Archives

All posts for the month October, 2022

Why Pi?

If you’ve not heard of the pi-hole, well, let’s fix that.

Ads are something that browser plugins can fix, but what about mobile apps, or all of the other circumstances where another program can’t block or protect you from intrusion or tracking?

pi-hole was software originally designed to run on the Raspberry Pi, a small, cheap computer that has the power of a mobile phone. This is plenty for doing simple tasks, even when some of them are a decade old.

The idea is this: when your app or site or other software requests data, the pi-hole will look up the domain name and compare it to a list of known ads-serving places. If the name matches, the pi-hole blocks it and nothing happens. If it’s not on the list, it’s resolved properly and transparently.

Ideally this is completely done without the user noticing. DNS servers are one of the most important parts of the internet, and also one of the biggest problems. It’s also a very good place to filter requests for devices on a network and this makes it far more effective than software on a device.

I’ve use pi-hole on a Pi B+, 3, and in a Docker container. The last of which is my current home setup, but we’ll be discussing the use of pi-hole on an older Pi B+. This setup guide was inspired by use in a location that doesn’t have daily use during the year and where little professional work is done. It’s also a place where the network speed is lower than in more suburban areas or cities.

Device and setup

Make sure that your Pi, no matter the generation, has a decent power supply providing at least 1000mA. Insufficient power will affect performance of the Pi, which we don’t need to have.

Make sure you have an SD card of at least 4GB, and preferably larger. The Pi does store logs and this can cause issues when space is a problem. A faster SD card can help, but isn’t critical.

Download the Raspberry Pi Imager from here and make sure that you don’t want any data on the SD card. Start the imager and select the Raspberry Pi OS (other) option, then Raspberry Pi OS Lite (32-bit) from the menu. This will install the Pi OS but not use space or resources for a graphic interface. We’ll be setting up pi-hole on the command line and it’s quick and simple to do without a mouse.

After setting up the SD card with Pi OS, assemble the Pi itself and get it set up with a display, a wired network connection, and a keyboard. Start the Pi by plugging it in, and wait for it to boot. Go through the setup guide and create a user name and password. Select language, and other. When setup is finished, you’ll be presented with a command prompt.

Note that you may have an issue using the Enter key on some keyboards. Use Tab to move the selection box and Space to select. I only had this problem on a B+ using a keyboard designed for macOS during the Pi OS setup. Subsequent uses of the Enter/Return key worked as expected.

At the command prompt, type the following:

sudo apt install git

This will take a few minutes, depending on your Pi. You’ll be prompted to agree to install at least once. Git will allow you to download the pi-hole repository installer from Github with ease. Following the install, type this in at the command prompt to clone the pi-hole repo:

git clone --depth 1 https://github.com/pi-hole/pi-hole.git Pi-hole

change directory using this command:

cd "Pi-hole/automated install/" 

then run the installer with the following command:

sudo ./basic-install.sh 

Follow the setup instructions. This is the basic installer, so it goes without saying that this is the quick and easy configuration for a pi-hole. If you want to make changes later, there are guides for doing so, as all settings are available to be changed either through the web interface or a configuration file.

Pay special attention to the final screen that the pi-hole installer shows. It will tell you very specifically that the IP address on your local network the Pi has been assigned, that it should be set as a reserved address on your router, and give you the password for the web interface. I recommend using a phone to take a photo of this, at least temporarily.

Depending on what kind of network setup you have, the DHCP reservation may be more important than in others. Some IP address assignments expire quickly, but most modern networks do not recycle IP addresses for devices too frequently. This can be an issue if the pi-hole is used in an environment that has a lot of new clients, like a salon, coffee shop, restaurant, or other public space.

Changing your DNS setup on a router is also pretty simple, in most cases, but can have some quirks. In the Ubiquiti Amplifi mesh setup that I have used, it needed a few extra tweaks to get working right. I will recommend that you set the pi-hole’s IP address as the Primary DNS server but that you use a known good and safe DNS server as the Secondary DNS. Don’t use your ISP’s DNS IP unless you trust that they’re not using it against you.

The idea behind not sending all traffic, at all times, through your pi-hole is for DNS reliability. If the Pi has issues, is overwhelmed, or is otherwise unresponsive to a request, a device can use the Secondary DNS address to resolve the request. If you configure your DNS to only fulfill DNS requests from the pi-hole, requests would fail completely if the pi-hole does not respond.

Test it by loading this page on a device and seeing if ads show up. Make sure the device doesn’t have a native ad blocker enabled, of course.

Final Thoughts

A pi-hole is a neat thing to add to your network, especially if you have a device available and the time to set it up. It does take a little skill, but anyone with command line and Linux experience can set it up quickly. If DNS is configured with a fall-back server, there are no risks to your network. Setting up a DNS reservation is also an interesting thing to do if you haven’t done one before.

My hopes for this guide is to have you utilize a device that might otherwise not be using. The benefits outweigh the time spent, and I enjoy looking at the admin panel for the pi-hole to see which services are blocked and how many times. Looking at network clients to see who requests the most allowed and blocked services will also give you some insight into how many “smart” devices on your network call home frequently.

Resources

https://www.raspberrypi.com/software/

https://pi-hole.net

https://docs.pi-hole.net/ftldns/configfile/

https://privacyinternational.org/guide-step/4341/raspberry-pi-setup-and-run-pi-hole