"Do you want to run a raspberry pi in your closet for 4 years?" Me: *Stares nervously at my first gen RPi still running my DIY smart power strip after 6 years*
I've been using Pi-hole for 3 years now. The amount of things trying to get call home is staggering(telemetry). I noticed that some "smart" devices get really aggressive with their calls if you block them.
@@MrLuNa77 Yup Samsung. I have since unplugged it. The "smart" functionality of the tv is not that useful anyways when there are other devices plugged into it. I think another offender was my tp-link smart socket. It's on a separate IOT wifi network now.
PI-hole + Wireguard and DynDNS and you never have to look at an ad again ;-) not even on your Phone on the go. But i would always build the NAS/Home-Server myself.
I've got it running on a pi2 along with pi-vpn using wireguard. So hand, cheap to run and easily runs both and have it also running dhcp as well. Its great as I can VPN into my home and then I get the filtering when off WiFi. Have it reboot once a week and since 5.0 update is great and can add devices to groups if people complain they can't buy things via Google links...
I know this video is 3 years old but something you said triggered me. Raspberry pi can run for a very long time. I built a magic mirror in early 2019 based on a pi 4. It has been running for those 5 years with only annual OS security updates, and no app maintenance. The hardware has run 24/7 with zero failures, not even the SD card.
Yep, I've got a few Pi's running for a few years now. The only 'maintenance' I've done is to ssh into them as part of my monthly update routine for all my homelab/connected crap. Definitely been more reliable than my damn cable modem!
i really enjoyed the part where he says, "edit resolve.conf" and the text in resolve.conf says, "DO not edit this file". He's talking like a traditional System V Unix Admin, not a modern day Systemd Linux Admin.
Wendell, when I was first starting SQL there was a book "SQL in 10 minutes" that was about 50 pages long with the really basic concepts. Is there a similar book for networking?
Its also worth checking out nextdns.io. Its essentially a cloud based Pi-Hole. You can choose how long the logs stay up, and the physical location of the server that contains your logs. This say, you can have the convenience of Pi-Hole everywhere you go, and its guaranteed to stay up. Nextdns also supports DNS over TLS, and DNS over HTTPS. I've set my OpenWrt router with DNScrypt to use DoH, and my LineageOS Android phone to use DNS over TLS (which Android 9 and up natively supports).
Not that I've noticed, the disable ad blocker notification hasn't shown up, even on sites that I know pop up with the notification with a normal ad blocker.
I like what Pi-Hole does, and I like that it will track users so you can view who's looking at what in the Dashboard. Very useful if you have kids. However, it doesn't play well with Active Directory. Setting Pi-Hole as a forwarder in AD DNS is fine so users can login, but the Dashboard stops being useful as it only see's DNS requests from the AD DNS server. I wish there was an AD/LDAP plugin for it.
I still prefer pfblockerNG on pfsense which I set up for about $100, but this is great for those who already have a Synology and want to keep it together. Pfsense obviously offers lots of other fun things too.
the problem with pi-hole and synology (or nas in gerneral) is that it never enters hdd hibernation. most home users will use that feature. a raspberry zero will save a lot of energy und hdd wear compared to a 4 bay+ nas but i get it - synology sponsor money...
Running on Unraid I can run the PiHole docker without spinning up any of the HDD drives. Just have an unassigned drive like an SSD or even a flash drive and move your docker image there. Also makes docker containers extract and start up much faster.
To counter this (valid) point, Pis will absolutely destroy SD cards, and it's actually recommended to use USB storage for long-term use, whether flash drive, external HDD, or external SSD. The blame isn't entirely on the Pi, for some reason SD cards just seem to fail more than anything else.
@@pieterrossouw8596 but this won't work on consumer grade NAS enclosures (synology, qnap, etc). which this is clearly addressed to. there's always a more professional solution , but for the average user a pi-hole with a pi (zero) would be easier than buying and setting up a unraid system.
I have tried running it on a Synology 1819+ and while I can get into the webmin interface, the docker complains about ports 443, 53 and 67 being used by other services. I suspect it is because I am already using my Synology as the DHCP server for my network. Would that be the issue here? If so is there a way around this?
Really the VPN is the easiest part, if you're going to rent a VPS or something, just simply making sure it's secure and setting up stuff like docker will take far longer than almost any service you want to run, double that if you want to do things proper by routing things through a reverse proxy and use a domain name (traefik ruined my excitement for finally setting up a home server).
