Want to have a better online experience without advertisements and sneaky tracking codes that invade your privacy and monitor your activities ? Wouldn’t it be great that kids playing games on the tablet or phone will not see strange ads, and have a better and enjoyable experience ?
Pi-hole helps you achieve this, being installed once and securing all devices in your home or the organization. This article will show a way to quick install & configure it using DietPi.
- Short intro to Pi-hole & Unbound, DietPi
- Install DietPi
- Install Pi-hole & Unbound
- Configuring Pi-hole as network ad-blocker
- What are Pi-hole lists and how we add them ?
Pi-hole – Network-wide ad blocking
Pi-hole is an open source project, and you can install it for free, offering much more than a pleasant web browsing and gaming experience. It brings safety, and gives ways to avoid ransomware attacks. It may be tempting to open a disguised email, which seems to be received from the bank, school, or a close friend who invite you to click on a certain button or link. Pi-Hole neutralizes these links making them ineffective.
Pi-hole web admin could be accessed from any web browser, and it provides an awesome dashboard to monitor various stats on ad blocking.
It relies on 3rd party lists, that block ads, trackers, malware link, and other not desired queries from your entire network without needing to install anything on your smartphone, laptop, media player, TV, tablet or any other devices. It improves privacy and security for all your network devices.
Unbound is a fast and secure DNS server, primarily developed by NLnet Labs.
Essentially Unbound will look up a DNS query by asking TLD servers for DNS in a recursive manner. The major benefit is more security; you do not have to trust an upstream provider with your DNS traffic.
Unbound is helpful in many ways, and here are a few advantages:
- Privacy – as you’re directly contacting the responsive servers, no server can fully log the exact paths you’re going. As a result you do not have to trust an upstream provider with your DNS traffic. Example: Google DNS servers will only be asked if you want to visit a Google website, and not that you want to see the website of your favorite news provider.
- Validation – When you want to check the hostname of your bank, you want to make sure that hostname matches you bank’s actual IP address and not some phishing site, somewhere in the world.
- Caching – A local DNS reduces the traffic across the Internet, by reducing load on authoritative name servers, particularly root name servers. DietPi configures both systems (Pi-hole & Unbound) to use caching, and all the DNS queries are answered quickly, increasing the performance of any application that use DNS.
The only drawback is performance for initial lookups, as they need to traverse and this takes time. But with caching, the speed of running any additional query increases a lot !
DietPi is a highly optimised & minimal Debian-based Linux distribution. It is extremely lightweight at its core, and also easy to install and use. You can install it:
- on Single Board Computers (SBC), such as RaspberryPi 4, Pi 400 and all the earlier models (Raspberry 1/2/3), Odroid, RockPi, Asus, NanoPi etc.
- on Virtual Machines using Virtual Box, Hyper-V or VMware
- on PC – maybe you have just purchased a mini PC (Intel NUC, Asus Minim PC etc.) or have an unused old laptop
This article assumes that you have installed DietPi OS already. If you have not done yet, start by opening DietPi.com and choose your favorite setup. Then follow the install tutorial, with only 4 steps to follow. It includes also a video tutorial, showing live how to make the installation.
Install Pi-Hole together with Unbound
To install any of the DietPi Optimised Software run
dietpi-launcher from the command line and select
DietPi-Software or launch the tool
Choose Software Optimised and select Pi-Hole (or use the Search option). Once selected, press space to mark for installation.
Pi-hole needs a static IP, and DietPi will help setting it. Unless it is not already enabled, select OK.
In addition to Pi-hole and Unbound you may select other software titles. Open the DietPi Documentation page to see the description, installation details, or even YouTube videos.
Most of the software is automatically configured by DietPi, and this applies also for Unbound. Pi-Hole comes with a rich install guide, enabling different options based on your needs.
We’re going to change this later, so just hit <Ok>.
My network supports both protocols. Choose what works for you.
Hit <Yes>. We set a static address already.
While Pi-Hole could be configured & managed also from the command line, you would probably also want the web admin interface, for simplicity and easiness of access.
Logs are half the fun, and I recommend logging.
If this is a private network device, I recommend showing everything.
When the installation is complete you will get a final screen. Please note that the login password is your DietPi Global Software Password.
DietPi does the full installation of the Unbound automatically, without any user need. The same also with the initial configuration, as well as starting automatically the service. If you want to find out more about configuration directory, logs, check the documentation page (link).
Configuring devices to use Pi-Hole
To activate the DNS setting, connect to your router and set the DNS value. All your devices will be protected and you only need to change one setting.
The first step will be to open the router web page (or the administration console). If you are not sure which IP address the router has, check the next page – How to find your router IP address on any device.
The second step, once you are logged in on the router’s web-based administration console, set the DNS name server to the IP where Pi-Hole is installed.
Changing the DNS server settings on your router may be difficult, since every manufacturer uses a custom interface. If you have issues on setting the DNS, here are the instructions for the most popular router brands – Lifewire article.
NOTE 1: Most devices provide at least two DNS name servers. Unless you have two Pi-Hole instances running at home, you will provide one DNS IP address and leave the other (rest) blank as shown above. If you specify a second DNS IP that is not a Pi-Hole server, then ad blocking won’t work on some devices.
NOTE 2: If you’re using an Amplifi HD or any “clever” router, you’ll want to change the setting “Bypass DNS cache” otherwise the Amplifi will still remain the DNS lookup of choice on your network.
Pi-Hole Administration console
Use the next url http://pi.hole/admin/ to open the administration console. Alternatively you could also use the direct IP (example: http://192.168.0.100/admin/). Opening the web page you could view the status of the DNS queries allowed and those blocked.
Click on Login and use your DietPi Global Software Password (default:
dietpi). Go to Settings and select the Upstream DNS Servers.
Check if the upstream DNS is already set to
127.0.0.1#5335 (Unbound local address). If not, enable this setting and press Save.
Now that you have a fast and private DNS setup, it’s time to look at block lists, whitelists, and blacklists.
Block lists are maintained lists of bad domains providing ads, malware, tracking, and other unwanted traffic. I have 2.5 million domains from my various block lists, and some overlap. After installing Pi-hole roughly 30% of the DNS queries heading out of my house were blocked.
An issue with block lists is that unintended domains will get blocked, preventing you from accessing legitimate content. This is where whitelists come into play. A good resource for whitelists is the commonly whitelisted domain page: https://discourse.pi-hole.net/t/commonly-whitelisted-domains/212 and Anudeep’s whitelist project: https://github.com/anudeepND/whitelist
Sometimes will be needed to disable Pi-hole for a few minutes to test, then whitelist certain domains. In a short period you will have it nicely dialed in.
As the point of entry for 91% of cyber attacks, email is the biggest vulnerability. From malware to malware-less attacks including impersonation attacks, a single malicious email can cause significant personal damage and financial losses.
Blocking certain sites will prevent you from accessing online scams (via emails, online gift cards or ads). Please ensure you have loaded at least one such list – extended list from phishing.army or Malicious Lists from firebog.net. You can read more in APWG’s Phishing Activity Trends Report for Q3 2019.
If you need to update Pi-hole, run next command in the console:
More abouT DietPi
You can read more about Pi-hole and Unbound in the DietPi documentation website (link).
DietPi enables to quickly and easily install popular software ! Ready to run and optimised for your system ? Checkout the full list of applications here – DietPi Optimised Software,
Pi-hole and Unbound are great tools. You can use them to help keep your devices, your network, and your business or family safe and secure online.
You may be initially sceptical. Give it a try ! Come back here and tell us about the before-and-after experience. I bet you’ll be amazed on how many requests are blocked !