HOWTO: Using Pi-hole DNS to block ads. The struggle continues… (2024)

This article is a work in progress. Updated: 2020-05-02. This isturning into a bit of a catch-up on the state of DNS for me.

Day 03 and 04 of #100DaysToOffload.

Intro

The war against ads continues. https://pi-hole.net/ looks like areasonable, good, new?, open source entry in the war against ads. Get‘yer source/install for linux at https://github.com/pi-hole/pi-hole

Per Paul Vixie

not even non-technical users need a “public DNS” to shield themselvesfrom a lot of known-evil internet sites. check out @The_Pi_Hole orhave your 12yo child or cousin install it.

..but I always make things harder.

HOWTO: Using Pi-hole DNS to block ads. The struggle continues… (1)

What

  • It’s a local DNS server to block adds.

Why

  • Blocking ads is a moral good.
  • I’ve not done home network hacking for a while.
  • I’m moving into a bit of a more “don’t track me” frame of mind.

When

  • Now, because I’m home more during corona-virus.

How

  • Set up local server.
  • First on a Linux laptop that (usually) does not go off the net.
  • Then maybe on an old pogoplug or laptop.

Install It

Here’s what I did to instlal

[ ] basic install
On a Linux server, the basic install issimple:
 sudo bash basic-install.sh
[ ] Static IP
But you will want a Linux box with a static IPaddress. This may involve, e.g., convincing your wirelessrouter to hand out a the same static IP to a static IP
[ ] Tell other systems to use this IP for DNS
Again,probably configuring your wireless router to specify your localIP as the DNS server for DNS assignments via DHCP assignments.You could also do this by configuring the individual devices touse it.
[ ] Remember your admin password
Make note of the admin password during install
[ ] hit the local admin web server
Its a very nice. It willbe at a something like http://192.168.86.230/admin/index.php.

Test It

[ ] Look something up by hand
Use dig(1) or host(1). Notethe SERVER in the response below that shows where the answercame from. If it’s your IPS’s DNS or Google, try again(something’s not configured right). In my case 127.1 is right.
$ dig www.uu.net; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> www.uu.net;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54721;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1;; OPT PSEUDOSECTION:; EDNS: version: 0, flags:; udp: 512;; QUESTION SECTION:;www.uu.net.INA;; ANSWER SECTION:www.uu.net.299INCNAMEglobal.mci.com.global.mci.com.959INCNAMEwac.C449.edgecastcdn.net.wac.C449.edgecastcdn.net. 3599INCNAMEgp1.wac.v2cdn.net.gp1.wac.v2cdn.net.3599INA152.195.32.39;; Query time: 59 msec;; SERVER: 127.0.0.1#53(127.0.0.1);; WHEN: Fri May 01 19:16:11 EDT 2020;; MSG SIZE rcvd: 146
  • Check the query logs via the UI to make sure your target domainshowed. Be aware of caching. It may only show up the firsttime you query.

  • Find your favorite 90s-era web site,go hit it, and watch the counters

  • If the counters go crazy and you don’t see the expectedplethora of ads, you win. If not dig deeper.

  • If you are alreadyusing ad-blockers or browsers such as Brave that block ads, youmay have to test with something else (Firefox, Chrome, etc.)

  • Browser and other apps are getting cagey about using not usingthe system DNS, using DOH, and otherwise not acting like youexpect them too. Editing /etc/resolv.conf is not the wholegame anymore.

dig
for making/testing queries by hand
Wireshark
Use Wireshark to see what’s going on on the wire,who you’re talking to, etc.

The things you learn

  • pi-hole can apparently function as a DHCP server itself.

  • You can choose your upstream DNS servers from a list withoptions for IPv4, IPv6, DNSSEC/no DNSSEC, filtered/unfiltered.

  • Quad9 is one of the choices. It looks to be really useful foradding malware blocking to your domain. Seehttps://www.quad9.net/faq/ for a useful bit of education.