PiVPN is probably the easiest way to get OpenVPN or preferably WireGuard running. I've got it running on a little Ubuntu VM at home so I can VPN into my network. You can easily spin up a nano or micro EC2, assign an elastic IP and VPN in there if you trust AWS with your traffic... The how isn't hard, it's where to run it that has become a minefield. Linode might be great and respect privacy (or not, I don't know) but they certainly don't have servers in every region.
I have used pi hole a couple of times. My main issue is that the pi doesnt handle power cuts very good. So every now and then the memory becomes corrupt and I have to reinstall which drives me nuts.
I have everything set up like it was demonstrated, and it works on my computer if I set the dns server, but using that same IP on my Google WiFi causes no pages to load after restarting the network to make the change take effect. I would like to apply it network-wide with the router, but I'm struggling to make it work.
Thank you! Can we talk lists for a moment? Did the piHole change to regex or something similar? I configured the piHole lists on my pfsense dnsbl 2 years ago but it's not yet capable of doing regex url's. I think that's the reason why I still have ads in certain apps (Twitter). Is that correct?
I remember beos. We had to install the demo version that had the file system that ran inside of a file..... the teacher told us not to bother with setting up internet, because it didnt work.... then he look over at me surfing the web, with a confused look on his face.
I want PiHole and LanCacheBundle but I run a domain controller at home (big family) and can't get group policy to work if DNS or DHCP are not coming from the DC. Any ideas around this?
What happens when DoH and DoT gets ubiquitous? It would seem there's a bit of an arms race. The user has finally "won" with simplified DNS level blocking, so the next solution to deliver ads will not need DNS. What's next?
Amazing how people seem to be getting static IP so easily, where I am my ISP charges an arm and a leg for one. I wish there was a way to just use the normal IP and setting would simply change itself when the IP changes.
How did you allow port 53 on docker? I get a port conflict with my Synology. I’d rather set it’s own static IP. I’m not a huge fan of Pi-Hole. I think Adguard Home may be better? Or even Cisco Umbrella
This only works if you ensure a port 53 redirect. If an application or appliance has DNS:8.8.8.8 hard coded it will bypass the DNS server filtering. You should add something to the firewall that does a NAT redirect for port 53. Source: destination: port:53 NAT to ... did this with PFsense.
If you wanna do it properly you make a macvlan from command prompt without ip range and make the container from shell with mac id and ip asigned and thru macvlan
The only thing I wished Pi-Hole managed to do was block TH-cam ads. However that's pretty much impossible due to how Google injects ads from the same url as the video itself, thus blocking the ad blocks the video. You should give a tutorial on setting up encrypted DNS on the thing as well. Especially considering both Google and OpenDNS has ECS (Extended Client Subnet) and Pi-Hole even warns you about using those DNS servers. DNSCrypt has some anonymized DNS features now that makes DNS lookups completely anonymous.
There's plugins now for most browsers that block TH-cam ads and generally make it easily usable (like removing unneeded blocks, easily adjusting playback speed including with a hotkey, and so on), and on Android office there's r Eva nСеD for that. Google breaks then sometimes by changing TH-cam, but that happens not that often, and generally there's an update for that shortly available.
You just need to add another list, like an adlist or malware list, so a host list I guess. Hasn't gotten bad enough you need content filtering. But that will be next.
@@Cheeky_Goose Yes, it's a possibility. Try looking at a Chromecast dongle... It's even more painful than that. There are normal DNS running on port 53 (can be both TCP and UDP but normally UDP). Then there are DNS-over-HTTPS (DoH) Finally, there are DNS-over-TLS (DoT). Any application can in principle have a preconfigured list of servers it can try to connect to, to attemt circumventing DNS filtering. To make matters worse (in this regard), a DoH service can run on any URL, and as the connection is encrypted, you can't really inspect it and block it specifically while leaving the rest of the site untouched. You are forced to block that host entirely. In my own network (pfSense firewall): - firewall rules will redirect any DNS request destined to external DNS servers to my own DNS (port 53). (pfSense with Unbound DNS and pfBlockerNG plugin for pi-hole-like functions). - any connections to public DoH servers (I know of), are blocked. - any connections to DoT ports (port 853) are blocked. Effectively, you have to try really hard to circumvent my DNS filters (but it's not a bullit proof setup I have made)
@@MrV1NC3N7V3G4 If you have AT&T U-Verse, you will need to setup IP Passthrough on the AT&T gateway in order for the 3rd party router to work correctly. There is no bridge mode on U-Verse like there was with the legacy DSL service from AT&T.
