I've been using Pi-hole for 3 years now. The amount of things trying to get call home is staggering(telemetry). I noticed that some "smart" devices get really aggressive with their calls if you block them.
@@MrLuNa77 Yup Samsung. I have since unplugged it. The "smart" functionality of the tv is not that useful anyways when there are other devices plugged into it. I think another offender was my tp-link smart socket. It's on a separate IOT wifi network now.
PI-hole + Wireguard and DynDNS and you never have to look at an ad again ;-) not even on your Phone on the go. But i would always build the NAS/Home-Server myself.
"Do you want to run a raspberry pi in your closet for 4 years?" Me: *Stares nervously at my first gen RPi still running my DIY smart power strip after 6 years*
I've got it running on a pi2 along with pi-vpn using wireguard. So hand, cheap to run and easily runs both and have it also running dhcp as well. Its great as I can VPN into my home and then I get the filtering when off WiFi. Have it reboot once a week and since 5.0 update is great and can add devices to groups if people complain they can't buy things via Google links...
I know this video is 3 years old but something you said triggered me. Raspberry pi can run for a very long time. I built a magic mirror in early 2019 based on a pi 4. It has been running for those 5 years with only annual OS security updates, and no app maintenance. The hardware has run 24/7 with zero failures, not even the SD card.
i really enjoyed the part where he says, "edit resolve.conf" and the text in resolve.conf says, "DO not edit this file". He's talking like a traditional System V Unix Admin, not a modern day Systemd Linux Admin.
Its also worth checking out nextdns.io. Its essentially a cloud based Pi-Hole. You can choose how long the logs stay up, and the physical location of the server that contains your logs. This say, you can have the convenience of Pi-Hole everywhere you go, and its guaranteed to stay up. Nextdns also supports DNS over TLS, and DNS over HTTPS. I've set my OpenWrt router with DNScrypt to use DoH, and my LineageOS Android phone to use DNS over TLS (which Android 9 and up natively supports).
Yep, I've got a few Pi's running for a few years now. The only 'maintenance' I've done is to ssh into them as part of my monthly update routine for all my homelab/connected crap. Definitely been more reliable than my damn cable modem!
Wendell, when I was first starting SQL there was a book "SQL in 10 minutes" that was about 50 pages long with the really basic concepts. Is there a similar book for networking?
I still prefer pfblockerNG on pfsense which I set up for about $100, but this is great for those who already have a Synology and want to keep it together. Pfsense obviously offers lots of other fun things too.
the problem with pi-hole and synology (or nas in gerneral) is that it never enters hdd hibernation. most home users will use that feature. a raspberry zero will save a lot of energy und hdd wear compared to a 4 bay+ nas but i get it - synology sponsor money...
Running on Unraid I can run the PiHole docker without spinning up any of the HDD drives. Just have an unassigned drive like an SSD or even a flash drive and move your docker image there. Also makes docker containers extract and start up much faster.
To counter this (valid) point, Pis will absolutely destroy SD cards, and it's actually recommended to use USB storage for long-term use, whether flash drive, external HDD, or external SSD. The blame isn't entirely on the Pi, for some reason SD cards just seem to fail more than anything else.
@@pieterrossouw8596 but this won't work on consumer grade NAS enclosures (synology, qnap, etc). which this is clearly addressed to. there's always a more professional solution , but for the average user a pi-hole with a pi (zero) would be easier than buying and setting up a unraid system.
I like what Pi-Hole does, and I like that it will track users so you can view who's looking at what in the Dashboard. Very useful if you have kids. However, it doesn't play well with Active Directory. Setting Pi-Hole as a forwarder in AD DNS is fine so users can login, but the Dashboard stops being useful as it only see's DNS requests from the AD DNS server. I wish there was an AD/LDAP plugin for it.
This only works if you ensure a port 53 redirect. If an application or appliance has DNS:8.8.8.8 hard coded it will bypass the DNS server filtering. You should add something to the firewall that does a NAT redirect for port 53. Source: destination: port:53 NAT to ... did this with PFsense.
I have tried running it on a Synology 1819+ and while I can get into the webmin interface, the docker complains about ports 443, 53 and 67 being used by other services. I suspect it is because I am already using my Synology as the DHCP server for my network. Would that be the issue here? If so is there a way around this?
