Blocking ads with Pi-Hole

closeHey, just so you know ... this post is now about 4 years old. Please keep that in mind as it very well may contain broken links and/or outdated information.

Now that I had finished building my PiDP-8 I needed something for the Raspberry Pi B+ in it to do other than just flash the blinkenlights. I can’t remember how I first heard about it, but for the past two weeks I’ve been running a DNS-based ad-blocker utility called Pi-Hole.

Pi-Hole requires a few basic packages, like lighttpd and dnsmasq, but following the manual installation instructions was relatively easy. At a high level, Pi-Hole turns your Raspberry Pi into a local DNS server for your network. You configured your devices (or router) to use the Pi-Hole as the primary DNS server for handling DNS lookup requests. By using a script (named gravity/sh, continuing the black hole theme), Pi-Hole downloads several common blacklists containing the web addresses of 65k known ad-serving domains and redirects them to the Raspberry Pi. So, when a browser on your PC visits a site, which in turn tries to pull an ad from some.ad-server.net, the DNS on the Pi-Hole redirects that request to lighttpd on the Raspberry Pi and no ad is loaded. This method has a noticeable impact on the speed of loading web pages since, unlike using an ad-blocking plug-in in your browser, the ad request never actually leaves your network.

Initially, Pi-Hole included a blacklist called mahakala which made the total number of blocked domains over 1.6 million, but included a lot of legitimate domains, like xkcd.com and microsoft.com. That blacklist has since been commented out, but I haven’t really noticed a difference only blocking 65k domains. Pi-Hole does have a whitelisting facility, but it doesn’t use wildcards so you have to include each individual domain you want to allow through the DNS black hole.

Pi-Hole includes a basic web console, which currently just shows statistics, but promises more admin-type features in the future.

Pi-Hole console

Pi-Hole console

Coincidentally, Steve Gibson also mentioned Pi-Hole on this week’s episode (#529) of the Security Now! podcast:

 

4 Comments

    • I’d never heard of Namebench, but gave it a try. No surprise that Google’s tool thinks its own DNS server (8.8.8.8) is faster.


      Using GRC’s DNS Benchmark (which I normally use), though, shows Google’s DNS way down the list.

      Either way, though, using the Pi-Hole for local DNS doesn’t seem to have caused any unnecessary browsing performance issues.

    • You could not use the daily piholeLogFlush script to not truncate your log and then the admin interface would show total ads blocked (at least since the last log truncate). You could probably also maybe store the total number of ads blocked somewhere before truncating the log for display elsewhere.

      Maybe log this as an enhancement request for the project over on GitHub!

Leave a Reply

Your email address will not be published. Required fields are marked *