Block ads and trackers across your network with Pi-hole
The Trickster
The Pi-hole ad blocker filters ads and trackers from the data stream for all devices on the network, from your smartphone to your toaster.
Internet users, content providers, and ad blocker developers are in a constant arms race. Users have deployed ad-blocker web browser extensions for years, and these extensions work quite well for standard web pop-ups and banner ads. But browser extensions are a little more trouble to implement on cell phones and other mobile devices. Also, ads built into apps typically remain untouched by the filters imposed by browser extensions. In addition, conventional ad blockers do nothing to stop modern Internet-connected devices like smart TVs, stereos, and even washing machines from transmitting data to the Internet in a very talkative way.
Other alternatives have developed in recent years to give users new tools for stopping Internet ads in a more global and comprehensive way. Pi-hole [1] is a promising tool that provides a centralized means for stopping Internet advertisements across a local network. The Pi-hole developers refer to Pi-hole as a "black hole for Internet advertisements." In more technical terms, Pi-hole is what is often called a "DNS sinkhole" [2]. A DNS sinkhole is a DNS server that gives out unroutable IP addresses for domains that are listed in a "sinkhole" list, which is basically a blacklist. Because Pi-hole leverages a standard process that is built into all TCP/IP networks (the DNS lookup process), it doesn't require any client applications or special configuration, other than to point the client to the Pi-hole DNS server, which can happen automatically through DHCP.
Sinking the Putt
Pi-hole combines common Linux-based network tools such as the DNS forwarder dnsmasq with a lighttpd web server and other Linux tools. As the name suggests, many users install the program on a Raspberry Pi. In addition to Raspbian, the project also supports Debian, Ubuntu, Fedora, and CentOS (see the box entitled "Pi-hole on Linux").
Pi-hole on Linux
In our test with Ubuntu 18.04 and 19.04, we had no problems installing Pi-hole. However, users should be aware that Pi-hole intervenes quite deeply in the system. The installation routine deactivates the integrated DHCP client and replaces it with dhcpcd5
, and the system sets up a static IP address. If you want to change the IP address later, call pihole -r
with administrative privileges and select the Reconfigure option.
In principle, you should install Pi-hole on a computer on a LAN that runs 24/7. As soon as you configure your network for Pi-Hole, you'll need a working Pi-Hole server or Internet access will not function properly. This need for continuous operation is one reason a Raspberry Pi is often used as a Pi-Hole server: Even a brand new Rasp Pi 4B costs only EUR35 (~$39) and hardly needs any electricity. Pi-hole itself requires only a limited amount of resources, so you can also use the Pi for other tasks.
Pi-hole is installed via a script you can download from the web using the commands in Listing 1. You'll need to run the basic-install.sh
script with administrative privileges. At the end, the setup script displays the URL and a random password for the web interface, which you can change if necessary using the command pihole -a -p
.
Listing 1
Installing Pi-hole
DNS Options
During the installation, you have to answer a number of questions: For Upstream DNS Provider (Figure 1) you have a choice between the DNS servers of Google, OpenDNS [3], and Quad9 [4] (see the box entitled "A Gift, but Not for Free"). Optionally, select Custom and enter any DNS servers in the system (one after the other, separated by commas), such as those operated by your Internet provider.
A Gift, but Not for Free
Many DNS providers offer their services without requiring payment, but they are by no means free. That Google likes to collect data is well known. OpenDNS is now part of network giant Cisco. Quad9 is backed by IBM and Packet Clearing House (PCH), as well as the Global Cyber Alliance, which was founded by the police authorities of London and New York. The service promises not to store personal data, but its proximity to government agencies is enough to set the alarm bells ringing for some users.
The installation routine asks which ad-blocker and anti-tracker lists you want to use. For the most comprehensive protection possible, leave all preselected options enabled. You will then need to configure the network settings. The setup automatically detects whether to enable IPv4 and IPv6. Then the program detects the current IPv4 address and asks if it should use this address automatically in the future. The IPv4 default gateway you need to specify is usually your router's IP address; however, the setup typically detects the gateway automatically.
Static IP Address
To avoid IP conflicts, open the settings of your wireless router and mark the IP address of the Pi-hole machine as static. For a FRITZ!Box router, for example, you will find the option Always assign the same IPv4 address to this network device by editing the device below Home network | Network. Alternatively, adjust the IP address entered on the Pi-hole server so that it comes from a range that the wireless router does not use (FRITZ!Box: Home network | Network | Network settings | IPv4 addresses).
If you want to change the configuration of Pi-hole later on, call the installation routine again with the pihole -r
command. You then have the choice between Repair, which transfers the existing settings cleanly into the system again, and Reconfigure, with which you repeat the setup, specifying the previous settings.
For the remaining questions, you will not want to change the default selection. These questions allow you to (de-)activate the web-based admin interface, install the lighttpd server (also known as "Lighty"), and choose if the system should log data later on. Privacy Mode allows variants from 0 Show everything to 3 Anonymous mode and also allows complete deactivation of all statistics.
Finally, the system shows a summary with the most important data, the path to the installation log, and the URLs through which you can reach the system in the future (Figure 2). This information can also be found as output in the terminal. After the completion of the setup script, you will only have to reboot if you have changed the IP address of the system.
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Fedora 40 Beta Released Soon
With the official release of Fedora 40 coming in April, it's almost time to download the beta and see what's new.
-
New Pentesting Distribution to Compete with Kali Linux
SnoopGod is now available for your testing needs
-
Juno Computers Launches Another Linux Laptop
If you're looking for a powerhouse laptop that runs Ubuntu, the Juno Computers Neptune 17 v6 should be on your radar.
-
ZorinOS 17.1 Released, Includes Improved Windows App Support
If you need or desire to run Windows applications on Linux, there's one distribution intent on making that easier for you and its new release further improves that feature.
-
Linux Market Share Surpasses 4% for the First Time
Look out Windows and macOS, Linux is on the rise and has even topped ChromeOS to become the fourth most widely used OS around the globe.
-
KDE’s Plasma 6 Officially Available
KDE’s Plasma 6.0 "Megarelease" has happened, and it's brimming with new features, polish, and performance.
-
Latest Version of Tails Unleashed
Tails 6.0 is based on Debian 12 and includes GNOME 43.
-
KDE Announces New Slimbook V with Plenty of Power and KDE’s Plasma 6
If you're a fan of KDE Plasma, you'll be thrilled to hear they've announced a new Slimbook with an AMD CPU and the latest version of KDE Plasma desktop.
-
Monthly Sponsorship Includes Early Access to elementary OS 8
If you want to get a glimpse of what's in the pipeline for elementary OS 8, just set up a monthly sponsorship to help fund its continued existence.
-
DebConf24 to be Held in South Korea
Busan will be the location of the latest DebConf running July 28 through August 4