Not that I've noticed, the disable ad blocker notification hasn't shown up, even on sites that I know pop up with the notification with a normal ad blocker.
If you wanna do it properly you make a macvlan from command prompt without ip range and make the container from shell with mac id and ip asigned and thru macvlan
What happens when DoH and DoT gets ubiquitous? It would seem there's a bit of an arms race. The user has finally "won" with simplified DNS level blocking, so the next solution to deliver ads will not need DNS. What's next?
careful, many devices and software have dns servers hardcoded, so in firewall or router software i only allow 1 lan ip to connect to external 53 port. thats pihole ip.
Google is the least intrusive, except TH-cam ad's. These have become really awful since the last policy change. I'd like Pi-Hole to spoof showing ad's. EG allow the page or document to load, but anything coming from a known IP / Domain of an advertiser should pretend to load on the Pi as if it was loading on the original page. Making it harder to detect ad blocking techniques. Harder, not impossible.
I have 2 piholes on the cloud for redundancy.. takes care of the daily 150k requests, 75k blocks using 2.4M blocklist domains across my home & office networks and more importantly when I'm on mobile..
Amazing how people seem to be getting static IP so easily, where I am my ISP charges an arm and a leg for one. I wish there was a way to just use the normal IP and setting would simply change itself when the IP changes.
Thank you! Can we talk lists for a moment? Did the piHole change to regex or something similar? I configured the piHole lists on my pfsense dnsbl 2 years ago but it's not yet capable of doing regex url's. I think that's the reason why I still have ads in certain apps (Twitter). Is that correct?
Really the VPN is the easiest part, if you're going to rent a VPS or something, just simply making sure it's secure and setting up stuff like docker will take far longer than almost any service you want to run, double that if you want to do things proper by routing things through a reverse proxy and use a domain name (traefik ruined my excitement for finally setting up a home server).
PiVPN is probably the easiest way to get OpenVPN or preferably WireGuard running. I've got it running on a little Ubuntu VM at home so I can VPN into my network. You can easily spin up a nano or micro EC2, assign an elastic IP and VPN in there if you trust AWS with your traffic... The how isn't hard, it's where to run it that has become a minefield. Linode might be great and respect privacy (or not, I don't know) but they certainly don't have servers in every region.
I have everything set up like it was demonstrated, and it works on my computer if I set the dns server, but using that same IP on my Google WiFi causes no pages to load after restarting the network to make the change take effect. I would like to apply it network-wide with the router, but I'm struggling to make it work.
I want PiHole and LanCacheBundle but I run a domain controller at home (big family) and can't get group policy to work if DNS or DHCP are not coming from the DC. Any ideas around this?
I have used pi hole a couple of times. My main issue is that the pi doesnt handle power cuts very good. So every now and then the memory becomes corrupt and I have to reinstall which drives me nuts.
How did you allow port 53 on docker? I get a port conflict with my Synology. I’d rather set it’s own static IP. I’m not a huge fan of Pi-Hole. I think Adguard Home may be better? Or even Cisco Umbrella
I would suggest installing the official Cloudflared image in another Docker container so that you can have your DNS Upstream transferred over HTTPS (DoH).
I remember beos. We had to install the demo version that had the file system that ran inside of a file..... the teacher told us not to bother with setting up internet, because it didnt work.... then he look over at me surfing the web, with a confused look on his face.
The only thing I wished Pi-Hole managed to do was block TH-cam ads. However that's pretty much impossible due to how Google injects ads from the same url as the video itself, thus blocking the ad blocks the video. You should give a tutorial on setting up encrypted DNS on the thing as well. Especially considering both Google and OpenDNS has ECS (Extended Client Subnet) and Pi-Hole even warns you about using those DNS servers. DNSCrypt has some anonymized DNS features now that makes DNS lookups completely anonymous.
There's plugins now for most browsers that block TH-cam ads and generally make it easily usable (like removing unneeded blocks, easily adjusting playback speed including with a hotkey, and so on), and on Android office there's r Eva nСеD for that. Google breaks then sometimes by changing TH-cam, but that happens not that often, and generally there's an update for that shortly available.
the thing I really worry about is when content providers figure out how to get around DNS (hosting all ads and crapware on their own network is a super-simple first step). I can even imagine a time when the people who killed net neutrality make it an offense to muck with anything that is served by a content provider! If you block ads, y'all's ass is goin' ter jail, boy!
