The best use that I’ve ever made of a Raspberry Pi micro computer was to install Pi-hole to create a Network-wide Ad Blocker and DNS Blackhole for my local network.
This system helps eliminate advertisements, trackers, malware, and other unwanted content, for all devices on my home network. When configured as the name server on the local network router, the pi-hole provides coverage for the entire network and blocking capabilities for computers, phones, tablets, TV/video streaming devices and all other systems connected to the router.
The above screenshot shows the web management interface for pi-hole, which can be accessed on your local network, after you have pi-hole installed, configured, and up and running. This web interface makes the pi-hole very easy to configure, manage and use.
I really enjoy checking the Pi-hole Dashboard regularly to see the Total queries, Queries Blocked, Percentage Blocked (always want this higher!) and the Domains on Adlists, which is all shown near the top. I also like looking at the bar chart graph over time to see when the network activity is the highest on my local network.
What is DNS?
The internet runs on the Domain Name System (DNS). Computers are good at using and remembering numbers and unique identifiers, but humans are not. DNS allows us to assign easy-to-use human names, such as wesleytech.com, to an IP address, like 74.208.236.59.
When you’re using the internet or browsing the World Wide Web (WWW) using a web browser, you typically attempt to navigate to a destination by entering in the human consumable DNS name for the destination you are attempting to reach. When you enter in the DNS name in your browser, your computer must “resolve” that name to an IP address (or a list of IP’s). This process returns the numeric IPv4 or alpha-numeric IPv6 internet address(es) for the domain, which your computer or device can then contact to request the resource that you are looking for.
Your computer typically asks a public Name Server for this information, which allows the computer to resolve the name to the IP address. This is called name resolution. A commonly used Public Name Server is 9.9.9.9, hosted by “Quad9”, a security focused company that blocks name resolution to dangerous and malicious domains.
What is a network wide ad blocker and DNS blackhole?
Instead of using a public name server, you can use your own local name server! This is where Pi-hole comes in. With Pi-hole, you can block the name resolution for domains that are known to host advertisements and trackers. Instead of returning the real IP address(es) for those domains, your Pi-hole DNS blackhole name server will return an unreachable address, like 0.0.0.0, as shown in the screenshot below.
When a browser/network device attempts to lookup the internet IP address for these advertisement and tracker assets, they’ll receive a response back from your local network name server (pi-hole) that the location is 0.0.0.0. This will prevent your browser from loading these assets and scripts, “black-holing” them.
Blocking these nasty advertisements, trackers, malware domains, and other sites that you denylist can speed up your web browsing experience, reduce distractions, reduce bandwidth usage, lessen CPU load, and help to preserve your security and privacy online.
Monitoring and tuning pi-hole
All DNS queries that pass through the pi-hole get logged to the “Query Log”, as shown in the screenshot below.
This Query Log gives you visibility into everything that is happening on the pi-hole and can help you troubleshoot issues, add domains to the allowlist (Whitelist), add domains to the denylist (Blacklist) and more.
There’s also a “Disable Blocking” option on the left-hand menu, which I frequently use to troubleshoot problems. If you suspect the pi-hole is causing a problem and you want to eliminate that variable, you can Disable Blocking for any amount of time, with built in options for 10 seconds, 30 seconds, and 5 minutes. You can also disable it indefinitely or for a Custom amount of time.
Pi-hole has become an invaluable tool for me on my home network, and I highly recommend it!