  • The logs are at /var/log/pihole.log

  • Possibly use Marcus Ranums’s principal of “Artificial Ignorance”to grep out the known and see what’s left:

     $ cat pihole.log.1 | egrep -v microsoft.com\|google\|amazon\|in-addr\|linkedin\|dropbox\|facebook\|messenger\|ubuntu\|github\|brave\|basicattention\|yahoo\|disqus\|twitter\|akamai\ | sed 's/.*: //' | sort | uniq -c | sort -rn | head 334 reply min-api.cryptocompare.com is <CNAME> 334 reply ccc-api.cloudapp.net is 40.115.22.134 334 query[A] min-api.cryptocompare.com from 127.0.0.1 238 forwarded min-api.cryptocompare.com to 8.8.4.4 143 cached min-api.cryptocompare.com is <CNAME> 101 query[A] no-thanks.invalid.lan from 127.0.0.1 101 query[A] no-thanks.invalid from 127.0.0.1 101 forwarded min-api.cryptocompare.com to 8.8.8.8 100 reply hfq2h9152m63.statuspage.io is <CNAME> 100 query[A] rpt.cedexis.com from 127.0.0.1
     $ cat pihole.log.1 | egrep -v microsoft.com\|google\|amazon\|in-addr\|linkedin\|dropbox\|facebook\|messenger\|ubuntu\|github\|brave\|basicattention\|yahoo\|disqus\|twitter\|akamai\|compuserve\|aol | sed 's/.*: //' | sort | uniq -c | sort -rn | tail -20 1 cached imap.gmail.com is 2607:f8b0:400d:c0f::6d 1 cached imap.gmail.com is 2607:f8b0:400d:c07::6d 1 cached imap.gmail.com is 2607:f8b0:400d:c00::6d 1 cached imap.gmail.com is 2607:f8b0:4004:c08::6d 1 cached imap.gmail.com is 2607:f8b0:4004:c08::6c 1 cached imap.gmail.com is 172.253.63.109 1 cached imap.gmail.com is 172.253.63.108 1 cached hosts-file.net is 3.234.198.254 1 cached encrypted-tbn0.gstatic.com is 172.217.13.78 1 cached dig is NXDOMAIN 1 cached content-signature-2.cdn.mozilla.net is <CNAME> 1 cached beacons-handoff.gcp.gvt2.com is 172.217.15.99 1 cached beacons.gvt2.com is 172.217.13.227 1 cached beacons.gcp.gvt2.com is <CNAME> 1 cached beacons4.gvt2.com is 216.239.32.116 1 cached beacons2.gvt2.com is 216.239.38.117 1 cached beacons2.gvt2.com is 216.239.36.117 1 cached beacons2.gvt2.com is 216.239.34.117 1 cached beacons2.gvt2.com is 216.239.32.117 1 cached article.smartasset.com is <CNAME>

    What is this stuff?

Tune it

I’m not sure all the devices in the house are using the P-holeproxy. If they are, then they are showing up as the singledevice _gateway. I need to understand this and figure out if Ican get other devices pulling wireless addresses via DHCP fromthe WAP to use the Pi-hole DNS directly. Stay tuned.

POST INCOMPLETE FROM HERE

Migrate

Burn in

Inflict it on others

HOWTO: Using Pi-hole DNS to block ads.  The struggle continues… (2024)

FAQs

How do I block all ads on Pi-hole? ›

The easiest way to block mobile ads on your home network is to add your Pi-hole DNS server to your router's DHCP settings. If you do, every device and computer on your network will be told to use Pi-hole by default, and you won't have to make any changes at all to the individual machines.

How do I block all ads on DNS? ›

How to block ads on Android by changing the DNS
  1. Head to Settings > Network and Internet > Advanced > Private DNS.
  2. Choose the option Private DNS Provider Hostname.
  3. Enter "dns.adguard.com" and Save.
  4. That's it! You'll no longer see any in-app ad ads or pop-ups on browsers.
May 10, 2024

What is the best blocking mode for Pi-hole? ›

Pi-hole's unspecified IP or NULL blocking mode

In NULL mode, which is both the default and recommended mode for Pi-hole FTL DNS , blocked queries will be answered with the "unspecified address" ( 0.0.

How do I block ads permanently? ›

To block apps from suggesting ads:
  1. On your Android device, open Settings .
  2. Tap Privacy and security. More privacy settings.
  3. Tap Ads. Ads privacy. Ad topics. App suggested ads.
  4. Choose the ads you want to block.