I do quite like the PiHole project, personally I'm currently using OpenWRT with the Adblock application which does the same DNS blocking but doesn't have a nice interface like that.
Love my Pi-Hole, running it in an Ubuntu Server VM on my R815, have it doing recursive DNS and DHCP for my VLANs, awesome program, do recommend recursive DNS!
I use DoT - DNS-overTLS with Cloudflare on my router ( Asus with Merlin firmware) . Is it possible to configure PiHole to get it's dns-lists from that?
I'm screwed on this option for now. I've got Comcast and their XFi Gateway locks in their DNS servers. I have no way to override it for now. My pfSENSE router died and if I'm going to get into all that again, I'd just skip Pi-Hole and use pfBlocker and Suricata. For now, I'll just leave it as it is. :-(
You just need to add another list, like an adlist or malware list, so a host list I guess. Hasn't gotten bad enough you need content filtering. But that will be next.
@@Cheeky_Goose Yes, it's a possibility. Try looking at a Chromecast dongle... It's even more painful than that. There are normal DNS running on port 53 (can be both TCP and UDP but normally UDP). Then there are DNS-over-HTTPS (DoH) Finally, there are DNS-over-TLS (DoT). Any application can in principle have a preconfigured list of servers it can try to connect to, to attemt circumventing DNS filtering. To make matters worse (in this regard), a DoH service can run on any URL, and as the connection is encrypted, you can't really inspect it and block it specifically while leaving the rest of the site untouched. You are forced to block that host entirely. In my own network (pfSense firewall): - firewall rules will redirect any DNS request destined to external DNS servers to my own DNS (port 53). (pfSense with Unbound DNS and pfBlockerNG plugin for pi-hole-like functions). - any connections to public DoH servers (I know of), are blocked. - any connections to DoT ports (port 853) are blocked. Effectively, you have to try really hard to circumvent my DNS filters (but it's not a bullit proof setup I have made)
Pi-hole needs a resolving DNS server to forward DNS requests to. I recommend using Cloud9, as they do have some filters to help protecting you (and they don't log). Cloud 9 servers are predefined in Pi-hole. Maybe it would be appropriate for L1 to make a video about Cloud 9 and DNS security?
@@sitte24 :-D Shiit. I really hate my phone's multi-language dictionary... Now I wonder how many times it changed quad to cloud - without me noticing :-D
Cool Video ! I Have Ran PiHole Now For4-5Years on a home server & I Think It Is The Best Thing Sense Sliced Bread ..Well If You Hate Ads As Much As Me That Is ! I Use pfsense As well for 5-6 Years i just have not masterd it Yet With pfblock & my plex server,and some game servers & So Pf Sense & fire fox adon ad dblock+ & i Would Say they Stop 99% oof the pesky ads ..I Have a Custom list i tweked/Modded That Seams to work well..even though i did have a problem with youtube ads still poping up bfor ever video for a short time but that is all fixed,easy to do & just plain fun ! Any Tech guy/nerd or it guy is & Should probably B running this or something close to it !
On phones and tablets (and maybe laptops) there is also IMU tracking, which is not talked about very much and doesn't require user consent. It uses gyroscopes, accelerometers, and magnetic sensor (compass). Can pinpoint your location with the dead reckoning method, guess what activity you're doing based on acceleerometer movements, and possibly listen to vibrations (audio) since these sensors are so precise on devices today.
@@MrV1NC3N7V3G4 If you have AT&T U-Verse, you will need to setup IP Passthrough on the AT&T gateway in order for the 3rd party router to work correctly. There is no bridge mode on U-Verse like there was with the legacy DSL service from AT&T.
@@JJFlores197 I'll try that when I find the time to reconfigure everything in the house again. I think the first time I just connected the 2nd router via an ethernet port and let my AT&T router do all of the DHCP.
I do this on a Remote Level using AdGuard DNS on PC and Mobile. Blocking Malvertisers on a DNS Level through a Remote Server, rather than a Local Server.
IMHO, no. pfBlockerNG can use the same blocklists that PiHole does, doesn't require additional hardware/docker/VM etc. as well it can do Geoblocking. I ran PiHole for about a year before switching. Both work well, pfBlocker can do more. You're not playing whack-a-mole against people/devices casually bypassing your DNS by "going right to the gateway/router."