@@JJFlores197 I'll try that when I find the time to reconfigure everything in the house again. I think the first time I just connected the 2nd router via an ethernet port and let my AT&T router do all of the DHCP.
I'm screwed on this option for now. I've got Comcast and their XFi Gateway locks in their DNS servers. I have no way to override it for now. My pfSENSE router died and if I'm going to get into all that again, I'd just skip Pi-Hole and use pfBlocker and Suricata. For now, I'll just leave it as it is. :-(
IMHO, no. pfBlockerNG can use the same blocklists that PiHole does, doesn't require additional hardware/docker/VM etc. as well it can do Geoblocking. I ran PiHole for about a year before switching. Both work well, pfBlocker can do more. You're not playing whack-a-mole against people/devices casually bypassing your DNS by "going right to the gateway/router."
Cool Video ! I Have Ran PiHole Now For4-5Years on a home server & I Think It Is The Best Thing Sense Sliced Bread ..Well If You Hate Ads As Much As Me That Is ! I Use pfsense As well for 5-6 Years i just have not masterd it Yet With pfblock & my plex server,and some game servers & So Pf Sense & fire fox adon ad dblock+ & i Would Say they Stop 99% oof the pesky ads ..I Have a Custom list i tweked/Modded That Seams to work well..even though i did have a problem with youtube ads still poping up bfor ever video for a short time but that is all fixed,easy to do & just plain fun ! Any Tech guy/nerd or it guy is & Should probably B running this or something close to it !
I have 2 piholes on the cloud for redundancy.. takes care of the daily 150k requests, 75k blocks using 2.4M blocklist domains across my home & office networks and more importantly when I'm on mobile..
Love my Pi-Hole, running it in an Ubuntu Server VM on my R815, have it doing recursive DNS and DHCP for my VLANs, awesome program, do recommend recursive DNS!
careful, many devices and software have dns servers hardcoded, so in firewall or router software i only allow 1 lan ip to connect to external 53 port. thats pihole ip.
I use DoT - DNS-overTLS with Cloudflare on my router ( Asus with Merlin firmware) . Is it possible to configure PiHole to get it's dns-lists from that?
I would love to set something like this up, but I don't have a home server. Do I need one? I mean I really don't do anything other than play games and watch youtube/hulu.
Pi-Hole was originally designed to run on a Raspberry Pi. These can be bought for just $30 and ~is~ *are* more server than you ever need for this kind of stuff.
@@nictou That does not help with answering my question. I do not have time to verify someones side projects like pi-hole, and I doubt many has such time. But pfblocker has more eyes on it.
@@lifebarier ..then the answer is "no". Different use cases . I needed a network-wide blocker/filter and do not have a home lab to play with. So i use a pi3 under my shoe shelf. Simple "plug and play" ... DietPi as OS and one wget command. This more for the "wife Factor" than for a production environment.
On phones and tablets (and maybe laptops) there is also IMU tracking, which is not talked about very much and doesn't require user consent. It uses gyroscopes, accelerometers, and magnetic sensor (compass). Can pinpoint your location with the dead reckoning method, guess what activity you're doing based on acceleerometer movements, and possibly listen to vibrations (audio) since these sensors are so precise on devices today.
I do quite like the PiHole project, personally I'm currently using OpenWRT with the Adblock application which does the same DNS blocking but doesn't have a nice interface like that.
the thing I really worry about is when content providers figure out how to get around DNS (hosting all ads and crapware on their own network is a super-simple first step). I can even imagine a time when the people who killed net neutrality make it an offense to muck with anything that is served by a content provider! If you block ads, y'all's ass is goin' ter jail, boy!
I would suggest installing the official Cloudflared image in another Docker container so that you can have your DNS Upstream transferred over HTTPS (DoH).
Pi-hole needs a resolving DNS server to forward DNS requests to. I recommend using Cloud9, as they do have some filters to help protecting you (and they don't log). Cloud 9 servers are predefined in Pi-hole. Maybe it would be appropriate for L1 to make a video about Cloud 9 and DNS security?
