Hey, just so you know ... this post is now about 8 years and 6 months old. Please keep that in mind as it very well may contain broken links and/or outdated information.Now that I had finished building my PiDP-8 I needed something for the Raspberry Pi B+ in it to do other than just flash the blinkenlights. I can’t remember how I first heard about it, but for the past two weeks I’ve been running a DNS-based ad-blocker utility called Pi-Hole.
Pi-Hole requires a few basic packages, like lighttpd and dnsmasq, but following the manual installation instructions was relatively easy. At a high level, Pi-Hole turns your Raspberry Pi into a local DNS server for your network. You configured your devices (or router) to use the Pi-Hole as the primary DNS server for handling DNS lookup requests. By using a script (named gravity/sh, continuing the black hole theme), Pi-Hole downloads several common blacklists containing the web addresses of 65k known ad-serving domains and redirects them to the Raspberry Pi. So, when a browser on your PC visits a site, which in turn tries to pull an ad from some.ad-server.net, the DNS on the Pi-Hole redirects that request to lighttpd on the Raspberry Pi and no ad is loaded. This method has a noticeable impact on the speed of loading web pages since, unlike using an ad-blocking plug-in in your browser, the ad request never actually leaves your network.
Initially, Pi-Hole included a blacklist called mahakala which made the total number of blocked domains over 1.6 million, but included a lot of legitimate domains, like xkcd.com and microsoft.com. That blacklist has since been commented out, but I haven’t really noticed a difference only blocking 65k domains. Pi-Hole does have a whitelisting facility, but it doesn’t use wildcards so you have to include each individual domain you want to allow through the DNS black hole.
Pi-Hole includes a basic web console, which currently just shows statistics, but promises more admin-type features in the future.
Pi-Hole console
Coincidentally, Steve Gibson also mentioned Pi-Hole on this week’s episode (#529) of the Security Now! podcast:
I’ll have to check this out. I’ve had great luck using hosts files from http://winhelp2002.mvps.org/hosts.htm on individual machines, but it would be nice to cover the stray device on my network as well.
Have you run Namebench to see how the speed compares to other available DNS servers?
I’d never heard of Namebench, but gave it a try. No surprise that Google’s tool thinks its own DNS server (8.8.8.8) is faster.
Using GRC’s DNS Benchmark (which I normally use), though, shows Google’s DNS way down the list.
Either way, though, using the Pi-Hole for local DNS doesn’t seem to have caused any unnecessary browsing performance issues.
This is great, I would love to see the total overall ads blocked (rather than the daily stats that reset).
You could not use the daily piholeLogFlush script to not truncate your log and then the admin interface would show total ads blocked (at least since the last log truncate). You could probably also maybe store the total number of ads blocked somewhere before truncating the log for display elsewhere.
Maybe log this as an enhancement request for the project over on GitHub!