Pi-hole, the network advertisement, and malicious address blocker

I have been using Pi-hole on my personal network since 2018. I originally set it up as a curiosity to see how it worked as a network-based advertisement blocker sounded pretty unreal. Although originally made for Raspberry Pi’s, Pi-hole can be used on other OSs too. I have it running on both an RPI3 and a Ubuntu VM, it doesn’t need much in resources for most applications.

The purpose of Pi-hole is to block known URLs that you might not want. You set Pi-hole as your DNS server in your router. When a DNS query is made to Pi-hole it attempts to match what’s on its lists, if it matches that DNS query gets dropped. The contents of these lists are typically advertisers, information warehouses as well as malicious URLs. It comes by default with a few of these lists which are curated for certain purposes but there are many other maintainers of these lists all with different purposes. I personally have added about 10 of these loaded into Pihole some more general and others with more specific purposes like malware or fraud. If the content that gets dropped happens to be a URL that deals with advertisements that were on your lists then the request would never make it to its destination and you would not get served the content for the advertisement.

The difference between Pi-hole and let’s say a browser plugin like Adblock is Pi-hole does this for the whole network. Anything that is using DNS and goes through the Pi-hole gets filtered accordingly. This means devices that don’t have blocking capabilities like TV’s and other devices on your network are being affected by this. You might be shocked at how much your smart devices send data back home about you. This can help prevent that by blocking known information gathering warehouse URL’s.

So now you see how Pi-hole is much more than an adblock tool and can protect your personal data from leaking out of your network. But it can also prevent you from malicious intentions too. Say some malicious code like a ransomware kit is trying to phone home from inside your network to a URL but happens to be blocked, chances are this might prevent you from having a very bad day with a ransomlocked computer. Since the bad people were not able to execute and get the encryption key the attempt to lock your computer may fail.

I mentioned earlier I was using two Pi-holes, the reason for this is redundancy. I have two DNS servers specified in my router and use a project called Gravity-Sync to make sure both the Pi-holes are in sync. Now I can update one of them and both will have the change I made. I hope in the future the Pi-hole project gets this feature added in natively.

I also added another project to the mix called Unbound. When making DNS calls outside my network it now uses DNS over HTTPS. This helps secure the DNS requests by encrypting them. As the internet has been evolving to be more secure many websites have moved over to HTTPS but surprisingly DNS has not. This adds those extra security features to your DNS traffic leaving your network.

Pi-hole is not without issue though. The default lists and especially other lists as you start adding them will start blocking things you need. One example is I use Google Analytics on my websites to see user traffic. analytics.google.com is blocked as that’s also an information gathering site. So I had to make an exception for that one. You will find little caveats like this and have to make decisions if letting that service gather information about you is worth the benefit of what they offer. It will take some time and effort to tune Pi-hole when you first set it up.

This is all a high-level overview of Pi-hole works to get you interested. There is much more to it such as an optional DHCP server, client group management, whitelists/blacklists and data retention to help you manage everything. It’s been a great piece of mind having it on my network and I hope you all will give it a shot too.