Block Advertisements, Trackers & Malware using Pi Hole
I recently got myself a small form factor PC as a server to experiment with Virtual Machines & Docker. My priority was to get something small and didn't consume too much power. I found a neat little box and have migrated most of my services from the Raspberry Pi to this new server. I've finally retired my trusty Raspberry Pi running Archlinux of over 3 years and this new mini pc has become my new home server.
One of the first things I did after getting KVM working was to set up Pi-Hole, a shell-script based project that manages blocklists of known advertisements, trackers and malware. It replaces your networks DNS server so you get to block all the bad stuff for everyone in our network without them needing to install anything. I put up a screenshot of it on Facebook and I got a few people messaging me asking how I did that. I decided to write a guide to help anyone who wishes to deploy their own in their network.
The following instructions work on Raspbian Stretch and Ubuntu 16.04.3 onwards. It should also work on Debian, CentOS and Fedora as well with minimal changes to the instruction. This time I'll be attaching some screenshots of the steps as well for clarity. I will run the following steps as the
root user but you can also use
sudo if you want to. I just find running it as
root simplifies things alot.
A pre-requisite for setting this up is configuring your Raspberry Pi (or any other server) with a static IP. This is imporant because your devices need to know where the DNS server is on the network and it has to be reachable at all times. Configuring a static IP can be done by editing the OS specific configuration file OR by using your DHCP server to assign a specific IP to your server using its MAC Address.
This server's IP is the one you will need to add in your router's DHCP configuration where it says DNS entry. As there are different UIs as there a routers, this guide will not go through each of them. Perform a Google search for your particular brand and model of router to change the DHCP DNS setting.
- The following command downloads the installer from the net and proceeds to run it. Normally, you have to be careful about executing a script acquired from a remote source. I trust the work of these guys so I don't mind running it directly but if you are cautious, you can download the script first, inspect it then run it if you are satisfied.
curl -sSL https://install.pi-hole.net | bash
Once the script is downloaded and the necessary pre-requisite checks are done, the following screen will be displayed. Click OK to continue.
Pi Hole will warn you about setting a Static IP. Remember to set a static IP for your server manually or from your DHCP server. Click OK to continue.
Choose your preferred upstream DNS servers. The Pi Hole will direct all your queries to these servers to get a result. If Pi Hole gets a request for a domain that is in the blacklist, it will retun it from its own info instead of passing the request thus saving bandwidth. I prefer Level 3 DNS servers but you can choose any of the others as your preference. Click OK to continue.
Select the protocols to block. If you're not sure what these are, just leave them as they are. Click OK to continue.
Pi Hole will display your current IP and gateway. If they are correct, click OK to continue. Otherwise make any changes that is needed and restart the installation.
Pi Hole will warn you about possible IP conflict if you set the IP manually. This is JUST a warning. You can click OK to continue.
Choose to enable the web panel to view the statistics. You may choose to disable it if you want to control Pi Hole using the command line OR if you want to connect an LCD display to a Raspberry Pi but I prefer to leave the web panel enabled. Click OK to continue.
Choose to enable log queries. This is how Pi Hole can generate the pretty graphs for our consumption. If this is turned off, there will not be any graphs or info of any kind. Useful if you want to create a configure and forget device without caring about which domains are blocked. Click OK to continue.
Now that Pi Hole has all the necessary information, it will begin the installation process as follows. This process takes a while as it has to download and configure the tools on the server.
Once the installation is done, Pi Hole will provide a summary of the IP and URL for the Pi Hole Web Panel. If you have NOT configured this IP as your networks DNS yet, then use
http://<IP ADDRESS>/adminotherwise you can use
http://pi.hole/adminto access the web panel. Take note of the password given. You need this to log in to the web panel. This password is randomly generated during installation. You can change the password later by logging into the server and running
pihole -a -pwhere you can enter your own password.
Now you can check out Pi Hole Web Panel on your browser using the
http://<IP ADDRESS>/adminURL. This is an anonymous access which just displays the graphs and basic info. To unlock additional options, you must login first.
Click the login button on the left to gain ADMIN access. Use the password you got during installation to log in. Do note that this is done over plain HTTP which means anyone on the network can try and capture the password. However, if you are on a trusted network, you can safely disregard this warning.
Once you're logged in, you can see alot of new options. The one that interests us is the
Tools->Update Listswhich is used to update the blacklists.
To update the blacklists, click on the Update Lists button.
Once the process is complete, you can rest easy knowing that you're protected from those nasty advertisements and malwares.
And that's all you need to get your very own blocker up and running. The Pi Hole is configured to start automatically everytime so you don't have to do anything else to enjoy this goodness.
I hope this guide proves useful to all of you . Happy blocking! :smile: