-
Pi-Hole: Ad blocking at the network level
A new thread after I got a bit off topic regarding drill bits and ended up talking about a Raspberry Pi powered ad-blocking solution that you can setup once and covers your whole network. Interested? Read on:
Get a Raspberry Pi, stick a minimal install of Raspbian/DietPi on it and install Pi-Hole using literally one line of code:
Code:
curl -sSL https://install.pi-hole.net | bash
Essentially it works as a global ad-blocker for your entire network by becoming your DNS server. If a client requests a domain on its blacklist (lists can be added, or sites black or white listed individually, with wildcard support,) it instead answers the request itself with a 1x1 pixel white jpg. Curated blacklists are auto-updated once a week and the GUI reports on most blocked, most allowed etc domains so you'll soon notice anything untoward appearing. Once it's up and running just alter your routers DNS setting and you're done.
The big advantages over traditional ad-blocking are:
1. It affects all clients on the network, even those (printers, TVs etc.) that don't usually support ad-blocking software, or when your wife/husband/kids let their friends put their devices on your network.
2. Most websites don't detect an ad-blocker in situ as there isn't one on the device, minimising the 'please turn off your ad-blocker' stuff.
3. It can block things the OS either can't or won't, like Microsoft telemetry.
4. If you install Unbound as well, it becomes a recursive DNS, keeping a local DNS cache and only referring to authoritative name servers.
5. It's all open source.
The only downside I've found is that as it gets more popular some device makers/providers (Google, I'm looking at you in particular,) have started hard coding in their own DNS to the hardware. If your router supports it (anything commercial grade or capable of running DD-WRT or similar,) you can force it to redirect any DNS traffic to the Pi anyway.
(By Admin - I have moved and merged the old post, but the chronological order may be odd - but it’s worth it!)
Quote:
Originally Posted by Extracts from the previous thread - slightly edited
Quote:
Originally Posted by
Saracen
Oh tried that Audiobacon site but it doesn't like my adblocker, greys/fades out the site and puts a "please consider removing" message over about 80% of my screen.
Sadly, the "close" button doesn't work either, so it's add them to blocker whitelist, or beggar off. I beggar'd off.
They're, of course, entitled to prevent adblockers. But I use one by default, everywhere, and I'm entitled to decline to use their site, as I do elsewhere when this happens, rather than change my principles.
I do not want adverts, period. It'd have to be a site I desperately wanted, or needed to get me to unblock, and it hasn't happened yet. I even pre-record any and all TV I want on ad-carrying channels, and either skip ads, or more likely delete then entirely, before watching. That's how much I loathe adverts.
Quote:
Originally Posted by Spacein_vader
I may already be preaching to the choir here, but if not:
Strongly consider getting (or repurposing an existing,) Raspberry Pi, sticking a minimal install of Raspbian/DietPi on it and installing
Pi-Hole. Essentially it works as a global ad-blocker for your entire network by becoming your DNS server. If a client requests a domain on its blacklist (lists can be added, or sites black or white listed individually, with wildcard support,) it instead answers the request itself with a 1x1 pixel white jpg. Curated blacklists are auto-updated once a week and the GUI reports on most blocked, most allowed etc domains so you'll soon notice anything untoward appearing. Once it's up and running just alter your routers DNS setting and you're done.
The big advantages over traditional ad-blocking are:
1. It affects all clients on the network, even those (printers, TVs etc.) that don't usually support ad-blocking software, or when your wife/husband/kids let their friends put their devices on your network.
2. Most websites don't detect an ad-blocker in situ as there isn't one on the device, minimising the 'please turn off your ad-blocker' stuff.
3. It can block things the OS either can't or won't, like Microsoft telemetry.
4. If you install
Unbound as well, it becomes a recursive DNS, keeping a local DNS cache and only referring to authoritative name servers.
5. It's all open source.
The only downside I've found is that as it gets more popular some device makers/providers (Google, I'm looking at you in particular,) have started hard coding in their own DNS to the hardware. If your router supports it (anything commercial grade or capable of running DD-WRT or similar,) you can force it to redirect any DNS traffic to the Pi anyway.