@@sitte24 :-D Shiit. I really hate my phone's multi-language dictionary... Now I wonder how many times it changed quad to cloud - without me noticing :-D
Can I just buy one of the cheap $5 Linode instances, install Docker on that and run PiHole through Linode as a custom DNS server & VPN when I'm away from home?
Google is the least intrusive, except TH-cam ad's. These have become really awful since the last policy change. I'd like Pi-Hole to spoof showing ad's. EG allow the page or document to load, but anything coming from a known IP / Domain of an advertiser should pretend to load on the Pi as if it was loading on the original page. Making it harder to detect ad blocking techniques. Harder, not impossible.
"Do you want to run a raspberry pi in your closet for 4 years?"
Me: *Stares nervously at my first gen RPi still running my DIY smart power strip after 6 years*
I've had a pi hole on a pi zero with an ethernet adapter for years now and the best part is blocking ads inside free programs and the like
and also in all android apps
My PiHole is on a Pi Zero W plugged into the router's USB port. Only one wire required. :o)
I've been using Pi-hole for 3 years now. The amount of things trying to get call home is staggering(telemetry). I noticed that some "smart" devices get really aggressive with their calls if you block them.
Yeah. I was looking myself logs that what on earth on my home network was so aggresive. Turned out to be Samsung TV.
Let met guess... Samsung smart TVs ? I just plugged it off -.-
@@MrLuNa77 Yup Samsung. I have since unplugged it. The "smart" functionality of the tv is not that useful anyways when there are other devices plugged into it. I think another offender was my tp-link smart socket. It's on a separate IOT wifi network now.
Roku doesn’t stop once you block it. Amazon devices are really bad as well.
PI-hole + Wireguard and DynDNS and you never have to look at an ad again ;-) not even on your Phone on the go.
But i would always build the NAS/Home-Server myself.
Thanks for your continued Synology coverage!
When advertisers realise their ads aren't generating income, the dead shall walk the earth.
I love my pi-hole I've been running it for years. I think everyone should have one on their network.
I've got it running on a pi2 along with pi-vpn using wireguard. So hand, cheap to run and easily runs both and have it also running dhcp as well.
Its great as I can VPN into my home and then I get the filtering when off WiFi. Have it reboot once a week and since 5.0 update is great and can add devices to groups if people complain they can't buy things via Google links...
I know this video is 3 years old but something you said triggered me. Raspberry pi can run for a very long time. I built a magic mirror in early 2019 based on a pi 4. It has been running for those 5 years with only annual OS security updates, and no app maintenance. The hardware has run 24/7 with zero failures, not even the SD card.
Watching your fine video with my Raspberry Pi Zero loaded with Pi-Hole plugged directly into my router. Love it!
Yep, I've got a few Pi's running for a few years now. The only 'maintenance' I've done is to ssh into them as part of my monthly update routine for all my homelab/connected crap. Definitely been more reliable than my damn cable modem!
i really enjoyed the part where he says, "edit resolve.conf" and the text in resolve.conf says, "DO not edit this file". He's talking like a traditional System V Unix Admin, not a modern day Systemd Linux Admin.
Wendell, when I was first starting SQL there was a book "SQL in 10 minutes" that was about 50 pages long with the really basic concepts. Is there a similar book for networking?
Take a comp-tia course.
I'm surprised he didn't mention DoH (DNS over HTTP). You'll want to add that list so your browser doesn't ignore your local DNS.
Dns crypt is more secure
But you could use all three (doh, dot,dnscrypt) plus dnssec
@@DistantComputer i totally missed that.
But how do I stop the false positives, like ads I intentionally click or things that aren't strictly ads?
Its also worth checking out nextdns.io. Its essentially a cloud based Pi-Hole. You can choose how long the logs stay up, and the physical location of the server that contains your logs. This say, you can have the convenience of Pi-Hole everywhere you go, and its guaranteed to stay up. Nextdns also supports DNS over TLS, and DNS over HTTPS. I've set my OpenWrt router with DNScrypt to use DoH, and my LineageOS Android phone to use DNS over TLS (which Android 9 and up natively supports).
as already a user of pihole I cant imagine the life without it
What are the adlists you recommend?
the major problem with pihole is finding good blocklists to actually stop all the ads, cause by default it doesnt actually block anything
I clicked on this video to dig into Wendel's channel looking for his NAS videos, found something far cooler. This is awesome.
Can you do a tutorial on combining pihole with unbound/cloudflared to get encrypted dns too?
docs.pi-hole.net/guides/dns-over-https/ If you are comfortable cutting and pasting into an SSH console those instructions are fairly easy to follow.
