Block ads and trackers across your network with Pi-hole

Network Configuration

If you want the devices on your network to use the Pi-hole ad blocker as their DNS server, you can enter the configuration either on the clients or in the DHCP server configuration for the wireless router (see the box entitled "Local Name Resolution"). The router option offers the advantage that all devices active on the network, from smartphones to WLAN-enabled coffee machines, automatically use the DNS filter without further configuration.

Local Name Resolution

The DNS server in the wireless router usually also handles name resolution on the local network. For example, you can control a Raspberry Pi running on the network via ssh pi@raspberrypi without knowing its IP address. The router knows the computer name assignments and IP addresses, because it assigns the IPs itself via its DHCP server. However, if you now route the DNS queries via the Pi-hole blocker, you lose this convenience as Pi-hole does not receive any information from the router. In order to be able to continue using host names on the network, you need to activate the Settings | DNS Use Conditional Forwarding option in the settings of Pi-hole and enter the IP address of the router as well as the local domain names (in the case of a FRITZ!Box, fritz.box). Pi-hole then forwards requests for local network names to the router.

For a FRITZ!Box, you will find the required configuration in Home network | Network | Network settings | IPv4 addresses. Enter the IPv4 address of the Pi-hole system below local DNS server. Repeat the same procedure in the IPv6 address settings. There is a separate section for the DNSv6 servers on the home network.

As soon as you restart a client's network connection, for example, using the Network Manager of the desktop environment, the system should use Pi-hole as its DNS server. To be on the safe side, it is a good idea to restart all clients one time. For example, an Android smartphone used in the test network did not want to use the Pi-hole DNS until after a restart. And, yes, we did try turning it off and back on again.

You can check the effect of the Pi-hole ad blocker on Linux with the dig command (Listing 2). For example, the output in Listing 2 shows that the system uses a computer with an IP address of 192.168.188.11 as its DNS server and only receives an IP address for the google.com domain. However, querying the IP of google-analytics.com returns 0.0.0.0; the query disappears into a black hole, provoking a time out. See the box entitled "Unique Local Addresses" for information on performance issues that might occur with Pi-hole.

Unique Local Addresses

After entering the Pi-hole system as DNS server, it can happen that the loading times of web pages deteriorate noticeably. If so, check the IPv6 settings in the router's administration interface – in the case of FRITZ!Box, below Home network | Network | Network settings | IPv6 addresses. In the Unique Local Addresses section, you will usually find the option Assign Unique Local Addresses (ULA) as the default setting, as long as there is no IPv6 Internet connection. This option prevents the router from assigning unique local addresses (the IPv6 counterpart to private IPv4 addresses) when an IPv6 address is provided by the Internet provider.

Due to the privacy extensions implemented in IPv6, the IPv6 address – also that of the Pi-hole server – continually changes, and DNSv6 queries then disappear in a black hole. If the loading times are noticeably longer, enable the Unique Local Addresses (ULA) always assign option and then restart the Pi-hole server. Ideally, you will want to check this setting before installing Pi-hole. The unique local address of the Pi-hole system can be determined using the ip -6 addr command. Pay attention to the inet6 line, which starts with fd00 or the prefix you set in the FRITZ!Box configuration. Enter this address in the format fd00:0:0:0:aaaa:bbbb:cccc:dddd as your Local DNSv6 server in the IPv6 addresses section. Finally, you need to update your Pi-hole configuration by typing pihole -r; the system will now use the new IPv6 address.

Listing 2

Checking Pi-hole

 

Admin Back End

The configuration interface of the Pi-hole server can be accessed via http://pi.hole/admin or, if the name resolution does not work, by typing http://IP_address/admin in your browser's address bar. Clicking on the Login entry in the sidebar lets you log in with the password randomly generated during installation. If you have forgotten it, you need to log on to the system via SSH or locally and set a new password with the sudo pihole -a -p command.

The system welcomes you to the dashboard, which displays a number of statistics (Figure 3). If logging is enabled, you will also find the most frequently queried domains and the domains most often blocked by Pi-hole. Details on the current queries can be found via Query Log; the overview in Long term data lets you view statistics for any time period. (Figure 4).

Figure 4: Viewing log term data in the Pi-hole query log.
Figure 3: The dashboard for the Pi-hole admin interface delivers information on the ad blocker's status.

If this detailed logging of your Internet activities offends your sense of privacy, you can adjust the logging level in Settings | Privacy. If needed, you can also use the sudo pihole logging off command to disable the syslog in /var/log/pihole.log.

If the website fails to load as desired, try disabling Pi-hole's filter function by selecting Disable. The menu gives you the choice of a time out between 10 seconds and up to 5 minutes, an arbitrary time of your choosing, or you can completely disable the filter. Once you disable the filter, the Active status top left above the sidebar shows red.

If you urgently need to visit a site classified as problematic, you can add the domain to your whitelist. The blacklist lets you add more sites you want to block. You can use regular expressions and wildcards when adding domains to the lists.

Double Filter

To investigate the impact Pi-hole has on loading times, we decided to do a comparison test with three German news portals: Spiegel Online, Welt.de, and Golem.de. We used the version 76.0.3809.87 web browser in the plain vanilla version, and then with the uBlock Origin ad-blocking add-on, and finally without an ad blocker, but with the DNS filter courtesy of Pi-hole 1.21.6. Finally, we investigated what a combination of all these filters offered.

The figures in Table 1 show that the dedicated ad blockers accelerate the load action far better than the Pi-hole filter left to its own devices. Despite this, you can use a combination of all of these technologies, that is, ad blocker plus Pi-hole, to reduce the loading times by another 10 to 20 percent. The speed benefits turned out to be particularly spectacular for loading pages plastered with ads. The Welt.de site came up six times faster in our lab.

Table 1

Loading Times Compared

 

Chrome

Pi-hole

uBlock Origin

Pi-hole + uBlock Origin

Version

76.0.3809.87

04.03.01

1.21.6

1.21.6 + 04.03.01

SpOn

7459 (± 194)

3490 (± 690)

1928 (± 64)

1959 (± 122)

Welt

9817 (± 436)

5862 (± 360)

2210 (± 272)

1644 (± 202)

Golem

6778 (± 458)

2619 (± 93)

506 (± 69)

463 (± 38)

All of these times are shown in milliseconds (rounded). Mean values for five rounds of testing are determined using the Chrome Dev Tools.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Pi-hole

    Supporting browser plug-ins, network-based DNS blockers like Pi-hole help protect you against online tracking and unwanted content.

  • The sysadmin's daily grind: Pi-hole

    A strange rule seems to dictate that the most useless products and services have the most annoying online advertising. Columnist Charly blocks the garish advertising for all computers on his network centrally with the Pi-hole tool, which is not only for Raspberry Pi devices.

  • Privacy Appliances

    A Raspberry Pi with the right software filters out annoying ads and nasty trackers for end devices on your local network.

  • Mistborn

    Mistborn bundles important Internet services on your home network and secures them with a WireGuard VPN tunnel, Pi-hole, iptables rules, and separate containers.

  • FOSSPicks

    The promised profusion of extra time has failed to materialize for Graham this month, leaving him with too many synth kits to build, a table littered with components, and a leaking toilet.

comments powered by Disqus