I would love to set something like this up, but I don't have a home server. Do I need one? I mean I really don't do anything other than play games and watch youtube/hulu.
Pi-Hole was originally designed to run on a Raspberry Pi. These can be bought for just $30 and ~is~ *are* more server than you ever need for this kind of stuff.
Can I just buy one of the cheap $5 Linode instances, install Docker on that and run PiHole through Linode as a custom DNS server & VPN when I'm away from home?
I've had a pi hole on a pi zero with an ethernet adapter for years now and the best part is blocking ads inside free programs and the like
and also in all android apps
My PiHole is on a Pi Zero W plugged into the router's USB port. Only one wire required. :o)
I've been using Pi-hole for 3 years now. The amount of things trying to get call home is staggering(telemetry). I noticed that some "smart" devices get really aggressive with their calls if you block them.
Yeah. I was looking myself logs that what on earth on my home network was so aggresive. Turned out to be Samsung TV.
Let met guess... Samsung smart TVs ? I just plugged it off -.-
@@MrLuNa77 Yup Samsung. I have since unplugged it. The "smart" functionality of the tv is not that useful anyways when there are other devices plugged into it. I think another offender was my tp-link smart socket. It's on a separate IOT wifi network now.
Roku doesn’t stop once you block it. Amazon devices are really bad as well.
PI-hole + Wireguard and DynDNS and you never have to look at an ad again ;-) not even on your Phone on the go.
But i would always build the NAS/Home-Server myself.
"Do you want to run a raspberry pi in your closet for 4 years?"
Me: *Stares nervously at my first gen RPi still running my DIY smart power strip after 6 years*
I love my pi-hole I've been running it for years. I think everyone should have one on their network.
I've got it running on a pi2 along with pi-vpn using wireguard. So hand, cheap to run and easily runs both and have it also running dhcp as well.
Its great as I can VPN into my home and then I get the filtering when off WiFi. Have it reboot once a week and since 5.0 update is great and can add devices to groups if people complain they can't buy things via Google links...
I know this video is 3 years old but something you said triggered me. Raspberry pi can run for a very long time. I built a magic mirror in early 2019 based on a pi 4. It has been running for those 5 years with only annual OS security updates, and no app maintenance. The hardware has run 24/7 with zero failures, not even the SD card.
i really enjoyed the part where he says, "edit resolve.conf" and the text in resolve.conf says, "DO not edit this file". He's talking like a traditional System V Unix Admin, not a modern day Systemd Linux Admin.
When advertisers realise their ads aren't generating income, the dead shall walk the earth.
Its also worth checking out nextdns.io. Its essentially a cloud based Pi-Hole. You can choose how long the logs stay up, and the physical location of the server that contains your logs. This say, you can have the convenience of Pi-Hole everywhere you go, and its guaranteed to stay up. Nextdns also supports DNS over TLS, and DNS over HTTPS. I've set my OpenWrt router with DNScrypt to use DoH, and my LineageOS Android phone to use DNS over TLS (which Android 9 and up natively supports).
Yep, I've got a few Pi's running for a few years now. The only 'maintenance' I've done is to ssh into them as part of my monthly update routine for all my homelab/connected crap. Definitely been more reliable than my damn cable modem!
I'm surprised he didn't mention DoH (DNS over HTTP). You'll want to add that list so your browser doesn't ignore your local DNS.
Dns crypt is more secure
But you could use all three (doh, dot,dnscrypt) plus dnssec
@@DistantComputer i totally missed that.
Watching your fine video with my Raspberry Pi Zero loaded with Pi-Hole plugged directly into my router. Love it!
Wendell, when I was first starting SQL there was a book "SQL in 10 minutes" that was about 50 pages long with the really basic concepts. Is there a similar book for networking?
Take a comp-tia course.
the major problem with pihole is finding good blocklists to actually stop all the ads, cause by default it doesnt actually block anything
Thanks for your continued Synology coverage!
as already a user of pihole I cant imagine the life without it
I still prefer pfblockerNG on pfsense which I set up for about $100, but this is great for those who already have a Synology and want to keep it together. Pfsense obviously offers lots of other fun things too.
the problem with pi-hole and synology (or nas in gerneral) is that it never enters hdd hibernation. most home users will use that feature. a raspberry zero will save a lot of energy und hdd wear compared to a 4 bay+ nas
but i get it - synology sponsor money...
