You're very welcome.Originally Posted by Saracen
Of course you need a spare! After all, there are primary and secondary DNS settings for a reason right? Of course while the secondary isn't needed it could be doing all sorts of weird and wonderful things. I've even seen one as a VPN appliance but not sure I'd fancy that over USB speeds which is what the network port is capable of.
Mine is now 'installed'. I solved the PSU problem with a mains socket with a built in USB port that I happened to have in a 'come-in-handy' box. Of course the 20 minute job to swap it out with the existing double gang socket stretched to 2 hours after deciding I needed to replace the back box....
But its now tucked into a corner - just need to set it up so I can SSH into it
(\__/)
(='.'=)
(")_(")
Been helped or just 'Like' a post? Use the Thanks button!
My broadband speed - 750 Meganibbles/minute
Saracen - if you get the "unable to load FTL" error when you are installing pihole, you need to
edit /etc/resolv.conf
and addCode:sudo vi /etc/resolv.conf
where www.xxx.yyy.zzz is the ip address of your existing DNS service.Code:nameserver www.xxx.yyy.zzz
And once set up, it should be a simple matter to block Windows telemetry! (not an issue for me as I don't use W10)
(\__/)
(='.'=)
(")_(")
Been helped or just 'Like' a post? Use the Thanks button!
My broadband speed - 750 Meganibbles/minute
spacein_vader (06-10-2018)
Are you using Raspbian as the base OS? If so it already has SSH built in, you just need to add a file calledMine is now 'installed'. I solved the PSU problem with a mains socket with a built in USB port that I happened to have in a 'come-in-handy' box. Of course the 20 minute job to swap it out with the existing double gang socket stretched to 2 hours after deciding I needed to replace the back box....
But its now tucked into a corner - just need to set it up so I can SSH into it(no extensions,) to the root directory to enable it.PHP Code:ssh
In my experience that's only required if your home network is on something other than 192.168.0.X or 192.168.1.X. The Fritzbox defaults to 192.168.178.X and it took me a while to figure out!
Yes I am using Raspbian (usually its .ssh as a hidden directory) but I use a PKI pair to authenticate so I just need to copy those over and tweak the sshd.conf file.
Not necessary for the correct operation of pi-hole though - just saves plugging in a keyboard, monitor and mouse anytime I want to do something!
My resolv.conf was empty! (not even a localhost entry).
My home network is standard 192.168.1.0/24 so Im not sure what happened there
(\__/)
(='.'=)
(")_(")
Been helped or just 'Like' a post? Use the Thanks button!
My broadband speed - 750 Meganibbles/minute
Oh, that's inventive. Primary and secondary. Normally, I'd expect domestic management to glaze over about 30 seconds into explaining what DNS actually is, but if not, I love that primary and secondary line (and yes, I know there are P&S settings) and if all else fails, I can explain VPN's too.
One of these days, she's going to read a networking book, and then my bullpoop is really going to drop me in the .... ummm .... poop.
/Oh, hi darling. Didn't hear you creep up.
Were you reading over my shoulder?
OWWWW!
I guess you were.
spacein_vader (09-10-2018)
Just found this - apologies for the image - but it is sort of relevant...
(If not - I'll ban myself
https://blockads.fivefilters.org/acceptable.html
Probably a bit extreme - for me the line is crossed when there is more than on ad per page (which I can usually ignore) and pop-ups.
But the most irritating are the tracking ads - where if you look at something, every ad is pushing that item!
And this from the query log for the last 24 hours:
(top blocked domains)
And that was relatively light useDomain Hits
www.google-analytics.com 1436
e.crashlytics.com 556
ssl.google-analytics.com 325
msmetrics.ws.sonos.com 321
aax-eu.amazon-adsystem.com 195
ads.mopub.com 184
app-measurement.com 180
ads.nexage.com 152
fls-eu.amazon.com 142
iadsdk.apple.com 139
(\__/)
(='.'=)
(")_(")
Been helped or just 'Like' a post? Use the Thanks button!
My broadband speed - 750 Meganibbles/minute
I have been using pi-hole for a long time now, currently got around 658,000 domains in the blocklist. My DHCP scopes are configured to give out Pi-Hole as the DNS Server and Pi-Hole is the only thing that is allowed to make DNS Queries out to the Internet.
If you are looking for a list of suitable blacklists, check out https://firebog.net/ . The one with ticks work with no issues with Pi-Hole and have few false positives. I would suggest that all those under the malicious lists section get added to your instance.
A couple of extra ones to consider adding are:
https://isc.sans.edu/feeds/suspiciousdomains_Medium.txt
https://isc.sans.edu/feeds/suspiciousdomains_Low.txt
https://isc.sans.edu/feeds/suspiciousdomains_High.txt
There is also some tips on which domains to whitelist.
Last edited by GuruNot; 09-10-2018 at 09:34 PM.
One slight little snaggette - the Pi is quite noisy electrically, so it needs carefully siting - it halved my 2.4GHz wi-fi speed until I adjusted the routers's antennae!
(\__/)
(='.'=)
(")_(")
Been helped or just 'Like' a post? Use the Thanks button!
My broadband speed - 750 Meganibbles/minute
You can get cases that can minimise that if needed. What's your block percentage after a few days running?
It’s around 30% - that is with the stock blacklist. Google analytics is by far and away the most prominent.
I usually use 5.4GHz (0r wired) so the speed it isn’t really an issue (and my mobile devices don’t have much high bandwidth use anyway) just something I noticed doing a software update on one this morning.
(\__/)
(='.'=)
(")_(")
Been helped or just 'Like' a post? Use the Thanks button!
My broadband speed - 750 Meganibbles/minute
That doesn't shock me. Found anything on the top allowed list that you're not sure should be there? That's how I ended up blocking the various emissions my tv, Roku etc made.
No - nothing obvious - I wondered if things like the TV etc were, but the TV is about 7 years old and while it has an internet connection, it doesn’t seem to reporting back.
Just grabbed this from the query log
Top Blocked Domains
Domain Hits Frequency
www.google-analytics.com 3559
msmetrics.ws.sonos.com 1067
e.crashlytics.com 433
ssl.google-analytics.com 335
fls-eu.amazon.com 211
aax-eu.amazon-adsystem.com 163
ads.mopub.com 139
ads.nexage.com 129
www.googletagmanager.com122
s.skimresources.com 113
Interesting to see skim resources - a really pernicious (imnsho) form of sneakytising (tm) but one I thought had all but disappeared - or maybe my brain just filters them out!
It’s odd but I find I do seem to blank out ads on pages unless they are really intrusive, when they just irritate and generate very negative feelings towards the product (and the site) so pi-hole has a health benefit too! (My blood pressure!)
HEXUS gets the level of advertising just about right.
(\__/)
(='.'=)
(")_(")
Been helped or just 'Like' a post? Use the Thanks button!
My broadband speed - 750 Meganibbles/minute
Mine always seems to operate at around 30% Blocked .... Currently at 28.3% (683,527 domains in blacklist)
is this suitable for rookie level, never used linux? I mean before I buy a pi...
edit for that matter, any good textbooks for networking so I can properly set up this home network lark. I sometimes feel I don't know enough to do it properly.
It's pretty rookie friendly. At its most basic you put the "out of the box" pi OS on an SD card, type in one Linux command copied from the website and then make an alteration to 1 setting on your router.
You can then start to make more complicated if you want by adding blocklists and the like but you don't have to.
ik9000 (12-10-2018)
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks
Reply With Quote