Quote:
Originally Posted by
spacein_vader
I may already be preaching to the choir here, but if not:
Strongly consider getting (or repurposing an existing,) Raspberry Pi, sticking a minimal install of Raspbian/DietPi on it and installing
Pi-Hole. Essentially it works as a global ad-blocker for your entire network by becoming your DNS server. If a client requests a domain on its blacklist (lists can be added, or sites black or white listed individually, with wildcard support,) it instead answers the request itself with a 1x1 pixel white jpg. Curated blacklists are auto-updated once a week and the GUI reports on most blocked, most allowed etc domains so you'll soon notice anything untoward appearing. Once it's up and running just alter your routers DNS setting and you're done.
The big advantages over traditional ad-blocking are:
1. It affects all clients on the network, even those (printers, TVs etc.) that don't usually support ad-blocking software, or when your wife/husband/kids let their friends put their devices on your network.
2. Most websites don't detect an ad-blocker in situ as there isn't one on the device, minimising the 'please turn off your ad-blocker' stuff.
3. It can block things the OS either can't or won't, like Microsoft telemetry.
4. If you install
Unbound as well, it becomes a recursive DNS, keeping a local DNS cache and only referring to authoritative name servers.
5. It's all open source.
The only downside I've found is that as it gets more popular some device makers/providers (Google, I'm looking at you in particular,) have started hard coding in their own DNS to the hardware. If your router supports it (anything commercial grade or capable of running DD-WRT or similar,) you can force it to redirect any DNS traffic to the Pi anyway.
Quote:
Originally Posted by
Saracen
I had to read that twice to be sure I got it, but it looks to be VERY interesting.
I've never-owned a Pi, but it is something I've kept meaning to get around to, if only for a plag-around. This might well be just the place and reason to finally get around to it.
Off-topuc perhaps, but a wholehearedly appreciated off-topic, and one I am grateful for. Thank you. It is an approach I hadn't considered.
Damn. It seems you really can teach an old dog new tricks, after all. :D
[QUOT=spacein_vader]Although it's designed for a pi it'll run on any Debian derivative so you could put it on a PC or VM to evaluate. I decided against that as it's tested on the Pi and because it needs to be always on and a pi only pulls a few watts.
Quote:
Originally Posted by Saracen
Quote:
Originally Posted by
spacein_vader
.....
Starting to think I should have started a seperate thread...
Excellent idea.
Tell you what -- create a thread somewhere and point me (or another admin) at it I/they will copy or move these posts to it. I could do it all myself now, but then it'd show as my thread and, y'know, credit where it's due.
Also, good points about Pi power usage, etc. On an existing server might be better if you already have one running 24/7 anyway, but mine aren't. I turn them on when I need them and sometimes that's days, even weeks apart. Pi is definitely the route for me.
Quote:
Originally Posted by
peterb
Just thinking I could run it on my Fedora 28 based server...
Quote:
Originally Posted by sapacein_vader
A lot of organisations use it like that, it helps them minimise bandwidth use by multiple clients and there's nothing to stop them blocking *.facebook.com or whatever to minimise staff personal use.
Be prepared to get addicted to the stats screen at least for the first few weeks. Initially to see just how much junk is out there (my Pi currently has 591,999 domains on the blocklist and has blocked 88.4% of all requests it receives!) but also to see the top permitted domains to see what is happening on your network.
For example I've got 2 Roku boxes I use as end points for an Emby media server that lives in my garage, I like them and they're good devices. Turns out that as well as ads on the home screen both try to phone home to various logs.roku.com domains every 30 seconds. I've now blocked both the ads and the phoning home without compromising the usability (all the apps work and it can download software updates.) Next was something pinging netflix every 60 seconds. I don't use netflix. Tracked it back to the dormant app on my 7 year old 'smart' TV in the spare room.
Aside from the default blocklist I use a selection from a contributor called
Wally3k. They're coded with a tick for those that won't break sites, a cross that might block multiple useful sites and a > if they are reported to occasionally block something useful. I've only got the tick list ones installed but it depends how willing you are to add things to the whitelist and how much those who live with you will complain if the odd site won't work. SWMBO was slightly irked to see Google shopping suggestions don't work any more but soon got over it.
Starting to think I should have started a seperate thread...
-
Re: Pi-Hole: Ad blocking at the network level
It has been a long time since I did any real notworking - does this adhere to your router via a LAN connection into it's rear?
-
Re: Pi-Hole: Ad blocking at the network level
Quote:
Originally Posted by
philehidiot
It has been a long time since I did any real notworking - does this adhere to your router via a LAN connection into it's rear?
