The Trickster

Internet users, content providers, and ad blocker developers are in a constant arms race. Users have deployed ad-blocker web browser extensions for years, and these extensions work quite well for standard web pop-ups and banner ads. But browser extensions are a little more trouble to implement on cell phones and other mobile devices. Also, ads built into apps typically remain untouched by the filters imposed by browser extensions. In addition, conventional ad blockers do nothing to stop modern Internet-connected devices like smart TVs, stereos, and even washing machines from transmitting data to the Internet in a very talkative way.

Other alternatives have developed in recent years to give users new tools for stopping Internet ads in a more global and comprehensive way. Pi-hole [1] is a promising tool that provides a centralized means for stopping Internet advertisements across a local network. The Pi-hole developers refer to Pi-hole as a "black hole for Internet advertisements." In more technical terms, Pi-hole is what is often called a "DNS sinkhole" [2]. A DNS sinkhole is a DNS server that gives out unroutable IP addresses for domains that are listed in a "sinkhole" list, which is basically a blacklist. Because Pi-hole leverages a standard process that is built into all TCP/IP networks (the DNS lookup process), it doesn't require any client applications or special configuration, other than to point the client to the Pi-hole DNS server, which can happen automatically through DHCP.

Sinking the Putt

Pi-hole combines common Linux-based network tools such as the DNS forwarder dnsmasq with a lighttpd web server and other Linux tools. As the name suggests, many users install the program on a Raspberry Pi. In addition to Raspbian, the project also supports Debian, Ubuntu, Fedora, and CentOS (see the box entitled "Pi-hole on Linux").

In principle, you should install Pi-hole on a computer on a LAN that runs 24/7. As soon as you configure your network for Pi-Hole, you'll need a working Pi-Hole server or Internet access will not function properly. This need for continuous operation is one reason a Raspberry Pi is often used as a Pi-Hole server: Even a brand new Rasp Pi 4B costs only EUR35 (~$39) and hardly needs any electricity. Pi-hole itself requires only a limited amount of resources, so you can also use the Pi for other tasks.

Pi-hole is installed via a script you can download from the web using the commands in Listing 1. You'll need to run the basic-install.sh script with administrative privileges. At the end, the setup script displays the URL and a random password for the web interface, which you can change if necessary using the command pihole -a -p.

DNS Options

During the installation, you have to answer a number of questions: For Upstream DNS Provider (Figure 1) you have a choice between the DNS servers of Google, OpenDNS [3], and Quad9 [4] (see the box entitled "A Gift, but Not for Free"). Optionally, select Custom and enter any DNS servers in the system (one after the other, separated by commas), such as those operated by your Internet provider.

Figure 1: Pi-hole itself needs a DNS server for name resolution. The installation script comes with a selection of built-in DNS options.

The installation routine asks which ad-blocker and anti-tracker lists you want to use. For the most comprehensive protection possible, leave all preselected options enabled. You will then need to configure the network settings. The setup automatically detects whether to enable IPv4 and IPv6. Then the program detects the current IPv4 address and asks if it should use this address automatically in the future. The IPv4 default gateway you need to specify is usually your router's IP address; however, the setup typically detects the gateway automatically.

Static IP Address

To avoid IP conflicts, open the settings of your wireless router and mark the IP address of the Pi-hole machine as static. For a FRITZ!Box router, for example, you will find the option Always assign the same IPv4 address to this network device by editing the device below Home network | Network. Alternatively, adjust the IP address entered on the Pi-hole server so that it comes from a range that the wireless router does not use (FRITZ!Box: Home network | Network | Network settings | IPv4 addresses).

If you want to change the configuration of Pi-hole later on, call the installation routine again with the pihole -r command. You then have the choice between Repair, which transfers the existing settings cleanly into the system again, and Reconfigure, with which you repeat the setup, specifying the previous settings.

For the remaining questions, you will not want to change the default selection. These questions allow you to (de-)activate the web-based admin interface, install the lighttpd server (also known as "Lighty"), and choose if the system should log data later on. Privacy Mode allows variants from 0 Show everything to 3 Anonymous mode and also allows complete deactivation of all statistics.

Finally, the system shows a summary with the most important data, the path to the installation log, and the URLs through which you can reach the system in the future (Figure 2). This information can also be found as output in the terminal. After the completion of the setup script, you will only have to reboot if you have changed the IP address of the system.

Figure 2: At the end of the installation, the setup script summarizes all the essential details of the Pi-hole system.