I haven't tried it at the dns level yet - do websites with 'you have an adblocker' nags complain of this dns level block?
Not that I've noticed, the disable ad blocker notification hasn't shown up, even on sites that I know pop up with the notification with a normal ad blocker.
I like what Pi-Hole does, and I like that it will track users so you can view who's looking at what in the Dashboard. Very useful if you have kids. However, it doesn't play well with Active Directory. Setting Pi-Hole as a forwarder in AD DNS is fine so users can login, but the Dashboard stops being useful as it only see's DNS requests from the AD DNS server. I wish there was an AD/LDAP plugin for it.
Did not think of using my nas for this, I'll definitely try setting this up later
What’s a intrusive ad change mostly depending on if your on the delivering or reserving end!
Will this work with Qnap nas?
I still prefer pfblockerNG on pfsense which I set up for about $100, but this is great for those who already have a Synology and want to keep it together. Pfsense obviously offers lots of other fun things too.
the problem with pi-hole and synology (or nas in gerneral) is that it never enters hdd hibernation. most home users will use that feature. a raspberry zero will save a lot of energy und hdd wear compared to a 4 bay+ nas
but i get it - synology sponsor money...
Or... and hear me out... you could throw an SSD into your NAS and run pinhole on that ¯\_(ツ)_/¯
Running on Unraid I can run the PiHole docker without spinning up any of the HDD drives. Just have an unassigned drive like an SSD or even a flash drive and move your docker image there. Also makes docker containers extract and start up much faster.
To counter this (valid) point, Pis will absolutely destroy SD cards, and it's actually recommended to use USB storage for long-term use, whether flash drive, external HDD, or external SSD. The blame isn't entirely on the Pi, for some reason SD cards just seem to fail more than anything else.
@@SoundToxin Berryboot solves this pretty well and gives you additional features.
@@pieterrossouw8596 but this won't work on consumer grade NAS enclosures (synology, qnap, etc). which this is clearly addressed to. there's always a more professional solution , but for the average user a pi-hole with a pi (zero) would be easier than buying and setting up a unraid system.
I have tried running it on a Synology 1819+ and while I can get into the webmin interface, the docker complains about ports 443, 53 and 67 being used by other services. I suspect it is because I am already using my Synology as the DHCP server for my network. Would that be the issue here? If so is there a way around this?
Thanks
Could you please point to introduction videos about what docker is and how it works on Synology NASes?
Does it block TH-cam ads?
I will watch this 4 more times before I start :-)
I guess Docker is not available on "ALL" Synology boxes. I have a DS218j, Docker is not an installable item. Thanks, but I'll stick with the PI.
Same here... x86 wasn’t common on Synology, or NAS in general, until recently. With the success of Docker it’s been disappointing to say the least.
It seems the low end Synology NAS don’t support docker which I find a shame. Not sure why, perhaps CPU related.
Richard S ARM based nas won’t be supported. Only Intel.
Has to have an intel CPU.
@@richards7909 It's not low end. I have a 8 bay one. It needs an intel CPU.
Does Pi-hole block TH-cam ads on mobilephone?
I’ve had pi hole on my pi for a while now. My only issue is websites not letting you view the page unless you disable pi hole
There has to be a convenient way to bypass filtering for those few that are worth it, I suppose, would like to learn that
Awesome content, have been waiting for this. Now please make a video about running your own VPN 🥺
@Neon Rogue slooooow
Really the VPN is the easiest part, if you're going to rent a VPS or something, just simply making sure it's secure and setting up stuff like docker will take far longer than almost any service you want to run, double that if you want to do things proper by routing things through a reverse proxy and use a domain name (traefik ruined my excitement for finally setting up a home server).
PiVPN is probably the easiest way to get OpenVPN or preferably WireGuard running. I've got it running on a little Ubuntu VM at home so I can VPN into my network. You can easily spin up a nano or micro EC2, assign an elastic IP and VPN in there if you trust AWS with your traffic... The how isn't hard, it's where to run it that has become a minefield. Linode might be great and respect privacy (or not, I don't know) but they certainly don't have servers in every region.
Does the Docker image support a recursive DNS setup?
-9:50 some cheap Synology NAS units don't support docker.
None of the ARM based ones support it. Only Intel.