Or... and hear me out... you could throw an SSD into your NAS and run pinhole on that ¯\_(ツ)_/¯
Running on Unraid I can run the PiHole docker without spinning up any of the HDD drives. Just have an unassigned drive like an SSD or even a flash drive and move your docker image there. Also makes docker containers extract and start up much faster.
To counter this (valid) point, Pis will absolutely destroy SD cards, and it's actually recommended to use USB storage for long-term use, whether flash drive, external HDD, or external SSD. The blame isn't entirely on the Pi, for some reason SD cards just seem to fail more than anything else.
@@SoundToxin Berryboot solves this pretty well and gives you additional features.
@@pieterrossouw8596 but this won't work on consumer grade NAS enclosures (synology, qnap, etc). which this is clearly addressed to. there's always a more professional solution , but for the average user a pi-hole with a pi (zero) would be easier than buying and setting up a unraid system.
I like what Pi-Hole does, and I like that it will track users so you can view who's looking at what in the Dashboard. Very useful if you have kids. However, it doesn't play well with Active Directory. Setting Pi-Hole as a forwarder in AD DNS is fine so users can login, but the Dashboard stops being useful as it only see's DNS requests from the AD DNS server. I wish there was an AD/LDAP plugin for it.
I clicked on this video to dig into Wendel's channel looking for his NAS videos, found something far cooler. This is awesome.
But how do I stop the false positives, like ads I intentionally click or things that aren't strictly ads?
This only works if you ensure a port 53 redirect. If an application or appliance has DNS:8.8.8.8 hard coded it will bypass the DNS server filtering. You should add something to the firewall that does a NAT redirect for port 53. Source: destination: port:53 NAT to ... did this with PFsense.
Mine cant bypass, I have set firewall rules to block all dns requests to internet if they are not from my pi-hole.
I have tried running it on a Synology 1819+ and while I can get into the webmin interface, the docker complains about ports 443, 53 and 67 being used by other services. I suspect it is because I am already using my Synology as the DHCP server for my network. Would that be the issue here? If so is there a way around this?
Can you do a tutorial on combining pihole with unbound/cloudflared to get encrypted dns too?
docs.pi-hole.net/guides/dns-over-https/ If you are comfortable cutting and pasting into an SSH console those instructions are fairly easy to follow.
Did not think of using my nas for this, I'll definitely try setting this up later
What are the adlists you recommend?
What’s a intrusive ad change mostly depending on if your on the delivering or reserving end!
I haven't tried it at the dns level yet - do websites with 'you have an adblocker' nags complain of this dns level block?
Not that I've noticed, the disable ad blocker notification hasn't shown up, even on sites that I know pop up with the notification with a normal ad blocker.
It's not any synology. It's any synology that has an Intel processor. Docker doesn't work on non intel CPU Synologys.
Thanks
Could you please point to introduction videos about what docker is and how it works on Synology NASes?
I paid for BeOS back in the day, got a book and a t-shirt :)
If you wanna do it properly you make a macvlan from command prompt without ip range and make the container from shell with mac id and ip asigned and thru macvlan
What happens when DoH and DoT gets ubiquitous? It would seem there's a bit of an arms race. The user has finally "won" with simplified DNS level blocking, so the next solution to deliver ads will not need DNS. What's next?
careful, many devices and software have dns servers hardcoded, so in firewall or router software i only allow 1 lan ip to connect to external 53 port. thats pihole ip.
I guess Docker is not available on "ALL" Synology boxes. I have a DS218j, Docker is not an installable item. Thanks, but I'll stick with the PI.
Same here... x86 wasn’t common on Synology, or NAS in general, until recently. With the success of Docker it’s been disappointing to say the least.
It seems the low end Synology NAS don’t support docker which I find a shame. Not sure why, perhaps CPU related.
Richard S ARM based nas won’t be supported. Only Intel.
Has to have an intel CPU.
@@richards7909 It's not low end. I have a 8 bay one. It needs an intel CPU.
