If you happen to have a spare PC or laptop kickin’ around collecting dust, you could potentially use it as a Pi-hole - a network-wide ad and tracker blocker which is typically ran on a Raspberry Pi, hence the name. It acts as a DNS sinkhole, filtering and blocking requests on a network level. It’s not a 100% fool-proof solution, but rather another layer of protection (in conjunction with your adblocker). If you set up the Pihole for the entire network, it can be useful for devices that do not typically have content blockers like “smart” TVs, IoT devices, etc. Otherwise you can set it up as opt-in, which is what I’ve done (I explain why later). In that case you just set the DNS server IP of the device you want to route through the Pihole to the local IPv4 address of the Pihole (ex: 192.168.2.*). In this post, I’ll briefly go over how I set my Pihole up - you may want to take a different approach. If you do wanna give it a shot, I wrote this setup script to help speed up the process.
First things first - the OS. I’m sure there are other operating systems you could use to do this, but as I am most comfortable with Arch Linux that is what I’ll be using. You’ll want to burn an Arch Linux ISO onto a USB drive and boot into it on the device you wanna use as your Pihole. For the sake of time and convenience, run through the archinstall script and choose the minimal profile and NetworkManager for networking. This will quickly set up a base system for you. From there, you can use my setup script:
#!/usr/bin/env bash
sudo pacman --needed -S git sed btop;
cd;
git clone https://aur.archlinux.org/yay-bin.git;
cd yay-bin;
makepkg -si;
cd;
rm -rf yay-bin;
yay -S pi-hole-server;
systemctl enable pihole-FTL &&
systemctl start pihole-FTL &&
sudo pacman -S php-sqlite php-cgi lighttpd;
sed -i '/extension=pdo_sqlite/s/^;//g' /etc/php/php.ini &&
sed -i '/extension=sockets/s/^;//g' /etc/php/php.ini &&
sed -i '/extension=sqlite3/s/^;//g' /etc/php/php.ini &&
sudo cp /usr/share/pihole/configs/lighttpd.example.conf /etc/lighttpd/lighttpd.conf &&
systemctl enable lighttpd &&
systemctl start lighttpd &&
echo -e "Pi-hole is now installed! :)\nVisit https://wiki.archlinux.org/title/Pi-hole for more information."
If you’d rather do each step yourself: install an AUR helper like paru or yay then follow this guide on the Arch Wiki to install and configure all the necessary packages for the Pihole to operate. Once that’s done and everything is set up, you’ll have to access your router settings from another computer. You’ll want to set the local IPv4 address of the pihole to be reserved (NOT dynamic). The reason for this is simple - anytime that value changes, you’ll have to manually change it on each device you have connected to the Pihole, so ideally you’ll want this IPv4 address to stay consistent. This will also help for remoting into the Pihole via SSH (which I will not be going over, but I highly recommend setting up).
By default the Pihole uses Google DNS, so I switched it to Quad9 which is a free, privacy respecting DNS service. You can do this via the web interface, which you can access by putting the IPv4 address of your Pihole into your browser (ex: http://192.168.2.*/admin). You can optionally set the Pihole to double as your networks DHCP server (you’ll have to disable DHCP in your router settings though). When I was attempting to configure this it kept changing my Pihole IP to an IPv6 address which was fucking everything up for some reason. EDIT: Upon further inspection, it appears the DHCP server doesn’t work for Piholes on Arch Linux. I disabled the Pihole DHCP server and instead went with an opt-in approach. This eliminates a big reason why you’d want to have a Pihole in the first place - blocking ads/trackers on devices without adblockers. With the opt-in approach, only devices that allow you to set a custom DNS server will be able to utilize the Pihole, and it’ll have to be done manually. (Just set the DNS server to the local IPv4 of the Pihole)
Currently I’m using an old dual-core HP laptop I had sitting around in a cemetary of laptops from friends/relatives (I have like 5 that just either won’t boot or have broken displays). It hadn’t been used in years, but still runs great for this use case (in fact it’s overkill). Every 2-4 weeks I’m gonna update the OS on it. So far it’s been working great. One of my neighbors laptops is routed through and they’re running Windows 10 - with a Windows telemetry blocklist and the Big OISD list added to my Pihole, roughly 50% of their requests have been blocked in the last 24 hours (1200 out of 2200). In contrast my PC has sent 6500+ requests in the same amount of time and less than 15 have been blocked. I have approximately 466 thousand domains in my Adlists.
All in all, if you have a spare computer sitting around, a free afternoon and the motivation to tinker, you too could have a Pi-Hole up and running in a small amount of time.
-H
This post was part of Agora Road Travelogue for the month of September.