The pi uses a standard RJ45 connector so you can connect it to the network however you like. You can even do it via WiFi but that's not recommended.
-
Re: Pi-Hole: Ad blocking at the network level
I guess any of the later version Raspberry Pis will do ( with the built in ethernet) and as DNS requests are low bandwidth, 10/100 Mb/s would be fine.
-
Re: Pi-Hole: Ad blocking at the network level
Quote:
Originally Posted by
peterb
I guess any of the later version Raspberry Pis will do ( with the built in ethernet) and as DNS requests are low bandwidth, 10/100 Mb/s would be fine.
If you aren't using Unbound for recursive DNS then even a Pi Zero has enough grunt, the problem with using one of those is that they're Wi-Fi only. As you point out, DNS requests are low bandwidth but they are sensitive to latency which Wi-Fi isn't great for.
That said, if you don't already own a Pi you might as well get a 3+ anyway given the price differential between it and earlier versions. They all have the same network speed as the ethernet port is connected over USB internally anyway but for this use case it isn't a problem. Most people just seem to find a 1m patch cable and sit the Pi next to the router. Many modern routers also have USB ports on them as well, which can often be used to power the Pi. Works on my FritzBox anyway.
If you do have Chromecasts or some brands of smart TV that use a hard coded DNS server regardless of what the router tells them you can forward all port 53 traffic from the network to the Pi's IP address. Most higher end routers or those using Open-WRT, Tomato or similar can do this.
-
Re: Pi-Hole: Ad blocking at the network level
Note this doesn't have to run on a RPi either. I'm using it on my home server running Ubuntu 18.04.
It's quite interesting to see what's being allowed or blocked, for example regular traffic from my TV to log-ingestion-eu.samsungacr.com. I've blocked that now, god knows what my TV was reporting back...
-
Re: Pi-Hole: Ad blocking at the network level
Quote:
Originally Posted by
Bagnaj97
Note this doesn't have to run on a RPi either. I'm using it on my home server running Ubuntu 18.04.
It's quite interesting to see what's being allowed or blocked, for example regular traffic from my TV to log-ingestion-eu.samsungacr.com. I've blocked that now, god knows what my TV was reporting back...
https://phyks.me/2017/12/stop-networ...amsung-tv.html
https://www.consumerreports.org/priv...ping-features/
-
Re: Pi-Hole: Ad blocking at the network level
Quote:
Originally Posted by
Bagnaj97
Note this doesn't have to run on a RPi either. I'm using it on my home server running Ubuntu 18.04.
It's quite interesting to see what's being allowed or blocked, for example regular traffic from my TV to log-ingestion-eu.samsungacr.com. I've blocked that now, god knows what my TV was reporting back...
Yes, that was my first thought, running it on my Fedora powered server, but Pis are not expensive and separating a DNS function - which is pretty critical for the network - from the server seems a better solution.
Edit - and my Pi and a case has been ordered! I'm picking it up from my local RS Trade Centre this morning.
Just one thought
Many web sites rely on adverts to keep running. That includes HEXUS. Long term, the widespread use of these may result in more paywall websites and a reduction in content.
With regard to HEXUS, the advertising is not particularly intrusive, so you might like to whitelist the HEXUS adservers.
-
Re: Pi-Hole: Ad blocking at the network level
And picked up the Pi and a case - and got it working.
Installation was reasonably straightforward - my PSU for the Pi was a bit underpowered so it rebooted on loading the OS, and a DNS issue prevented on of the Pi-hole dependencies from downloading - but after that it was plain sailing.
It was necessary to renew DHCP leases from the router after I had changed the DNS settings (caused a couple of minutes head scratching) but seems to be up and running (and not blocking ads on HEXUS)
Seems to be blocking a few more things too - but analysis will have to wait.
Saracen - highly recommended.
-
Re: Pi-Hole: Ad blocking at the network level
Quote:
Originally Posted by
peterb
And picked up the Pi and a case - and got it working.
Installation was reasonably straightforward - my PSU for the Oi was a bit underpowered so it rebooted on loading the OS, and a DNS issue prevented on of the Pi-hole dependencies from downloading - but afte that it was plain sailing.
It was necessary to renew DHCP leases from the router after I had changed the DNS settings (caused a couple of minutes head scratching) but seems to be up and running (and not blocking ads on HEXUS)
Seems to be blocking a few more things too - but analysis will have to wait.