I will watch this 4 more times before I start :-)
Google is the least intrusive, except TH-cam ad's. These have become really awful since the last policy change. I'd like Pi-Hole to spoof showing ad's. EG allow the page or document to load, but anything coming from a known IP / Domain of an advertiser should pretend to load on the Pi as if it was loading on the original page. Making it harder to detect ad blocking techniques. Harder, not impossible.
Great video, the one complaint i have is that there isn't a adlist for us to go off of.
I have 2 piholes on the cloud for redundancy.. takes care of the daily 150k requests, 75k blocks using 2.4M blocklist domains across my home & office networks and more importantly when I'm on mobile..
Amazing how people seem to be getting static IP so easily, where I am my ISP charges an arm and a leg for one. I wish there was a way to just use the normal IP and setting would simply change itself when the IP changes.
It's not WAN IP but LAN IP that has to be static. I think you can set that on your router without your ISPs say.
Thank you! Can we talk lists for a moment? Did the piHole change to regex or something similar? I configured the piHole lists on my pfsense dnsbl 2 years ago but it's not yet capable of doing regex url's. I think that's the reason why I still have ads in certain apps (Twitter). Is that correct?
Yes, you can do Regex on Piholes now.
They got rid of the list of adlist for a database of adlists, so you have to use their teleport backup and recovery tool
Pi Hole doesn't really filter Facebook that well, because Facebook uses very nasty scripting and nesting to hide/obscure their ad blocks
Awesome content, have been waiting for this. Now please make a video about running your own VPN 🥺
@Neon Rogue slooooow
Really the VPN is the easiest part, if you're going to rent a VPS or something, just simply making sure it's secure and setting up stuff like docker will take far longer than almost any service you want to run, double that if you want to do things proper by routing things through a reverse proxy and use a domain name (traefik ruined my excitement for finally setting up a home server).
PiVPN is probably the easiest way to get OpenVPN or preferably WireGuard running. I've got it running on a little Ubuntu VM at home so I can VPN into my network. You can easily spin up a nano or micro EC2, assign an elastic IP and VPN in there if you trust AWS with your traffic... The how isn't hard, it's where to run it that has become a minefield. Linode might be great and respect privacy (or not, I don't know) but they certainly don't have servers in every region.
I have everything set up like it was demonstrated, and it works on my computer if I set the dns server, but using that same IP on my Google WiFi causes no pages to load after restarting the network to make the change take effect. I would like to apply it network-wide with the router, but I'm struggling to make it work.
I want PiHole and LanCacheBundle but I run a domain controller at home (big family) and can't get group policy to work if DNS or DHCP are not coming from the DC. Any ideas around this?
People should check out "notrack" its basicly pihole on stereoids.
super simple setup on my pi3. Blocking 40% of my network traffic at my fritzbox... and yes the samsung tv is the worst offender
I have used pi hole a couple of times. My main issue is that the pi doesnt handle power cuts very good. So every now and then the memory becomes corrupt and I have to reinstall which drives me nuts.
-9:50 some cheap Synology NAS units don't support docker.
None of the ARM based ones support it. Only Intel.
Pihole+Adblocker plus+noscript+PrivacyBadger+CookieAutoDelete+WAF+DPI=Surfing without so many ads :)
Deploying Raspberry Pi with PoE is really really cool.
Got something like 1.15 mil sites blocked on my pi hole... still have ads slip through, even with 50-70% of all dns requests being blocked 😑
How did you allow port 53 on docker? I get a port conflict with my Synology. I’d rather set it’s own static IP.
I’m not a huge fan of Pi-Hole. I think Adguard Home may be better? Or even Cisco Umbrella
for non synology users try vmware or virtual box with dietpi image and install pihole by yourself
I run PiHole in a VM on my Plex server. It's great, no ads across everything
Will this work with Qnap nas?
how to do this on pfsense? Got pfblocker but its not enough. mybe its done through firewall rules, though thatll take to long to make.
I would suggest installing the official Cloudflared image in another Docker container so that you can have your DNS Upstream transferred over HTTPS (DoH).
I believe we can set up steam dns to cloudflare in pihole.
Brilliant. It's adblock on steroids 💪
Does the Docker image support a recursive DNS setup?
I remember beos. We had to install the demo version that had the file system that ran inside of a file..... the teacher told us not to bother with setting up internet, because it didnt work.... then he look over at me surfing the web, with a confused look on his face.
