You must log in or register to comment.
I’ve been thinking of setting one up for a while, if I have a home server would I be better off hosting it on that or as a separate device? What are the alternatives to a raspberry pi? They’ve shot up in price over the years.
If you have a server running, I wouldn’t buy more hardware. They have good example documentation for just such a configuration:
https://docs.pi-hole.net/docker/
If your server already has those ports bound (specifically the DNS port 53) you are going to have to get creative; otherwise it’ll work well!
Worst case, a cheapo pi 3 will do the job. At one point I had it running on a pi zero, so hardware requirements are pretty low.
If your using docker and the ports are bound you can just use the network mode host so the container gets it’s own ip. It’s how I have adguard running on my unraid server
edit: Sorry I mixed up the details as @starkzarn@infosec.pub pointed out. It’s a macvlan configuration. My intention was to point out it’s possible. Here’s some documentation https://docs.docker.com/engine/network/drivers/macvlan/
Thanks, PoopMonster, that’s a good tip!
That’s not how that works.
network_mode: hostshares the network namespace with the container host, so it doesn’t do any NAT, it only exists on the host’s IP. It would be akin to running a natively installed app, rather than in a container.macvlannetworking is what gives a container its own IP on the logical network, without the layer of NAT that the defaultbridgemode networking that docker typically does.Thanks for the clarification I had mixed up the details and went to check my containers. You sir are correct. I added some documentation to my post regarding macvlan network creation.
I personally like it on a dedicated Pi simplly because I don’t want DNS to die if i’m doing other server maintenance. the Pi is pretty much set it and forget it.
But i guerss you might as well try it on your server first and you can always buy a Pi if you find it to be too much of a pain.
I put it onto my home server and it is working great. I can’t tell you about all the options, but it was so easy to start another VM for it that I didn’t look at other options too carefully.
if you’ve already got something running 24/7, you could just put it there. it doesn’t need much for resources.
pihole does not need it’s own box. it can run as a container (docker instructions in the official docs) or in a small vm.
i have two small vm running dietpi and used that to install pihole. i fully expected to run a few more things on them, that’s why i chose dietpi–just have never gotten that far (it’s only been like three years now).
Setup and run two.
This way if one goes down, the other takes over (also makes updates / maintenance easier)
I run mine on a Intel N100 based mini PC from Beelink running Proxmox. It’s just about the only thing it does at the moment so I’ve had no concerns about bottlenecking.
It’s much more powerful than a pi and costs a not too dissimilar amount to one after you factor in a case, storage, power supply.
I recommend having two. Otherwise your home internet goes down everytime you update or reboot or it crashes.
Interesting… And this is not a criticism, simply an observation…
I’ve a single Pihole instance running on a RPi 4 and have experienced not a single instance of any of the 3 probs you mention. Except, of course, the very few minutes it takes for a reboot which I can schedule and am aware when it’s happening…
🤷♂️
I didn’t have a problem on my Pi-hole for a very long time too. OP has that probably because s/he’s using it as a DHCP server as well.
Certainly possible though not so versed in Pihole capabilities that I can imagine how that happens…
My DHCP is handled by an EdgerouterX…
My Pihole is limited to DNS only.
deleted by creator
Right, I didn’t have any issues running it on a pi for years too. The problems came when I started messing with things. So, really my advice is to help save people from ideas like mine.
I decided one day to take a bunch of old laptops and create a proxmox cluster out of them. It worked great, but I didn’t have a use for them, I was just playing. So, I decided to retire the pi and put the pihole on the cluster. HA for the win!
I did that and came woke up a few days later to my family complaining that they had no internet. I found the pihole container on a different node and it wouldn’t start. Turns out with proxmox you need separate storage for HA to work. I had assumed that it would be similar to jboss clustering which I’m familiar with, and the container would be on all the nodes and only one actice at a time, with some syncing between nodes. Nope.
What’s worse is the container refused to move back to the origional node AND wouldn’t start. The pi was stored away at this point so I figured it would be easier to just create a new container, but duh, no internet. Turn off dns settings on the router, bam have internet.