Saracen - highly recommended.
It's worth keeping an eye on traffic for a week or two, particularly the top domains allowed/blocked and Google any allowed ones you don't recognise to see if you should block them. Just discovered the laser printer I bought last week tries to talk to HP every hour or so.
In the drill bits thread (could someone merge the relevent posts into this one?) I linked to Wally3ks curated list of block list which is quite a handy resource.
It's worth knowing that some domains will increase in regularity when you block them. So my Rokus try to phone home every 5 minutes, but when it's blocked it tries again every 30 seconds so looks worse on the logs.
Did you set up unbound or are you still using external DNS servers? If so I'd recommend one that isn't Google and supports DNSSEC then enabling it on pi hole. Cloudflares 1.1.1.1 seems to be the current favourite for this.
Finally if you have any Android/Google devices I strongly suggest forcing all DNS traffic to the Pi.
-
Re: Pi-Hole: Ad blocking at the network level
Problem with the old drill bits posts is that they pre-date the first post here!
I didn’t set up unbound, but I use Zen’s DNS servers for the upstream DNS. I have now got my router (which is my DHCP server) serving the pinhole local IP address as the DNS server (which caused the head scratching until I renewed the DHCP lease on connected devices)
It was actually a lot simpler than it sounds!
I am now wondering whether to install it on my main server rather than leave it on the Pi.. I can see pros and cons for either!
-
Re: Pi-Hole: Ad blocking at the network level
Quote:
Originally Posted by
peterb
Problem with the old drill bits posts is that they pre-date the first post here!
I didn’t set up unbound, but I use Zen’s DNS servers for the upstream DNS. I have now got my router (which is my DHCP server) serving the pinhole local IP address as the DNS server (which caused the head scratching until I renewed the DHCP lease on connected devices)
It was actually a lot simpler than it sounds!
I am now wondering whether to install it on my main server rather than leave it on the Pi.. I can see pros and cons for either!
I'm also with Zen, didn't even check if their DNS supports DNSSEC but I'm using Unbound for my DNS now anyway. First time you go to an address there is a slight delay but once it's cached it's very quick.
I kept mine off my server, I see DNS as important enough to be independent. Occasionally I take the server (Ubuntu Server 18.04,) down to upgrade or tinker and I wouldn't want to pull down internet connectivity with it.
-
Re: Pi-Hole: Ad blocking at the network level
I’ve moved and merged the posts from the other thread - it’s a bit clunky but probably encapsulates everything (and cleans up the other thread :) )
-
Re: Pi-Hole: Ad blocking at the network level
Quote:
Originally Posted by
spacein_vader
I'm also with Zen, didn't even check if their DNS supports DNSSEC but I'm using Unbound for my DNS now anyway. First time you go to an address there is a slight delay but once it's cached it's very quick.
Yes, I might add that later - one step at a time!
Quote:
Originally Posted by
spacein_vader
I kept mine off my server, I see DNS as important enough to be independent. Occasionally I take the server (Ubuntu Server 18.04,) down to upgrade or tinker and I wouldn't want to pull down internet connectivity with it.
Yes, I’m tending to that PoV
-
Re: Pi-Hole: Ad blocking at the network level
Quote:
Originally Posted by
peterb
I’ve moved and merged the posts from the other thread - it’s a bit clunky but probably encapsulates everything (and cleans up the other thread :) )
I had planned to sort this today, so thanks for sorting it for me.
Now, if I leave out a bucket and some shampoo, the car needs a wash. It's outside HEXUS towers, between DR's Ferrari and Zak's Porsche Turbo. Can't miss it, the '04 Polo.
Don't forget the wheels.
/Ducks to avoid flying brick, then runs and hides.
Seriously, thanks Peter.
-
Re: Pi-Hole: Ad blocking at the network level
Also, while I'm thanking people, a big thankyou, hug and a kiss for spacein_vader.
This is a two-fer for me.
a) Looks like a damn good idea.
b) Been meaning to get a Pi to pkay with since, well, when they came out. I just haven't gotten a round TUIT. This is a perfect excuse ... I mean, reason, yeah reason, I need to get one of these. Plus maybe a spare.
Thanks, Mr Vader.
-
Re: Pi-Hole: Ad blocking at the network level
Quote:
Originally Posted by
Saracen
Also, while I'm thanking people, a big thankyou, hug and a kiss for spacein_vader.
