What's new
  • Please do not post any links until you have 3 posts as they will automatically be rejected to prevent SPAM. Many words are also blocked due to being used in SPAM Messages. Thanks!

Pi-Hole

JD

Moderator
Staff member
Joined
Jul 16, 2007
Messages
9,010
Location
Toronto, ON
I'll spawn off a separate thread here since it seems like some of you guys are running them already...

I recently setup one too (in a VM) and have been sorting out the block lists I want to use the past couple weeks now. It's been pretty hard to not heavily impact services while still blocking "garbage" traffic...

I setup mine as a fully standalone DNS resolver so it does it's own queries directly without relying on Google, CloudFlare, etc along with enabling DNSSEC. How-to is here: https://docs.pi-hole.net/guides/unbound/

I'm currently using all the "ticked" lists from here: https://firebog.net/ along with this whitelist: https://github.com/anudeepND/whitelist. I've tried using some stuff from: https://blocklist.site/app/ but that seems to get into a lot of problems...

Off hand, Adobe Creative Cloud is blocked by most lists it seems. I also had ns*.omtrdc.net blocked heavily which prevented a bunch of domains from resolving. Ended up whitelisting those.

Curious to know what lists you guys run? Any issues in your cases?

My current block rate is around 36%. Still run AdGuard in my browser that picks up a lot, and from what I gather, Pi-Hole isn't as effective against ads as it once was.

And as a side note, I also run IP blocklists on my EdgeRouter, using this: https://github.com/WaterByWind/edgeos-bl-mgmt. That hasn't given any notable issues though as I'm really just using it inbound to prevent anyone "attacking" my open ports.
 

supaflyx3

Well-known member
Joined
Jun 12, 2010
Messages
3,001
Location
Langley, BC
I'll paste my lists when I get home. It's rather annoying but I whitelist anything I need manually, I still run in to things that should be whitelisted every day but I'd rather that over telemetry tracking and other crap. I don't have a resolver running however, I have PiHole running on a 3b so I'm not sure how well that would handle it. I might setup PiHole in a VM with a resolver running and use my 3b PiHole as a backup DNS server for when I take my server down for maintenance.
 

JD

Moderator
Staff member
Joined
Jul 16, 2007
Messages
9,010
Location
Toronto, ON
so you made something into a security gateway?
I guess you could kind of consider it like that. It's a secure DNS to help filter out "bad" traffic or things you don't want people accessing. Mostly to block telemetry, some ads, malware, etc. Also helps prevent your ISP from "spying" on you, assuming they don't forcefully capture port 53 traffic. Security comes in layers though, DNS is just part of that. That's why I also have the IP blacklists on my router too as another layer.

I don't have a resolver running however, I have PiHole running on a 3b so I'm not sure how well that would handle it.
Running unbound (first Google result being vibrators :haha:) doesn't really seem to eat up any CPU, it's really just the initial lookup and then it's cached. Some people claim really slow performance for that first lookup, but I haven't noticed anything. Even if I purge the cache, things still load quick. Memory usage stays under 1GB. I'm running it on Ubuntu Server LTS within Hyper-V. I'd suspect the rPi distros are slimmer than that.
 

supaflyx3

Well-known member
Joined
Jun 12, 2010
Messages
3,001
Location
Langley, BC
I guess you could kind of consider it like that. It's a secure DNS to help filter out "bad" traffic or things you don't want people accessing. Mostly to block telemetry, some ads, malware, etc. Also helps prevent your ISP from "spying" on you, assuming they don't forcefully capture port 53 traffic. Security comes in layers though, DNS is just part of that. That's why I also have the IP blacklists on my router too as another layer.