I have used pi hole a couple of times. My main issue is that the pi doesnt handle power cuts very good. So every now and then the memory becomes corrupt and I have to reinstall which drives me nuts.
I have everything set up like it was demonstrated, and it works on my computer if I set the dns server, but using that same IP on my Google WiFi causes no pages to load after restarting the network to make the change take effect. I would like to apply it network-wide with the router, but I'm struggling to make it work.
Thank you! Can we talk lists for a moment? Did the piHole change to regex or something similar? I configured the piHole lists on my pfsense dnsbl 2 years ago but it's not yet capable of doing regex url's. I think that's the reason why I still have ads in certain apps (Twitter). Is that correct?
Yes, you can do Regex on Piholes now.
They got rid of the list of adlist for a database of adlists, so you have to use their teleport backup and recovery tool
Got something like 1.15 mil sites blocked on my pi hole... still have ads slip through, even with 50-70% of all dns requests being blocked 😑
I remember beos. We had to install the demo version that had the file system that ran inside of a file..... the teacher told us not to bother with setting up internet, because it didnt work.... then he look over at me surfing the web, with a confused look on his face.
docker isn't supported o. my ds218 :( I tried manual install but its saying its unsupported
I want PiHole and LanCacheBundle but I run a domain controller at home (big family) and can't get group policy to work if DNS or DHCP are not coming from the DC. Any ideas around this?
What happens when DoH and DoT gets ubiquitous? It would seem there's a bit of an arms race. The user has finally "won" with simplified DNS level blocking, so the next solution to deliver ads will not need DNS. What's next?
I love my PiHole!!!! currently blocking 51.7% of inquiries! That's NUTS!!!! Do you know of some GOOD blocklists?
I paid for BeOS back in the day, got a book and a t-shirt :)
could this be done with the synology router?
Amazing how people seem to be getting static IP so easily, where I am my ISP charges an arm and a leg for one. I wish there was a way to just use the normal IP and setting would simply change itself when the IP changes.
It's not WAN IP but LAN IP that has to be static. I think you can set that on your router without your ISPs say.
whatever happened to those Snort for pFsense videos? :D
Great video, the one complaint i have is that there isn't a adlist for us to go off of.
Brilliant. It's adblock on steroids 💪
"their pipe is not fat enough" - wendal 2020
wendal?
@@sirius4k vandal
how to do this on pfsense? Got pfblocker but its not enough. mybe its done through firewall rules, though thatll take to long to make.
How did you allow port 53 on docker? I get a port conflict with my Synology. I’d rather set it’s own static IP.
I’m not a huge fan of Pi-Hole. I think Adguard Home may be better? Or even Cisco Umbrella
It's not any synology. It's any synology that has an Intel processor. Docker doesn't work on non intel CPU Synologys.
This only works if you ensure a port 53 redirect. If an application or appliance has DNS:8.8.8.8 hard coded it will bypass the DNS server filtering. You should add something to the firewall that does a NAT redirect for port 53. Source: destination: port:53 NAT to ... did this with PFsense.
Mine cant bypass, I have set firewall rules to block all dns requests to internet if they are not from my pi-hole.
If you wanna do it properly you make a macvlan from command prompt without ip range and make the container from shell with mac id and ip asigned and thru macvlan
The only thing I wished Pi-Hole managed to do was block TH-cam ads. However that's pretty much impossible due to how Google injects ads from the same url as the video itself, thus blocking the ad blocks the video.
You should give a tutorial on setting up encrypted DNS on the thing as well. Especially considering both Google and OpenDNS has ECS (Extended Client Subnet) and Pi-Hole even warns you about using those DNS servers. DNSCrypt has some anonymized DNS features now that makes DNS lookups completely anonymous.
There's plugins now for most browsers that block TH-cam ads and generally make it easily usable (like removing unneeded blocks, easily adjusting playback speed including with a hotkey, and so on), and on Android office there's r Eva nСеD for that. Google breaks then sometimes by changing TH-cam, but that happens not that often, and generally there's an update for that shortly available.
for non synology users try vmware or virtual box with dietpi image and install pihole by yourself
Newbie here. Could you give me a link to a video that actually shows how to setup pihole
DNS is IP version blind, correct? Does anything work differently on IP Version 6?
I keep seeing people say AdGuard is better than Pi-Hole and visa versa what do you think?
People should check out "notrack" its basicly pihole on stereoids.
Deploying Raspberry Pi with PoE is really really cool.
...and then the ad serving app starts running its own DoH 🙄
Wait, is this an actual possibility?
You just need to add another list, like an adlist or malware list, so a host list I guess. Hasn't gotten bad enough you need content filtering. But that will be next.
It's only a matter of time. Then we have to block HTTPS requests to DOH from all hosts except for Pi-Hole.
@@Cheeky_Goose Yes, it's a possibility. Try looking at a Chromecast dongle...
It's even more painful than that.
There are normal DNS running on port 53 (can be both TCP and UDP but normally UDP).
Then there are DNS-over-HTTPS (DoH)
Finally, there are DNS-over-TLS (DoT).
Any application can in principle have a preconfigured list of servers it can try to connect to, to attemt circumventing DNS filtering.
To make matters worse (in this regard), a DoH service can run on any URL, and as the connection is encrypted, you can't really inspect it and block it specifically while leaving the rest of the site untouched. You are forced to block that host entirely.
In my own network (pfSense firewall):
- firewall rules will redirect any DNS request destined to external DNS servers to my own DNS (port 53).
(pfSense with Unbound DNS and pfBlockerNG plugin for pi-hole-like functions).
- any connections to public DoH servers (I know of), are blocked.
- any connections to DoT ports (port 853) are blocked.
Effectively, you have to try really hard to circumvent my DNS filters (but it's not a bullit proof setup I have made)
And then we shall all make the great pilgrimage to the holy grail... Pfsense.
works in a VM on synology too
And what if your AT&T modem/router will not let you change the DNS? I've searched the net and many people have this issue.
Plug your own router to at&t modem/router and then plug your devices into your own router.
@@lordstevewilson1331 I tried that at one point and it was still using the AT&T DNS. Maybe it was how the 2nd router was attached.
@@MrV1NC3N7V3G4 If you have AT&T U-Verse, you will need to setup IP Passthrough on the AT&T gateway in order for the 3rd party router to work correctly. There is no bridge mode on U-Verse like there was with the legacy DSL service from AT&T.
@@JJFlores197 I'll try that when I find the time to reconfigure everything in the house again. I think the first time I just connected the 2nd router via an ethernet port and let my AT&T router do all of the DHCP.
Now use Pi-hole for the computer on your Level1 news videos. 😉 .
Wait I just got Linus pulseway ad before this video ?!? Mind blown
I'm screwed on this option for now. I've got Comcast and their XFi Gateway locks in their DNS servers. I have no way to override it for now. My pfSENSE router died and if I'm going to get into all that again, I'd just skip Pi-Hole and use pfBlocker and Suricata. For now, I'll just leave it as it is. :-(
Is there a benefit in using pi-hole over pfblocker?
IMHO, no. pfBlockerNG can use the same blocklists that PiHole does, doesn't require additional hardware/docker/VM etc. as well it can do Geoblocking. I ran PiHole for about a year before switching. Both work well, pfBlocker can do more. You're not playing whack-a-mole against people/devices casually bypassing your DNS by "going right to the gateway/router."
Cool Video ! I Have Ran PiHole Now For4-5Years on a home server & I Think It Is The Best Thing Sense Sliced Bread ..Well If You Hate Ads As Much As Me That Is ! I Use pfsense As well for 5-6 Years i just have not masterd it Yet With pfblock & my plex server,and some game servers & So Pf Sense & fire fox adon ad dblock+ & i Would Say they Stop 99% oof the pesky ads ..I Have a Custom list i tweked/Modded That Seams to work well..even though i did have a problem with youtube ads still poping up bfor ever video for a short time but that is all fixed,easy to do & just plain fun ! Any Tech guy/nerd or it guy is & Should probably B running this or something close to it !
Pihole+Adblocker plus+noscript+PrivacyBadger+CookieAutoDelete+WAF+DPI=Surfing without so many ads :)
Wendell is saving lives once again!!!!
I have 2 piholes on the cloud for redundancy.. takes care of the daily 150k requests, 75k blocks using 2.4M blocklist domains across my home & office networks and more importantly when I'm on mobile..
Pi Hole doesn't really filter Facebook that well, because Facebook uses very nasty scripting and nesting to hide/obscure their ad blocks
Love my Pi-Hole, running it in an Ubuntu Server VM on my R815, have it doing recursive DNS and DHCP for my VLANs, awesome program, do recommend recursive DNS!
careful, many devices and software have dns servers hardcoded, so in firewall or router software i only allow 1 lan ip to connect to external 53 port. thats pihole ip.