This is a two-fer for me.
a) Looks like a damn good idea.
b) Been meaning to get a Pi to pkay with since, well, when they came out. I just haven't gotten a round TUIT. This is a perfect excuse ... I mean, reason, yeah reason, I need to get one of these. Plus maybe a spare.
Thanks, Mr Vader.
You're very welcome.
Of course you need a spare! After all, there are primary and secondary DNS settings for a reason right? Of course while the secondary isn't needed it could be doing all sorts of weird and wonderful things. I've even seen one as a VPN appliance but not sure I'd fancy that over USB speeds which is what the network port is capable of.
-
Re: Pi-Hole: Ad blocking at the network level
Mine is now 'installed'. I solved the PSU problem with a mains socket with a built in USB port that I happened to have in a 'come-in-handy' box. Of course the 20 minute job to swap it out with the existing double gang socket stretched to 2 hours after deciding I needed to replace the back box....
But its now tucked into a corner - just need to set it up so I can SSH into it :)
-
Re: Pi-Hole: Ad blocking at the network level
Saracen - if you get the "unable to load FTL" error when you are installing pihole, you need to
edit /etc/resolv.conf
Code:
sudo vi /etc/resolv.conf
and add
Code:
nameserver www.xxx.yyy.zzz
where www.xxx.yyy.zzz is the ip address of your existing DNS service.
And once set up, it should be a simple matter to block Windows telemetry! (not an issue for me as I don't use W10)
-
Re: Pi-Hole: Ad blocking at the network level
Quote:
Originally Posted by
peterb
Mine is now 'installed'. I solved the PSU problem with a mains socket with a built in USB port that I happened to have in a 'come-in-handy' box. Of course the 20 minute job to swap it out with the existing double gang socket stretched to 2 hours after deciding I needed to replace the back box....
But its now tucked into a corner - just need to set it up so I can SSH into it :)
Are you using Raspbian as the base OS? If so it already has SSH built in, you just need to add a file called (no extensions,) to the root directory to enable it.
Quote:
Originally Posted by
peterb
Saracen - if you get the "unable to load FTL" error when you are installing pihole, you need to
edit /etc/resolv.conf
Code:
sudo vi /etc/resolv.conf
and add
Code:
nameserver www.xxx.yyy.zzz
where
www.xxx.yyy.zzz is the ip address of your existing DNS service.
And once set up, it should be a simple matter to block Windows telemetry! (not an issue for me as I don't use W10)
In my experience that's only required if your home network is on something other than 192.168.0.X or 192.168.1.X. The Fritzbox defaults to 192.168.178.X and it took me a while to figure out!
-
Re: Pi-Hole: Ad blocking at the network level
Yes I am using Raspbian (usually its .ssh as a hidden directory) but I use a PKI pair to authenticate so I just need to copy those over and tweak the sshd.conf file.
Not necessary for the correct operation of pi-hole though - just saves plugging in a keyboard, monitor and mouse anytime I want to do something!
My resolv.conf was empty! (not even a localhost entry).
My home network is standard 192.168.1.0/24 so Im not sure what happened there
-
Re: Pi-Hole: Ad blocking at the network level
Quote:
Originally Posted by
spacein_vader
You're very welcome.
Of course you need a spare! After all, there are primary and secondary DNS settings for a reason right? Of course while the secondary isn't needed it could be doing all sorts of weird and wonderful things. I've even seen one as a VPN appliance but not sure I'd fancy that over USB speeds which is what the network port is capable of.
Oh, that's inventive. Primary and secondary. Normally, I'd expect domestic management to glaze over about 30 seconds into explaining what DNS actually is, but if not, I love that primary and secondary line (and yes, I know there are P&S settings) and if all else fails, I can explain VPN's too.
One of these days, she's going to read a networking book, and then my bullpoop is really going to drop me in the .... ummm .... poop.
/Oh, hi darling. Didn't hear you creep up.
Were you reading over my shoulder?
OWWWW!
I guess you were.
-
Re: Pi-Hole: Ad blocking at the network level
Just found this - apologies for the image - but it is sort of relevant...
(If not - I'll ban myself :) )
https://blockads.fivefilters.org/acceptable.html
Probably a bit extreme - for me the line is crossed when there is more than on ad per page (which I can usually ignore) and pop-ups.
But the most irritating are the tracking ads - where if you look at something, every ad is pushing that item!