Running unbound (first Google result being vibrators :haha:) doesn't really seem to eat up any CPU, it's really just the initial lookup and then it's cached. Some people claim really slow performance for that first lookup, but I haven't noticed anything. Even if I purge the cache, things still load quick. Memory usage stays under 1GB. I'm running it on Ubuntu Server LTS within Hyper-V. I'd suspect the rPi distros are slimmer than that.
Good to hear, I have other services running on my Pi (NUT Server, OpenVPN etc) so RAM may become an issue, so I may just setup a VM again for that. Also here are all my blocklists:

https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
https://mirror1.malwaredomains.com/files/justdomains
http://sysctl.org/cameleon/hosts
https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist
https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt
https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
https://hosts-file.net/ad_servers.txt
https://dbl.oisd.nl/
https://phishing.army/download/phishing_army_blocklist_extended.txt
https://tspprs.com/dl/tracking
https://raw.githubusercontent.com/CHEF-KOCH/Audio-fingerprint-pages/master/AudioFp.txt
https://raw.githubusercontent.com/CHEF-KOCH/Canvas-fingerprinting-pages/master/Canvas.txt
https://raw.githubusercontent.com/CHEF-KOCH/WebRTC-tracking/master/WebRTC.txt
https://raw.githubusercontent.com/CHEF-KOCH/NSABlocklist/master/HOSTS
https://raw.githubusercontent.com/deathbybandaid/piholeparser/master/Subscribable-Lists/ParsedBlacklists/AakList.txt
https://raw.githubusercontent.com/deathbybandaid/piholeparser/master/Subscribable-Lists/ParsedBlacklists/Prebake-Obtrusive.txt
https://jasonhill.co.uk/pfsense/ytadblock.txt
https://raw.githubusercontent.com/HenningVanRaumle/pihole-ytadblock/master/ytadblock.txt
https://raw.githubusercontent.com/anudeepND/youtubeadsblacklist/master/hosts.txt
https://raw.githubusercontent.com/anudeepND/youtubeadsblacklist/master/domainlist.txt

and my pihole stats.

With those lists I was able to block ads on youtube via Chromecast (I think, I don't recall seeing any ads if I chromecast to my TV) however youtube ads are still present on my phone, & the youtube app on my TV. The youtube app on my TV also seems to crash when an ad tries to play in the middle of a video, but that could be unrelated. So be aware of that if you use my lists you may need to play around with it a bit and whitelist a couple things.
 

JD

Moderator
Staff member
Joined
Jul 16, 2007
Messages
9,010
Location
Toronto, ON
Hmm, I'll give those YouTube lists a shot you have there. Wouldn't mind clearing the ads up on my Android TV boxes.

But like tonight, Uber Eats wouldn't let me checkout, so now I need to figure that out... just flipped to LTE so I could order :whistle:
 

supaflyx3

Well-known member
Joined
Jun 12, 2010
Messages
3,001
Location
Langley, BC
Haha what I normally do I grab my laptop and keep refreshing the query log to see what's being blocked on the device as I'm trying to access it, and unblock things that don't look like telemetry or ads
 

Sagath

Moderator
Staff member
Joined
Feb 7, 2009
Messages
3,959
Location
Edmonton, AB
A friend wasnt using his old 2B, so he gave me it. I've installed DietPi, and put pihole on it. Works amazing, and I'm super happy with it so far.

The only (minor) issue I'm having is I'd like to get the clients list working more effectively. Currently my router (192.168.1.254) is directing to the pihole (192.168.1.101) for DNS only, not DHCP. Is there an easy way to change this so I can see individual clients rather than them all comming from .254?
 

JD

Moderator
Staff member
Joined
Jul 16, 2007
Messages
9,010
Location
Toronto, ON
A friend wasnt using his old 2B, so he gave me it. I've installed DietPi, and put pihole on it. Works amazing, and I'm super happy with it so far.

The only (minor) issue I'm having is I'd like to get the clients list working more effectively. Currently my router (192.168.1.254) is directing to the pihole (192.168.1.101) for DNS only, not DHCP. Is there an easy way to change this so I can see individual clients rather than them all comming from .254?
Does your router let you adjust what DNS servers it sends to clients (usually in the DHCP options)? Otherwise you'll have to manually set your devices to use 192.168.1.101 as their DNS.
 
Last edited by a moderator:

Sagath

Moderator
Staff member
Joined
Feb 7, 2009
Messages
3,959
Location
Edmonton, AB
Yep. I set the DNS on the router to 101, but I miswrote in my first post. What I maybe wasnt clear about is on the pihole all the statistics show .254 as the 'hosts' for blocking rather than the individual clients. This makes it tougher to see whats being blocked where, or not blocked where as I cant see what client is actually making the requests to pages.
 

Twitter

Top