Block ads and trackers across your network with Pi-hole
The Trickster
The Pi-hole ad blocker filters ads and trackers from the data stream for all devices on the network, from your smartphone to your toaster.
Internet users, content providers, and ad blocker developers are in a constant arms race. Users have deployed ad-blocker web browser extensions for years, and these extensions work quite well for standard web pop-ups and banner ads. But browser extensions are a little more trouble to implement on cell phones and other mobile devices. Also, ads built into apps typically remain untouched by the filters imposed by browser extensions. In addition, conventional ad blockers do nothing to stop modern Internet-connected devices like smart TVs, stereos, and even washing machines from transmitting data to the Internet in a very talkative way.
Other alternatives have developed in recent years to give users new tools for stopping Internet ads in a more global and comprehensive way. Pi-hole [1] is a promising tool that provides a centralized means for stopping Internet advertisements across a local network. The Pi-hole developers refer to Pi-hole as a "black hole for Internet advertisements." In more technical terms, Pi-hole is what is often called a "DNS sinkhole" [2]. A DNS sinkhole is a DNS server that gives out unroutable IP addresses for domains that are listed in a "sinkhole" list, which is basically a blacklist. Because Pi-hole leverages a standard process that is built into all TCP/IP networks (the DNS lookup process), it doesn't require any client applications or special configuration, other than to point the client to the Pi-hole DNS server, which can happen automatically through DHCP.
Sinking the Putt
Pi-hole combines common Linux-based network tools such as the DNS forwarder dnsmasq with a lighttpd web server and other Linux tools. As the name suggests, many users install the program on a Raspberry Pi. In addition to Raspbian, the project also supports Debian, Ubuntu, Fedora, and CentOS (see the box entitled "Pi-hole on Linux").
Pi-hole on Linux
In our test with Ubuntu 18.04 and 19.04, we had no problems installing Pi-hole. However, users should be aware that Pi-hole intervenes quite deeply in the system. The installation routine deactivates the integrated DHCP client and replaces it with dhcpcd5
, and the system sets up a static IP address. If you want to change the IP address later, call pihole -r
with administrative privileges and select the Reconfigure option.
In principle, you should install Pi-hole on a computer on a LAN that runs 24/7. As soon as you configure your network for Pi-Hole, you'll need a working Pi-Hole server or Internet access will not function properly. This need for continuous operation is one reason a Raspberry Pi is often used as a Pi-Hole server: Even a brand new Rasp Pi 4B costs only EUR35 (~$39) and hardly needs any electricity. Pi-hole itself requires only a limited amount of resources, so you can also use the Pi for other tasks.
Pi-hole is installed via a script you can download from the web using the commands in Listing 1. You'll need to run the basic-install.sh
script with administrative privileges. At the end, the setup script displays the URL and a random password for the web interface, which you can change if necessary using the command pihole -a -p
.
Listing 1
Installing Pi-hole
DNS Options
During the installation, you have to answer a number of questions: For Upstream DNS Provider (Figure 1) you have a choice between the DNS servers of Google, OpenDNS [3], and Quad9 [4] (see the box entitled "A Gift, but Not for Free"). Optionally, select Custom and enter any DNS servers in the system (one after the other, separated by commas), such as those operated by your Internet provider.
A Gift, but Not for Free
Many DNS providers offer their services without requiring payment, but they are by no means free. That Google likes to collect data is well known. OpenDNS is now part of network giant Cisco. Quad9 is backed by IBM and Packet Clearing House (PCH), as well as the Global Cyber Alliance, which was founded by the police authorities of London and New York. The service promises not to store personal data, but its proximity to government agencies is enough to set the alarm bells ringing for some users.
The installation routine asks which ad-blocker and anti-tracker lists you want to use. For the most comprehensive protection possible, leave all preselected options enabled. You will then need to configure the network settings. The setup automatically detects whether to enable IPv4 and IPv6. Then the program detects the current IPv4 address and asks if it should use this address automatically in the future. The IPv4 default gateway you need to specify is usually your router's IP address; however, the setup typically detects the gateway automatically.
Static IP Address
To avoid IP conflicts, open the settings of your wireless router and mark the IP address of the Pi-hole machine as static. For a FRITZ!Box router, for example, you will find the option Always assign the same IPv4 address to this network device by editing the device below Home network | Network. Alternatively, adjust the IP address entered on the Pi-hole server so that it comes from a range that the wireless router does not use (FRITZ!Box: Home network | Network | Network settings | IPv4 addresses).
If you want to change the configuration of Pi-hole later on, call the installation routine again with the pihole -r
command. You then have the choice between Repair, which transfers the existing settings cleanly into the system again, and Reconfigure, with which you repeat the setup, specifying the previous settings.
For the remaining questions, you will not want to change the default selection. These questions allow you to (de-)activate the web-based admin interface, install the lighttpd server (also known as "Lighty"), and choose if the system should log data later on. Privacy Mode allows variants from 0 Show everything to 3 Anonymous mode and also allows complete deactivation of all statistics.
Finally, the system shows a summary with the most important data, the path to the installation log, and the URLs through which you can reach the system in the future (Figure 2). This information can also be found as output in the terminal. After the completion of the setup script, you will only have to reboot if you have changed the IP address of the system.
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Halcyon Creates Anti-Ransomware Protection for Linux
As more and more Linux systems are getting targeted by ransomware, Halcyon is stepping up its protection.
-
Valve and Arch Linux Announce Collaboration
Valve and Arch have come together for two projects that will have a serious impact on the Linux distribution.
-
Hacker Successfully Runs Linux on a CPU from the Early ‘70s
From the office of "Look what I can do," Dmitry Grinberg was able to get Linux running on a processor that was created in 1971.
-
OSI and LPI Form Strategic Alliance
With a goal of strengthening Linux and open source communities, this new alliance aims to nurture the growth of more highly skilled professionals.
-
Fedora 41 Beta Available with Some Interesting Additions
If you're a Fedora fan, you'll be excited to hear the beta version of the latest release is now available for testing and includes plenty of updates.
-
AlmaLinux Unveils New Hardware Certification Process
The AlmaLinux Hardware Certification Program run by the Certification Special Interest Group (SIG) aims to ensure seamless compatibility between AlmaLinux and a wide range of hardware configurations.
-
Wind River Introduces eLxr Pro Linux Solution
eLxr Pro offers an end-to-end Linux solution backed by expert commercial support.
-
Juno Tab 3 Launches with Ubuntu 24.04
Anyone looking for a full-blown Linux tablet need look no further. Juno has released the Tab 3.
-
New KDE Slimbook Plasma Available for Preorder
Powered by an AMD Ryzen CPU, the latest KDE Slimbook laptop is powerful enough for local AI tasks.
-
Rhino Linux Announces Latest "Quick Update"
If you prefer your Linux distribution to be of the rolling type, Rhino Linux delivers a beautiful and reliable experience.