The only thing I wished Pi-Hole managed to do was block TH-cam ads. However that's pretty much impossible due to how Google injects ads from the same url as the video itself, thus blocking the ad blocks the video.
You should give a tutorial on setting up encrypted DNS on the thing as well. Especially considering both Google and OpenDNS has ECS (Extended Client Subnet) and Pi-Hole even warns you about using those DNS servers. DNSCrypt has some anonymized DNS features now that makes DNS lookups completely anonymous.
There's plugins now for most browsers that block TH-cam ads and generally make it easily usable (like removing unneeded blocks, easily adjusting playback speed including with a hotkey, and so on), and on Android office there's r Eva nСеD for that. Google breaks then sometimes by changing TH-cam, but that happens not that often, and generally there's an update for that shortly available.
the thing I really worry about is when content providers figure out how to get around DNS (hosting all ads and crapware on their own network is a super-simple first step). I can even imagine a time when the people who killed net neutrality make it an offense to muck with anything that is served by a content provider! If you block ads, y'all's ass is goin' ter jail, boy!
Wait I just got Linus pulseway ad before this video ?!? Mind blown
I do quite like the PiHole project, personally I'm currently using OpenWRT with the Adblock application which does the same DNS blocking but doesn't have a nice interface like that.
docker isn't supported o. my ds218 :( I tried manual install but its saying its unsupported
I love my PiHole!!!! currently blocking 51.7% of inquiries! That's NUTS!!!! Do you know of some GOOD blocklists?
DNS is IP version blind, correct? Does anything work differently on IP Version 6?
Love my Pi-Hole, running it in an Ubuntu Server VM on my R815, have it doing recursive DNS and DHCP for my VLANs, awesome program, do recommend recursive DNS!
Does Pi-hole block TH-cam ads on mobilephone?
could this be done with the synology router?
I’ve had pi hole on my pi for a while now. My only issue is websites not letting you view the page unless you disable pi hole
There has to be a convenient way to bypass filtering for those few that are worth it, I suppose, would like to learn that
I liked the video simply 'cause you told me to shut my pi-hole.
I use DoT - DNS-overTLS with Cloudflare on my router ( Asus with Merlin firmware) . Is it possible to configure PiHole to get it's dns-lists from that?
Not the lists but its queries: docs.pi-hole.net/guides/dns-over-https/
I'm screwed on this option for now. I've got Comcast and their XFi Gateway locks in their DNS servers. I have no way to override it for now. My pfSENSE router died and if I'm going to get into all that again, I'd just skip Pi-Hole and use pfBlocker and Suricata. For now, I'll just leave it as it is. :-(
...and then the ad serving app starts running its own DoH 🙄
Wait, is this an actual possibility?
You just need to add another list, like an adlist or malware list, so a host list I guess. Hasn't gotten bad enough you need content filtering. But that will be next.
It's only a matter of time. Then we have to block HTTPS requests to DOH from all hosts except for Pi-Hole.
@@Cheeky_Goose Yes, it's a possibility. Try looking at a Chromecast dongle...
It's even more painful than that.
There are normal DNS running on port 53 (can be both TCP and UDP but normally UDP).
Then there are DNS-over-HTTPS (DoH)
Finally, there are DNS-over-TLS (DoT).
Any application can in principle have a preconfigured list of servers it can try to connect to, to attemt circumventing DNS filtering.
To make matters worse (in this regard), a DoH service can run on any URL, and as the connection is encrypted, you can't really inspect it and block it specifically while leaving the rest of the site untouched. You are forced to block that host entirely.
In my own network (pfSense firewall):
- firewall rules will redirect any DNS request destined to external DNS servers to my own DNS (port 53).
(pfSense with Unbound DNS and pfBlockerNG plugin for pi-hole-like functions).
- any connections to public DoH servers (I know of), are blocked.
- any connections to DoT ports (port 853) are blocked.
Effectively, you have to try really hard to circumvent my DNS filters (but it's not a bullit proof setup I have made)
And then we shall all make the great pilgrimage to the holy grail... Pfsense.
Wendell is saving lives once again!!!!
Pi-hole needs a resolving DNS server to forward DNS requests to.
I recommend using Cloud9, as they do have some filters to help protecting you (and they don't log).
Cloud 9 servers are predefined in Pi-hole.
Maybe it would be appropriate for L1 to make a video about Cloud 9 and DNS security?
