November Workshop: Running the Pi-hole Network-wide Ad-blocker, and more(blog.cryptoaustralia.org.au) |
November Workshop: Running the Pi-hole Network-wide Ad-blocker, and more(blog.cryptoaustralia.org.au) |
I am running this for four years now in different incarnations and it is generally smooth. It was also quite educational to assemble.
[1] https://github.com/StevenBlack/hosts
[2] [3] dnsmasq isn't necessary as dnscypt-proxy is now able to block domains and IPs and of caching requests. I am using dnsmasq mostly for dhcp and to spread traffic among two dnscrypt-proxy clients and Google DNS.
You don’t need to use a Raspberry Pi either, If you have an old computer lying around you can repurpose it for this task. I just like using the Pi because it’s tiny, super cheap, fanless and consumes very little electricity.
Also dnscrypt-proxy has an option to download a bloc-klist from sources (I haven't used it). If on Mac you are using Murus it also has an option of regular downloading of a selected block-list as well as blocking traffic form selected countries. The tricky part is to select right list for you..
The only issue I have is its installer works on a bare system. I prefer to use the Pi as a multi purpose system: for home-assistent, as unifi controller and for pi-hole. It will costs you some time to get it running with all the pi-hole features (auto update and so on) operational.
https://www.raspberrypi.org/blog/docker-comes-to-raspberry-p...
Then install pi-hole inside docker:
https://hub.docker.com/r/diginc/pi-hole/
Obviously port 53 needs to be mapped externally - port 80 inside the container you can map to something else, and then use nginx on the host to redirect to that port.
Been using this list for several months now without any issues.
Besides that, it's worth reading in to dnsmasq's configuration in more detail, in the end pi-hole is just a preconfigured dnsmasq installation with a user interface to manage hostname based blocklists.
https://github.com/stangri/openwrt-packages/blob/simple-adbl...
Although very good at what it does (almost too good in fact) it is a blunt instrument that may or may not suit your needs.
Just be aware that running an open resolver on the Internet's can make you a source for a DNS amplification attack. I ended up just using a firewall rule.
then one day power went out, and my sd was corrupted.
(I know, I should have had a backup. I want the internetz to work when I return home in the evening, not to flash-try-format-reinstalldebian etc)
btw, I tried using pihole on a VPS and everything was perfect
?? do rpi's cost an absurd amount in australia or something?
(I've always got all of that, and I still get grumpy when people talk about the "$5 Pi Zero" - I've never been able to get a bare Pi Zero in my hand for anything less that about $13US which is close to $20AUD...)
It is very annoying when companies like valve charge considerably more for digital goods though. For really expensive software like Photoshop it used to be cheaper to fly to the USA buy it and return home then buy locally.
The general recommendation is setting up OpenVPN (or similar) and make Pi-hole listen on the tunnel interface.
Luckily, the Pi-hole project is publishing a guide for this: https://github.com/pi-hole/pi-hole/wiki/OpenVPN-server:-Setu...
I've used a hosts file for a while (MoAB) but it was a pain whitelisting because you have to edit the package. reboot your phone and reinstall with adb. However, when using mobile data my phone totally ignored the hosts file.
Once a client asked if it were possible to block all internet ads in their infrastructure. 20 minutes later i had a pi-hole up and running quite well.
I would like a better chronometer script though :)
The advantage is that you can eliminate any ad, also if it is embedded in the content, and not served from an ad-server.
Google ads can be extremely useful when you're looking for something generic. But I am happy to have Pi-hole block them 95% of the time.
I do wish I could completely turn off 'admin' in Pi-hole since I run it on my LAN. Then I'd probably bookmark the "disaable for 1 hour button".
Which is probably possible anyway, just haven't dug into it.
It also offers finer grained blocking since it works on the hostname of a site (and also the URL path for unencrypted traffic) Privoxy is also lightweight enough to run well on a RPi.
Though, TBH, this still does not work due to either aggressive DNS caching by the OS or the browser. Even flushing it or switching browsers does not always fix it. Not sure why.
Most benefit I get for my phones, tablets, and Smart TV with the DNS-block.
I've been getting trinkets shipped here from AliExpress for nothing - I'm not sure it's economies of scale.
If I don't need either of those, a 2nd hand office grade pc can usually be had for the same price as a Pi3 around here.
'No less' is implying they're both bad. It is a subtly ambivalent statement.