I don't like to type ip:port in the browser. Instead I use vhosts proxy redirects in Apache + custom DNS entries.
Does anyone use DNS blocking using BIND9, if so can you please hint me in a direction?
I use DoT - DNS-overTLS with Cloudflare on my router ( Asus with Merlin firmware) . Is it possible to configure PiHole to get it's dns-lists from that?
Not the lists but its queries: docs.pi-hole.net/guides/dns-over-https/
I would love to set something like this up, but I don't have a home server. Do I need one? I mean I really don't do anything other than play games and watch youtube/hulu.
Pi-Hole was originally designed to run on a Raspberry Pi. These can be bought for just $30 and ~is~ *are* more server than you ever need for this kind of stuff.
@@ecnctggc cool, tyvm
Any good reason to trust pi-hole over pfblocker?
It's prettier
why trust any software? look and verify yourself
@@nictou
That does not help with answering my question.
I do not have time to verify someones side projects like pi-hole, and I doubt many has such time. But pfblocker has more eyes on it.
@@lifebarier ..then the answer is "no". Different use cases . I needed a network-wide blocker/filter and do not have a home lab to play with. So i use a pi3 under my shoe shelf. Simple "plug and play" ... DietPi as OS and one wget command. This more for the "wife Factor" than for a production environment.
@@nictou I disagree with "different use-cases", from the way you put it it seems that pi-hole is just poor mans pfblocker.
OK so I’m trying to set up a WISP Internet business model for a million people, how do I set up pi hole to handle that traffic?
You shouldn't be using pihole at such scale, get something enterprise grade
Just found out that my Nas (214) can not run Docker :(
These sites and apps will still track you via browser/device fingerprinting.
On phones and tablets (and maybe laptops) there is also IMU tracking, which is not talked about very much and doesn't require user consent. It uses gyroscopes, accelerometers, and magnetic sensor (compass). Can pinpoint your location with the dead reckoning method, guess what activity you're doing based on acceleerometer movements, and possibly listen to vibrations (audio) since these sensors are so precise on devices today.
I liked the video simply 'cause you told me to shut my pi-hole.
I do quite like the PiHole project, personally I'm currently using OpenWRT with the Adblock application which does the same DNS blocking but doesn't have a nice interface like that.
What if I want to use a VPN too?
super simple setup on my pi3. Blocking 40% of my network traffic at my fritzbox... and yes the samsung tv is the worst offender
I run PiHole in a VM on my Plex server. It's great, no ads across everything
the thing I really worry about is when content providers figure out how to get around DNS (hosting all ads and crapware on their own network is a super-simple first step). I can even imagine a time when the people who killed net neutrality make it an offense to muck with anything that is served by a content provider! If you block ads, y'all's ass is goin' ter jail, boy!
The PIA (privateinternetaccess) mobile app work like a pihole if you ge the one fromn their website and not the Play store
I would suggest installing the official Cloudflared image in another Docker container so that you can have your DNS Upstream transferred over HTTPS (DoH).
I believe we can set up steam dns to cloudflare in pihole.
Pi-hole needs a resolving DNS server to forward DNS requests to.
I recommend using Cloud9, as they do have some filters to help protecting you (and they don't log).
Cloud 9 servers are predefined in Pi-hole.
Maybe it would be appropriate for L1 to make a video about Cloud 9 and DNS security?
You mean Quad9 don't you? It's so simple to remember the name when looking at that IP
@@sitte24 :-D
Shiit. I really hate my phone's multi-language dictionary... Now I wonder how many times it changed quad to cloud - without me noticing :-D
Excellent...been using Brave browser..crazy what internet is trying to harvest.
I'm gonna set this up on my freenas box
Can I just buy one of the cheap $5 Linode instances, install Docker on that and run PiHole through Linode as a custom DNS server & VPN when I'm away from home?
Yes you can, but it's a lot more complicated.
Open dna? Please tell me more.
Google is the least intrusive, except TH-cam ad's. These have become really awful since the last policy change. I'd like Pi-Hole to spoof showing ad's. EG allow the page or document to load, but anything coming from a known IP / Domain of an advertiser should pretend to load on the Pi as if it was loading on the original page. Making it harder to detect ad blocking techniques. Harder, not impossible.