Can Pi-hole block popups? ›

Pi-hole is a DNS resolver which either blocks a requested domain or resolves the requested domain to an IP address. It sees none of the subsequent content that loads from the website you are visiting. To block these popups, you will need software on your browser which can inspect the html content.

Which DNS is best for blocking ads? ›

Choose between the four best private DNS options – AdGuard DNS, NextDNS, RethinkDNS, and Control D to block ads on Android. Go to Settings > search for “Private DNS” > add the DNS of your choice > Select Private DNS Mode > enter the DNS hostname > Save.

How does DNS ad blocking work? ›

These DNS servers block ads by intercepting requests from users' browsers or devices and returning a response that indicates that the requested domain doesn't exist or redirects the request to a different IP address.

Can open DNS block ads? ›

The main reasons offered by OpenDNS are:
  • Blocking ad domains breaks some web pages.
  • Blocking ad domains at the DNS level can have adverse affects on browsing behavior and speed.
  • If you make any changes to the blocking, DNS caches still must be flushed in order for those changes to become apparent.
Jan 29, 2021

Which DNS is best for Pi-hole? ›

CloudFlare DNS

CloudFlare will never log your IP address (the way other companies identify you). The independent DNS monitor DNSPerf ranks Cloudflare's DNS the fastest DNS service in the world. Cloudflare also provides 1.1. 1.1 for Families, a set of resolvers that can block malware only, or malware and adult content.

Why is my Pi-hole not blocking? ›

With a domain blocker such as Pi-hole, you cannot block these ads without blocking the content. The client is using a DNS server other than Pi-hole. This could be due to a setting on the client, use of a VPN service from the client, a router providing an IPv6 DNS server, etc.

What does unbound do in Pi-hole? ›

Unbound is a private recursive DNS resolver. It can do what Google and the others do, but it is running locally on your LAN (on the Pi-hole host platform in most setups). The only client for your local unbound instance is typically Pi-hole. If you run unbound, you no longer need to use the public recursive resolvers.

Do I need a Raspberry Pi for Pi-hole? ›

Prerequisites. To deploy Pi-hole on your home network, make sure you have all of the following: A Raspberry Pi with at least 512MB of RAM (all Raspberry Pi versions satisfy this requirement) and Raspbian installed. An SD-card with at least 2GB of free space.

Does Pi-hole slow wifi? ›

The only way for Pi-hole to slow down your network is if you've set up something to route all traffic via the Pi-hole server. Pi-hole only handles DNS queries, there is no way for it to slow down the internet connection at all, it doesn't see or handle any traffic other than DNS queries.

Is it possible to block all ads? ›

Blocking ads on Android using NordVPN Threat Protection

The process of blocking ads on an Android device with NordVPN's Threat Protection feature is the same as it is on the Google Chrome browser. Open the NordVPN app. Click on the shield icon. Toggle the switch so Threat Protection is active.

How do I stop all targeted ads? ›

While you are signed in to your Google Account, My Ad Center controls whether ads are personalized on Google services and partner sites and apps. To turn on or off personalized ads when you're signed in to your Google Account: Go to My Ad Center. Select On or Off , next to "Personalized ads."

How do I block all ads on Pinterest? ›

Unfortunately, there is no way to block ads on Pinterest completely. You can only hide some ads, block the advertiser's Pinterest Profile, and limit the information Pinterest uses to serve your ads. A reliable third-party ad blocker is the only way to remove all ads from your Pinterest feed.

References

Top Articles
Latest Posts
Recommended Articles
Article information

Author: Terence Hammes MD

Last Updated:

Views: 6184

Rating: 4.9 / 5 (69 voted)

Reviews: 84% of readers found this page helpful

Author information

Name: Terence Hammes MD

Birthday: 1992-04-11

Address: Suite 408 9446 Mercy Mews, West Roxie, CT 04904

Phone: +50312511349175

Job: Product Consulting Liaison

Hobby: Jogging, Motor sports, Nordic skating, Jigsaw puzzles, Bird watching, Nordic skating, Sculpting

Introduction: My name is Terence Hammes MD, I am a inexpensive, energetic, jolly, faithful, cheerful, proud, rich person who loves writing and wants to share my knowledge and understanding with you.