Eventually set up the old pi again, and it took me a while to figure out what I had done wrong with proxmox. But while I was figuring it out it was nice to have the backup.
Now I always have two running on different hardware, just in case.
The problems came when I started messing with things
🤷♂️
I’ve a single Pihole instance running on a RPi 4 and have experienced not a single instance of any of the 3 probs you mention. Except, of course, the very few minutes it takes for a reboot which I can schedule and am aware when it’s happening…
Yeah, I believe it can vary depending on how you host it.
In my experience whenever I brought down the PiHole instance (Docker Compose) I would lose all internet access, which is expected since I’m essentially taking away my devices one and only library, so to mitigate this I spun up PiHole on another device and set that as my secondary (backup) DNS resolver.
This way I can take a container down, update it and all without losing resolution to the internet.
Mine never crashed until the latest major update, now it’s down every time I come home. Am mad
Yep, if you have somewhere to put a docker container or VM you can have redundancy.
honestly don’t find it necessary. raspberry OS basically never needs to be rebooted and if you really need planned maintenance you can just use a normal DNS server til you’re done.
Right, I never said two raspberry pis, I meant two instances. Like one pi and a container run elsewhere.
Huh? Typically you have a secondary DNS entry on your router
And what do you set that secondary DNS entry to? Operating systems may use both, so you need the secondary to point to a pi hole or else you’re letting ads through randomly.
I have two piholes - they serve different DHCP ranges (e.g. 1-100 and 101-250), and option 6 references each other.
Secondary DNS is not for redundancy!
The way secondary DNS works is that a client distributes DNS requests across the primary and secondary DNS servers. So if you have pihole as your primary DNS and, say, 8.8.8.8 as your secondary DNS, you’re sending half of your DNS requests to google unfiltered. And if your pihole DNS goes down, half of your DNS queries time out.
The way to have redundancy with DNS is with a standby server that takes over the IP of the primary server if it goes down. You can do this with keepalived.
Yes especially if you’re using DHCP on Pi-hole
Adguard Home has been absolutely rock solid for me, and it offers DoT and DoH servers so you can easily connect devices over those protocols if you want to.
I just use their free public option. It’s basically as good as pihole. With pihole I still got some ads. I still get some like this.
Great, I recommend having two Adguard Home instances.
deleted by creator
Misleading statement. It doesn’t block “traffic”, it blocks DNS requests… you don’t know how much traffic this corresponds to.
Correct. The payload of DNS requests is tiny compared to, say requesting a webpage. So there might not be a huge decrease of bandwidth usage reduction. However, having 66.6% less DNS requests is still a win. The router/gateway doesn’t have to work that hard because of the dropped requests.
It isn’t so much about the payload of the DNS requests, but about the content that would have been loaded if the DNS request hadn’t been blocked.
If you load a page that has 100kB of useful information, but 1MB of banner ads and trackers … you’ve blocked a lot more than 66%. But if you block 1MB of banner ads on a page that hosts a 200MB video, you’ve blocked a lot less.
Also a 66% blocked percentage seems very high. I have installed pihole on 2 networks, and I’m seeing 1.7% on my own network, but I do run uBlock on almost everything which catches most stuff before it reaches the pihole, and 25% on the other network.
I run a handful of instances across different networks, 1.7% is suspiciously low, you should make sure you’ve got the right lists. I like HageZi’s
Of course, because ads have zero bandwidth. /s
Are you an idiot?
As per the article
on my own network a whopping 66.6% of all traffic is blocked
I stated it’s actually 66.6% DNS requests being blocked, not the raw bandwidth utilization. Raw bandwidth savings (by not downloading the non-zero ads) would be much lesser.
Can’t we be nicer on the internet?
No, raw bandwidth savings would likely be very significant. You do realize that for many webpages the ads are most of the bandwidth? On my network (I have capped internet so this is important) if I run dns ad blocking my total bandwidth is 40% less.
I’m not sure whether it makes sense trying to discuss with you but let’s try…
You couldn’t know how much traffic you saved because you didn’t load the ad. The ad could be 1KB, 1MB or 1GB, but because you didn’t load it you wouldn’t know it’s size. Without knowing it’s size, you wouldn’t be able to calculate the savings.
