Block ads and trackers across your network with Pi-hole

The Trickster

Article from Issue 232/2020

The Pi-hole ad blocker filters ads and trackers from the data stream for all devices on the network, from your smartphone to your toaster.

Internet users, content providers, and ad blocker developers are in a constant arms race. Users have deployed ad-blocker web browser extensions for years, and these extensions work quite well for standard web pop-ups and banner ads. But browser extensions are a little more trouble to implement on cell phones and other mobile devices. Also, ads built into apps typically remain untouched by the filters imposed by browser extensions. In addition, conventional ad blockers do nothing to stop modern Internet-connected devices like smart TVs, stereos, and even washing machines from transmitting data to the Internet in a very talkative way.

Other alternatives have developed in recent years to give users new tools for stopping Internet ads in a more global and comprehensive way. Pi-hole [1] is a promising tool that provides a centralized means for stopping Internet advertisements across a local network. The Pi-hole developers refer to Pi-hole as a "black hole for Internet advertisements." In more technical terms, Pi-hole is what is often called a "DNS sinkhole" [2]. A DNS sinkhole is a DNS server that gives out unroutable IP addresses for domains that are listed in a "sinkhole" list, which is basically a blacklist. Because Pi-hole leverages a standard process that is built into all TCP/IP networks (the DNS lookup process), it doesn't require any client applications or special configuration, other than to point the client to the Pi-hole DNS server, which can happen automatically through DHCP.

Sinking the Putt

Pi-hole combines common Linux-based network tools such as the DNS forwarder dnsmasq with a lighttpd web server and other Linux tools. As the name suggests, many users install the program on a Raspberry Pi. In addition to Raspbian, the project also supports Debian, Ubuntu, Fedora, and CentOS (see the box entitled "Pi-hole on Linux").

Pi-hole on Linux

In our test with Ubuntu 18.04 and 19.04, we had no problems installing Pi-hole. However, users should be aware that Pi-hole intervenes quite deeply in the system. The installation routine deactivates the integrated DHCP client and replaces it with dhcpcd5, and the system sets up a static IP address. If you want to change the IP address later, call pihole -r with administrative privileges and select the Reconfigure option.

In principle, you should install Pi-hole on a computer on a LAN that runs 24/7. As soon as you configure your network for Pi-Hole, you'll need a working Pi-Hole server or Internet access will not function properly. This need for continuous operation is one reason a Raspberry Pi is often used as a Pi-Hole server: Even a brand new Rasp Pi 4B costs only EUR35 (~$39) and hardly needs any electricity. Pi-hole itself requires only a limited amount of resources, so you can also use the Pi for other tasks.

Pi-hole is installed via a script you can download from the web using the commands in Listing 1. You'll need to run the script with administrative privileges. At the end, the setup script displays the URL and a random password for the web interface, which you can change if necessary using the command pihole -a -p.

Listing 1

Installing Pi-hole


DNS Options

During the installation, you have to answer a number of questions: For Upstream DNS Provider (Figure 1) you have a choice between the DNS servers of Google, OpenDNS [3], and Quad9 [4] (see the box entitled "A Gift, but Not for Free"). Optionally, select Custom and enter any DNS servers in the system (one after the other, separated by commas), such as those operated by your Internet provider.

A Gift, but Not for Free

Many DNS providers offer their services without requiring payment, but they are by no means free. That Google likes to collect data is well known. OpenDNS is now part of network giant Cisco. Quad9 is backed by IBM and Packet Clearing House (PCH), as well as the Global Cyber Alliance, which was founded by the police authorities of London and New York. The service promises not to store personal data, but its proximity to government agencies is enough to set the alarm bells ringing for some users.

Figure 1: Pi-hole itself needs a DNS server for name resolution. The installation script comes with a selection of built-in DNS options.

The installation routine asks which ad-blocker and anti-tracker lists you want to use. For the most comprehensive protection possible, leave all preselected options enabled. You will then need to configure the network settings. The setup automatically detects whether to enable IPv4 and IPv6. Then the program detects the current IPv4 address and asks if it should use this address automatically in the future. The IPv4 default gateway you need to specify is usually your router's IP address; however, the setup typically detects the gateway automatically.

Static IP Address

To avoid IP conflicts, open the settings of your wireless router and mark the IP address of the Pi-hole machine as static. For a FRITZ!Box router, for example, you will find the option Always assign the same IPv4 address to this network device by editing the device below Home network | Network. Alternatively, adjust the IP address entered on the Pi-hole server so that it comes from a range that the wireless router does not use (FRITZ!Box: Home network | Network | Network settings | IPv4 addresses).

If you want to change the configuration of Pi-hole later on, call the installation routine again with the pihole -r command. You then have the choice between Repair, which transfers the existing settings cleanly into the system again, and Reconfigure, with which you repeat the setup, specifying the previous settings.

For the remaining questions, you will not want to change the default selection. These questions allow you to (de-)activate the web-based admin interface, install the lighttpd server (also known as "Lighty"), and choose if the system should log data later on. Privacy Mode allows variants from 0 Show everything to 3 Anonymous mode and also allows complete deactivation of all statistics.

Finally, the system shows a summary with the most important data, the path to the installation log, and the URLs through which you can reach the system in the future (Figure 2). This information can also be found as output in the terminal. After the completion of the setup script, you will only have to reboot if you have changed the IP address of the system.

Figure 2: At the end of the installation, the setup script summarizes all the essential details of the Pi-hole system.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Pi-hole

    Supporting browser plug-ins, network-based DNS blockers like Pi-hole help protect you against online tracking and unwanted content.

  • The sysadmin's daily grind: Pi-hole

    A strange rule seems to dictate that the most useless products and services have the most annoying online advertising. Columnist Charly blocks the garish advertising for all computers on his network centrally with the Pi-hole tool, which is not only for Raspberry Pi devices.

  • Privacy Appliances

    A Raspberry Pi with the right software filters out annoying ads and nasty trackers for end devices on your local network.

  • Mistborn

    Mistborn bundles important Internet services on your home network and secures them with a WireGuard VPN tunnel, Pi-hole, iptables rules, and separate containers.

  • FOSSPicks

    The promised profusion of extra time has failed to materialize for Graham this month, leaving him with too many synth kits to build, a table littered with components, and a leaking toilet.

comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

Learn More