources, please try to run a pihole on your home network. The feeling of you are getting tracked way less and also less ads cross devices you own is such a peace of mind that I do not want to trade it back.