As mentioned somewhere is in the thread you would have to directly compare two machines visiting the same pages and even then it’s probably only approximate because both machines might get served different ads.
I’ve compared average monthly bandwidth before and after implementation of dns based ad blocking and it has reduced my usage from anywhere from 33% to 45%.
They have been implying that ad blocking only saves the dns request, which is the most ridiculous ignorant claim I’ve ever seen.
You can easily find out. 2 machines (even virtual machines) one set it’s DNS to the PiHole, one not.
Both hit the same sites in the same order. Compare network traffic.
That’s only for a single case comparison. You can’t draw statistically meaningful conclusions about what percentage of traffic the pihole has blocked over a longer period of time.
Don’t fall for the trap that they recommend an expensive Pi 5: I am running Pi-hole on a Pi 2 but you can basically run this on obsolete hardware, whether that’s a Pi or a PC/laptop
Can confirm. I have 10 year old pi2 that is dedicated to pi hole and even that is not utilizing all of its 1gb of memory
The beauty is that you can shove Pi in it of course.
Is it possible to do something like this with a newer router? My wireless-G router is finally dying after 20 years, and if I need to upgrade it’d be nice to wrap it all in one.
You can do it with any router by manually configuring devices, but one that lets you advertise the PiHole IP as the DHCP DNS option makes it a lot easier.
OpenWrt with AdGuard Home is one option. Big fan of the former, haven’t used the latter
I haven’t installed it direct on my router. I used to have it running in a container on my little proxmox server (aka old PC repurposed). I really liked the interface.
Then I was practically gifted a really nice Asus router. I flashed merlin-wrt to it and read some guide on how to install a different ad blocker. It’s really good whatever it is. I haven’t had to touch it in months, and I never see an ad.
Ive I’ve a pi hole running, but I’m not sure if it’s worth the hassle. To me it feels like it breaks more things than it helps.
If it’s websites that are breaking, maybe you are using some really aggressive blocklist. Also, you can use multiple blocklists and assign clients to them however you please.
I took fell into the 7 million sites blocked trap!
What issues do you have?
Any reason to use this instead of a free NextDNS?
Local hosting
Additionally you have control over it. Sure, you don’t need local since you’re using it in conjunction with the internet. You control it though. You decide entirely what you want to trust and don’t have to delegate that trust as much.
Raspberry Pi 1b > DietPi > Pi-hole > Unbound <3
I never hear anyone else talk about dietpi, I install that more than raspbian
That was a great read. Really enjoyed that.
Anyone have recs for a site that I can pick up simple hardware for this purpose. Maybe not a pi but like a nuc? Or a refurbed.
Take an old PC or laptop out of the box-o-crap, install Ubuntu server, give it a fixed IP address, install pi hole with the one line command from their website, tell your regular PC that the laptop IP is your DNS server.
This is the easiest way to play around before rolling out to your whole network.
deleted by creator
You can try refurb NUC or mini PC on Amazon with N100 that you can find easily between $150-$200 range.
Getting an error trying to access this:
https://den.dev/blog/pihole has a security policy called HTTP Strict Transport Security (HSTS), which means that Firefox can only connect to it securely. You can’t add an exception to visit this site.
Perhaps it’s blocked for you.
I use adguard home in conjunction with NextDNS.
I find adguard a little better in the UI department. Have it in a docker container so it’s a set and forget.
phrasing
Nothing in this article describes it solving any problem that isn’t better solved by an ad blocker. In fact they even admit that you still need an ad blocker anyway. So why bother with the pi hole?
Excellent question. You can set the Pi-hole as a default DNS provider on your router which will the set it as a DNS provider for any device connected via DHCP (which in a home network should be basically everything). This means ads will be blocked across all devices and apps instead of just your browser where you installed adblock.
Thanks for clarifying. In my case that’s basically zero gain then cos all my devices have ad block in their browsers and I generally either use apps that have no ads or use revanced to remove them
That means you can play free games on your phone and have no pop up ads.
You can use Netflix ads tier and crave ads tier and the pi hole blocks them It’s amazing!!
Does that also work with a VPN?
