Block ads and trackers across your network with Pi-hole
The Trickster
The Pi-hole ad blocker filters ads and trackers from the data stream for all devices on the network, from your smartphone to your toaster.
Internet users, content providers, and ad blocker developers are in a constant arms race. Users have deployed ad-blocker web browser extensions for years, and these extensions work quite well for standard web pop-ups and banner ads. But browser extensions are a little more trouble to implement on cell phones and other mobile devices. Also, ads built into apps typically remain untouched by the filters imposed by browser extensions. In addition, conventional ad blockers do nothing to stop modern Internet-connected devices like smart TVs, stereos, and even washing machines from transmitting data to the Internet in a very talkative way.
Other alternatives have developed in recent years to give users new tools for stopping Internet ads in a more global and comprehensive way. Pi-hole [1] is a promising tool that provides a centralized means for stopping Internet advertisements across a local network. The Pi-hole developers refer to Pi-hole as a "black hole for Internet advertisements." In more technical terms, Pi-hole is what is often called a "DNS sinkhole" [2]. A DNS sinkhole is a DNS server that gives out unroutable IP addresses for domains that are listed in a "sinkhole" list, which is basically a blacklist. Because Pi-hole leverages a standard process that is built into all TCP/IP networks (the DNS lookup process), it doesn't require any client applications or special configuration, other than to point the client to the Pi-hole DNS server, which can happen automatically through DHCP.
Sinking the Putt
Pi-hole combines common Linux-based network tools such as the DNS forwarder dnsmasq with a lighttpd web server and other Linux tools. As the name suggests, many users install the program on a Raspberry Pi. In addition to Raspbian, the project also supports Debian, Ubuntu, Fedora, and CentOS (see the box entitled "Pi-hole on Linux").
Pi-hole on Linux
In our test with Ubuntu 18.04 and 19.04, we had no problems installing Pi-hole. However, users should be aware that Pi-hole intervenes quite deeply in the system. The installation routine deactivates the integrated DHCP client and replaces it with dhcpcd5
, and the system sets up a static IP address. If you want to change the IP address later, call pihole -r
with administrative privileges and select the Reconfigure option.
In principle, you should install Pi-hole on a computer on a LAN that runs 24/7. As soon as you configure your network for Pi-Hole, you'll need a working Pi-Hole server or Internet access will not function properly. This need for continuous operation is one reason a Raspberry Pi is often used as a Pi-Hole server: Even a brand new Rasp Pi 4B costs only EUR35 (~$39) and hardly needs any electricity. Pi-hole itself requires only a limited amount of resources, so you can also use the Pi for other tasks.
Pi-hole is installed via a script you can download from the web using the commands in Listing 1. You'll need to run the basic-install.sh
script with administrative privileges. At the end, the setup script displays the URL and a random password for the web interface, which you can change if necessary using the command pihole -a -p
.
Listing 1
Installing Pi-hole
DNS Options
During the installation, you have to answer a number of questions: For Upstream DNS Provider (Figure 1) you have a choice between the DNS servers of Google, OpenDNS [3], and Quad9 [4] (see the box entitled "A Gift, but Not for Free"). Optionally, select Custom and enter any DNS servers in the system (one after the other, separated by commas), such as those operated by your Internet provider.
A Gift, but Not for Free
Many DNS providers offer their services without requiring payment, but they are by no means free. That Google likes to collect data is well known. OpenDNS is now part of network giant Cisco. Quad9 is backed by IBM and Packet Clearing House (PCH), as well as the Global Cyber Alliance, which was founded by the police authorities of London and New York. The service promises not to store personal data, but its proximity to government agencies is enough to set the alarm bells ringing for some users.
The installation routine asks which ad-blocker and anti-tracker lists you want to use. For the most comprehensive protection possible, leave all preselected options enabled. You will then need to configure the network settings. The setup automatically detects whether to enable IPv4 and IPv6. Then the program detects the current IPv4 address and asks if it should use this address automatically in the future. The IPv4 default gateway you need to specify is usually your router's IP address; however, the setup typically detects the gateway automatically.
Static IP Address
To avoid IP conflicts, open the settings of your wireless router and mark the IP address of the Pi-hole machine as static. For a FRITZ!Box router, for example, you will find the option Always assign the same IPv4 address to this network device by editing the device below Home network | Network. Alternatively, adjust the IP address entered on the Pi-hole server so that it comes from a range that the wireless router does not use (FRITZ!Box: Home network | Network | Network settings | IPv4 addresses).
If you want to change the configuration of Pi-hole later on, call the installation routine again with the pihole -r
command. You then have the choice between Repair, which transfers the existing settings cleanly into the system again, and Reconfigure, with which you repeat the setup, specifying the previous settings.
For the remaining questions, you will not want to change the default selection. These questions allow you to (de-)activate the web-based admin interface, install the lighttpd server (also known as "Lighty"), and choose if the system should log data later on. Privacy Mode allows variants from 0 Show everything to 3 Anonymous mode and also allows complete deactivation of all statistics.
Finally, the system shows a summary with the most important data, the path to the installation log, and the URLs through which you can reach the system in the future (Figure 2). This information can also be found as output in the terminal. After the completion of the setup script, you will only have to reboot if you have changed the IP address of the system.
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Gnome 47.2 Now Available
Gnome 47.2 is now available for general use but don't expect much in the way of newness, as this is all about improvements and bug fixes.
-
Latest Cinnamon Desktop Releases with a Bold New Look
Just in time for the holidays, the developer of the Cinnamon desktop has shipped a new release to help spice up your eggnog with new features and a new look.
-
Armbian 24.11 Released with Expanded Hardware Support
If you've been waiting for Armbian to support OrangePi 5 Max and Radxa ROCK 5B+, the wait is over.
-
SUSE Renames Several Products for Better Name Recognition
SUSE has been a very powerful player in the European market, but it knows it must branch out to gain serious traction. Will a name change do the trick?
-
ESET Discovers New Linux Malware
WolfsBane is an all-in-one malware that has hit the Linux operating system and includes a dropper, a launcher, and a backdoor.
-
New Linux Kernel Patch Allows Forcing a CPU Mitigation
Even when CPU mitigations can consume precious CPU cycles, it might not be a bad idea to allow users to enable them, even if your machine isn't vulnerable.
-
Red Hat Enterprise Linux 9.5 Released
Notify your friends, loved ones, and colleagues that the latest version of RHEL is available with plenty of enhancements.
-
Linux Sees Massive Performance Increase from a Single Line of Code
With one line of code, Intel was able to increase the performance of the Linux kernel by 4,000 percent.
-
Fedora KDE Approved as an Official Spin
If you prefer the Plasma desktop environment and the Fedora distribution, you're in luck because there's now an official spin that is listed on the same level as the Fedora Workstation edition.
-
New Steam Client Ups the Ante for Linux
The latest release from Steam has some pretty cool tricks up its sleeve.