For quite a while I’ve been intending to acquire a Raspberry Pi and try out the Pi-Hole home DNS project, which is intended to block requests that websites make to undesirable domains such as advertising, tracking, and malicious content or code, for this purpose it seems to do a good job but is not 100% effective (and from what I’ve heard, could become less effective as especially advertisers cotton on to this and change the way they present online adverts to web browsers).
I eventually won a Raspberry Pi 3 at a reasonable price on eBay, I had read that this was the optimum model to go for on account of it having a decent processor and 1GB of RAM, which helps to make the web interface and visual reports and charts fly, and that much is certainly true – the web interface is very fast, the charts display instantly, which has left me wondering if a smaller Pi would do just as well (will probably find out with a future Pi purchase!) It looks like the main essential piece of hardware is a physical RJ45 socket, wifi is not as reliable and subject to interference (not to mention potential hacking from the street or neighbours). The auction included an official Pi power supply (UK plug type) and an official Pi case which looks quite smart, everything required to get going apart from a MicroSD card, which I would buy separately.
I went for the suggested SanDisk 32GB MicroSD card, specifically SanDisk Ultra 32GB Class 10: https://shop.westerndigital.com/en-gb/products/memory-cards/sandisk-ultra-uhs-i-microsd#SDSQUA4-032G-GN6MA
Of course, these can be purchased almost anywhere that sells electronic accessories these days but it’s worth trying to find a reputable vendor as I recently had a bad experience with a couple of fake Kingston USB sticks, more on that in a separate post. I also suspect that 16GB would no doubt suffice, unless you intend to keep years worth of log files on a busy network. I paid £5 for my 32GB card.
I found a very good guide online which I followed to get my Pi-Hole up and running, here it is: https://www.smarthomebeginner.com/pi-hole-setup-guide/
This guide goes through the complete basic setup to get Pi-Hole installed and running on a Raspberry Pi (not in a virtual machine or server, but using an actual Raspberry Pi running the Raspian OS, Lite version).
A few things I learned and had to adapt to along the way included a slight change of wording / naming of the Raspian OS on the Rasberry Pi main website, changes to web addresses, and how to install Log2RAM (more on that later).
For the main Raspberry Pi OS, it’s currently named Raspberry Pi OS Lite and can be downloaded here: https://www.raspberrypi.org/software/operating-systems/
I used the excellent balenaEtcher (which I have used before on other projects) to ‘burn’ the Pi OS disk image to the MicroSD card: https://www.balena.io/etcher/
Adding the empty text file named just ‘ssh’ (no extension) to enable SSH is easy, it’s best to use a plain text editor such as those designed for coding, e.g. Visual Studio Code or Brackets. After this I used Terminal on the Mac (one could use any command prompt shell) to login to the Pi: pi@<ip-address> and the default Pi password which is raspberry.
The IP address of the Pi has to be acquired from the local DHCP server, or home router in my case. I would later choose to use a fixed IP address for the Pi (my router doesn’t allow reserved IP addresses, but will hopefully respect fixed IP addresses on devices and not give them out to others). While I was in my router I also took note of the two DNS entries as provided by my ISP, typically they will be just one digit out from one another.
First thing to do is to change the default password using the command passwd, I noted down my new password (very important to keep it somewhere safe for future reference).
Next I grabbed and installed Pi-Hole itself using the command:
wget -O basic-install.sh https://install.pi-hole.net
sudo bash basic-install.sh
I ran through the installer options, making sure to choose ‘Custom‘ from the DNS list and entering the two DNS entries I gleaned from my router earlier. This is where all of the allowed requests will be forwarded to. I just went for the single main block list offered (by StevenBlack).
Once the installation was finally complete I took note of the dynamically generated web admin password and kept that in the safe place next to the SSH password. As I’d chosen to include IPv6 I also took note of the IPv6 address shown here.
I decided to go with individual device configuration, we don’t have many devices in the home so it made more sense, it would also provide an opportunity to see what difference the Pi-Hole made between similar devices. It’s pretty straight forward to change the DNS settings per device, typically it will be in the network settings under the title ‘DNS’, be sure to remove the old DNS entries and only add the single IP address of the Pi, I also entered the IPv6 address which would be used for IPv6 DNS requests, more mobile devices seem to be using this as well as IPv4 nowadays, it may be required for the faster wifi speeds (not really sure myself).
There are SSH commands for controlling, configuring, and getting status reports but from what I could see nearly if not all of these commands are available from the web admin gui.
One configuration option I tried was Update, however I think this broke something as after doing this the Pi-Hole seemed to stop blocking anything, I tested it extensively and all advertising domains were allowed through (‘OK’ in the query log). After looking up this problem and finding that several others had encountered it, trying the suggested remedies and getting thoroughly lost and over my head in linux commands and Pi details that I didn’t understand, I came to the conclusion that it’s probably best to just leave it alone, if a major update comes along then start a fresh (I have a second 32GB card for this reason, I can clone my working installation to it as a backup) and acquire the update that way.
The one tweak that I did was to install Log2ram, although the first guide and the Log2ram depository don’t give much away as to how to install it, luckily I found another short guide on this: https://mcuoneclipse.com/2019/04/01/log2ram-extending-sd-card-lifetime-for-raspberry-pi-lorawan-gateway/
In a nutshell, SSH into the Pi and perform the following commands:
git clone https://github.com/azlux/log2ram.git
chmod +x install.sh
sudo nano /etc/log2ram.conf
(this opens the nano text editor, use the cursor keys to edit the SIZE value from 40MB to 128MB, then save the file with CTRL-X, yes, ENTER)
There won’t be any visible difference in the Pi-Hole web admin, this just changes the way the logs are written to the MicroSD card in the background (once daily instead of constantly), the 1GB of RAM will be more than sufficient to hold the 128MB RAM disk as well as run the Pi.
So there we have it, my experience of the Raspberry Pi-Hole. It doesn’t block 100% of adverts out of the box, there are people out there trying very hard to achieve this but there are also others trying equally hard to circumvent such efforts (the advertisers and others), I might have a look into using the REGX (regular expression) facility to see if it’s possible to block specific items that get past Pi-Hole’s normal domain block list.
A very worth-while project to do, and once the installation process is pared down to the essentials it doesn’t take long to do at all.