You mean Quad9 don't you? It's so simple to remember the name when looking at that IP
@@sitte24 :-D
Shiit. I really hate my phone's multi-language dictionary... Now I wonder how many times it changed quad to cloud - without me noticing :-D
"their pipe is not fat enough" - wendal 2020
wendal?
@@sirius4k vandal
Now use Pi-hole for the computer on your Level1 news videos. 😉 .
Does it block TH-cam ads?
Cool Video ! I Have Ran PiHole Now For4-5Years on a home server & I Think It Is The Best Thing Sense Sliced Bread ..Well If You Hate Ads As Much As Me That Is ! I Use pfsense As well for 5-6 Years i just have not masterd it Yet With pfblock & my plex server,and some game servers & So Pf Sense & fire fox adon ad dblock+ & i Would Say they Stop 99% oof the pesky ads ..I Have a Custom list i tweked/Modded That Seams to work well..even though i did have a problem with youtube ads still poping up bfor ever video for a short time but that is all fixed,easy to do & just plain fun ! Any Tech guy/nerd or it guy is & Should probably B running this or something close to it !
I keep seeing people say AdGuard is better than Pi-Hole and visa versa what do you think?
These sites and apps will still track you via browser/device fingerprinting.
On phones and tablets (and maybe laptops) there is also IMU tracking, which is not talked about very much and doesn't require user consent. It uses gyroscopes, accelerometers, and magnetic sensor (compass). Can pinpoint your location with the dead reckoning method, guess what activity you're doing based on acceleerometer movements, and possibly listen to vibrations (audio) since these sensors are so precise on devices today.
1:40 so... I now have a excuse to build/get a server to replace my pi3 running pihole....
I couldn't manage to click on this video fast enough.
And what if your AT&T modem/router will not let you change the DNS? I've searched the net and many people have this issue.
Plug your own router to at&t modem/router and then plug your devices into your own router.
@@lordstevewilson1331 I tried that at one point and it was still using the AT&T DNS. Maybe it was how the 2nd router was attached.
@@MrV1NC3N7V3G4 If you have AT&T U-Verse, you will need to setup IP Passthrough on the AT&T gateway in order for the 3rd party router to work correctly. There is no bridge mode on U-Verse like there was with the legacy DSL service from AT&T.
@@JJFlores197 I'll try that when I find the time to reconfigure everything in the house again. I think the first time I just connected the 2nd router via an ethernet port and let my AT&T router do all of the DHCP.
I do this on a Remote Level using AdGuard DNS on PC and Mobile. Blocking Malvertisers on a DNS Level through a Remote Server, rather than a Local Server.
I don't like to type ip:port in the browser. Instead I use vhosts proxy redirects in Apache + custom DNS entries.
Does anyone use DNS blocking using BIND9, if so can you please hint me in a direction?
Ive been looking for something to install on my r-pi for a week now
Newbie here. Could you give me a link to a video that actually shows how to setup pihole
I'm gonna set this up on my freenas box
Is there a benefit in using pi-hole over pfblocker?
IMHO, no. pfBlockerNG can use the same blocklists that PiHole does, doesn't require additional hardware/docker/VM etc. as well it can do Geoblocking. I ran PiHole for about a year before switching. Both work well, pfBlocker can do more. You're not playing whack-a-mole against people/devices casually bypassing your DNS by "going right to the gateway/router."
Just found out that my Nas (214) can not run Docker :(
whatever happened to those Snort for pFsense videos? :D
I would love to set something like this up, but I don't have a home server. Do I need one? I mean I really don't do anything other than play games and watch youtube/hulu.
Pi-Hole was originally designed to run on a Raspberry Pi. These can be bought for just $30 and ~is~ *are* more server than you ever need for this kind of stuff.
@@ecnctggc cool, tyvm
works in a VM on synology too
The PIA (privateinternetaccess) mobile app work like a pihole if you ge the one fromn their website and not the Play store
Can I just buy one of the cheap $5 Linode instances, install Docker on that and run PiHole through Linode as a custom DNS server & VPN when I'm away from home?
Yes you can, but it's a lot more complicated.
OK so I’m trying to set up a WISP Internet business model for a million people, how do I set up pi hole to handle that traffic?
You shouldn't be using pihole at such scale, get something enterprise grade