How to Block Ads (Network-Wide) with Pi-hole

Pi-Hole

The Pi-hole® is a DNS sinkhole that protects your devices from unwanted content, without installing any client-side software.

1. Installing Pi-hole. First, download the script and run the installer: curl -sSL https://install.pi-hole.net | bash

2. Choose An Interface: tun0/eth0/wlan0 (VPN, Ethernet, WiFi). Select Upstream DNS Provider (which DNS server the Pi-hole should use to resolve IPs/domains): Google. Pi-hole relies on third party lists (with unwanted ad domains): *StevenBlack, *MalwareDom. Select Protocols: *IPv4, *IPv6.

3. Do you want to use your current network settings as a static address? Typically you will answer Yes and jump to step 5 directly. We will answer No. Enter your desired IPv4 address: 10.8.0.1/24 (OpenVPN server’s static IP address: ip a show dev tun0). Enter your desired IPv4 default gateway: 192.168.1.1 (default router IP).

4. Update OpenVPN config to force all DNS requests to Pi-Hole: sudo vi /etc/openvpn/server.conf

   #Stop using Google DNS for our OpenVPN 
   #push "dhcp-option DNS 8.8.8.8" 
   #push "dhcp-option DNS 8.8.4.4" 
   push "dhcp-option DNS 10.8.0.1"
   

5. Restart the openvpn service: sudo systemctl restart openvpn. Change your pihole password: pihole -a -p. Other useful commands: PiHole Status (pihole status), Update PiHole (pihole -up).

6. Access the web interface for your PiHole, http://10.8.0.1/admin or http://192.168.1.7/admin.

7. You will also need to configure the client devices: Settings, Wi-Fi/Ethernet, DNS: Pi-hole’s IP address (192.168.1.7).

8. If you have setup PiHole and OpenVPN on your Raspberry Pi, you can go to your router and change your DNS settings so that it points to your PiHole server. Open a browser and type http://192.168.1.1/. The password is usually on the back of the router.

   Advanced Setup, DNS, DNS Server Configuration, Use the following Static DNS IP address: Pi-hole’s IP address (192.168.1.7). Besides, we could set up the DHCP server in the router, just navigate through Advanced Setup, LAN (Local Area Network (LAN) Setup): Enable DHCP, 192.168.1.40 (Start IP address)-192.168.1.254 (End IP address).

9. Uninstall Pi-hole: pihole uninstall.

10. Disable PiHole for 30 minutes: pihole disable 30m.

11. Add custom blocklists. Access the Pi-hole’s Web Interface in your browser by going to http://Raspberry’sIP/admin. Navigate through Adlist, Groups. Add a new adlist.

    You can find adlists or, more technically, their URLs in The Firebog. Run pihole -g or update your gravity list (list of blocked domains) online after modifying your adlists: http://Raspberry’sIP/admin/gravity.php. You may want to check: pihole -q www.xhamster.com.

• Installing Pi-hole on Ubuntu

1. Ubuntu runs systemd-resolved which listens on port 53. We need to disable (sudo systemctl disable systemd-resolved.service) and stop it (sudo systemctl stop systemd-resolved.service).
2. Edit /etc/systemd/resolved.conf: DNS=1.1.1.1 and DNSStubListener=no.
3. Delete the symlink /etc/resolv.conf: rm /etc/resolv.conf. Change the /etc/resolv.conf symlink to point to /run/systemd/resolve/resolv.conf: ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf. You could get more information in Docker Pi-hole, Installing on Ubuntu.
4. Restart systemd-resolved using the following command: systemctl restart systemd-resolved.
5. Download, configure, and run Pi-Hole container on Docker:

     wget https://raw.githubusercontent.com/pi-hole/docker-pi-hole/master/docker_run.sh 
     sudo chmod +x docker_run.sh
     sudo ./docker_run.sh_
   

   #!/bin/bash # https://github.com/pi-hole/docker-pi-hole/blob/master/README.md. This is docker_run.sh:
   
   PIHOLE_BASE="${PIHOLE_BASE:-$(pwd)}" 
   [[ -d "$PIHOLE_BASE" ]] || mkdir -p "$PIHOLE_BASE" || { echo "Couldn't create storage directory: $PIHOLE_BASE"; exit 1; }
   
   # Note: ServerIP should be replaced with your external ip. 
   docker run -d --name pihole -p 53:53/tcp -p 53:53/udp \ # This container uses 2 popular ports, port 53 and port 80. 
       -p 80:80 \ 
       -e TZ="Europe/Madrid" \ # Set your timezone to make sure logs rotate at local midnight 
       -v "${PIHOLE_BASE}/etc-pihole/:/etc/pihole/" \ 
       -v "${PIHOLE_BASE}/etc-dnsmasq.d/:/etc/dnsmasq.d/" \
       --dns=8.8.4.4 --dns=1.1.1.1 \ # Upstream DNS servers 
       --restart=unless-stopped \ 
       --hostname pi.hole \ 
       -e VIRTUAL_HOST="pi.hole" \ 
       -e PROXY_LOCATION="pi.hole" \ 
       -e ServerIP="192.168.1.48" \ # Set to your server's LAN IP: ip addr show 
       pihole/pihole:latest
   
   printf 'Starting up pihole container ' 
   for i in $(seq 1 20); do 
     if [ "$(docker inspect -f "{{.State.Health.Status}}" pihole)" == "healthy" ] ; then 
       printf ' OK' 
       echo -e "\n$(docker logs pihole 2> /dev/null | grep 'password:') for your pi-hole: https://${IP}/admin/" 
       exit 0 
     else 
       sleep 3 
       printf '.' 
     fi
   
     if [ $i -eq 20 ] ; then 
       echo -e "\nTimed out waiting for Pi-hole start, consult your container logs for more info (\`docker logs pihole\`)" 
       exit 1 
     fi 
   done;
   

6. The last command generates a random password. Go to a browser: IP’s address/admin and use this password.

   Use Pi_Hole for the entire LAN: ]Access your router: http://192.168.1.1/. The password is usually on the back of the router. Configuración avanzada/Advanced Setup, DNS: IP address Pi-hole.

7. Add a new blocklist from The Firebog. Pi-hole, Croup management, Groups, Add a new group, and then, run pihole -g or update your gravity list (list of blocked domain) online after modifying your adlists: http://IP’s address/admin/gravity.php.
8. Pi-hole cannot resolve DNS for itself, you may want to change your DNS in: Pi-hole, Settings, DNS, Upstream DNS Server.