And this from the query log for the last 24 hours:
(top blocked domains)
Quote:
Domain Hits
www.google-analytics.com 1436
e.crashlytics.com 556
ssl.google-analytics.com 325
msmetrics.ws.sonos.com 321
aax-eu.amazon-adsystem.com 195
ads.mopub.com 184
app-measurement.com 180
ads.nexage.com 152
fls-eu.amazon.com 142
iadsdk.apple.com 139
And that was relatively light use
-
Re: Pi-Hole: Ad blocking at the network level
I have been using pi-hole for a long time now, currently got around 658,000 domains in the blocklist. My DHCP scopes are configured to give out Pi-Hole as the DNS Server and Pi-Hole is the only thing that is allowed to make DNS Queries out to the Internet.
If you are looking for a list of suitable blacklists, check out https://firebog.net/ . The one with ticks work with no issues with Pi-Hole and have few false positives. I would suggest that all those under the malicious lists section get added to your instance.
A couple of extra ones to consider adding are:
https://isc.sans.edu/feeds/suspiciousdomains_Medium.txt
https://isc.sans.edu/feeds/suspiciousdomains_Low.txt
https://isc.sans.edu/feeds/suspiciousdomains_High.txt
There is also some tips on which domains to whitelist.
-
Re: Pi-Hole: Ad blocking at the network level
One slight little snaggette - the Pi is quite noisy electrically, so it needs carefully siting - it halved my 2.4GHz wi-fi speed until I adjusted the routers's antennae!
-
Re: Pi-Hole: Ad blocking at the network level
Quote:
Originally Posted by
peterb
One slight little snaggette - the Pi is quite noisy electrically, so it needs carefully siting - it halved my 2.4GHz wi-fi speed until I adjusted the routers's antennae!
You can get cases that can minimise that if needed. What's your block percentage after a few days running?
-
Re: Pi-Hole: Ad blocking at the network level
It’s around 30% - that is with the stock blacklist. Google analytics is by far and away the most prominent.
I usually use 5.4GHz (0r wired) so the speed it isn’t really an issue (and my mobile devices don’t have much high bandwidth use anyway) just something I noticed doing a software update on one this morning.
-
Re: Pi-Hole: Ad blocking at the network level
Quote:
Originally Posted by
peterb
It’s around 30% - that is with the stock blacklist. Google analytics is by far and away the most blocked!
That doesn't shock me. Found anything on the top allowed list that you're not sure should be there? That's how I ended up blocking the various emissions my tv, Roku etc made.
-
Quote:
Originally Posted by
spacein_vader
That doesn't shock me. Found anything on the top allowed list that you're not sure should be there? That's how I ended up blocking the various emissions my tv, Roku etc made.
No - nothing obvious - I wondered if things like the TV etc were, but the TV is about 7 years old and while it has an internet connection, it doesn’t seem to reporting back.
Just grabbed this from the query log
Top Blocked Domains
Domain Hits Frequency
www.google-analytics.com 3559
msmetrics.ws.sonos.com 1067
e.crashlytics.com 433
ssl.google-analytics.com 335
fls-eu.amazon.com 211
aax-eu.amazon-adsystem.com 163
ads.mopub.com 139
ads.nexage.com 129
www.googletagmanager.com122
s.skimresources.com 113
Interesting to see skim resources - a really pernicious (imnsho) form of sneakytising (tm) but one I thought had all but disappeared - or maybe my brain just filters them out!
It’s odd but I find I do seem to blank out ads on pages unless they are really intrusive, when they just irritate and generate very negative feelings towards the product (and the site) so pi-hole has a health benefit too! (My blood pressure!)
HEXUS gets the level of advertising just about right. :)
-
Re: Pi-Hole: Ad blocking at the network level
Quote:
Originally Posted by
peterb
It’s around 30% - that is with the stock blacklist.
Mine always seems to operate at around 30% Blocked .... Currently at 28.3% (683,527 domains in blacklist)
-
Re: Pi-Hole: Ad blocking at the network level
is this suitable for rookie level, never used linux? I mean before I buy a pi...
edit for that matter, any good textbooks for networking so I can properly set up this home network lark. I sometimes feel I don't know enough to do it properly.
-
Re: Pi-Hole: Ad blocking at the network level
Quote:
Originally Posted by
ik9000
is this suitable for rookie level, never used linux? I mean before I buy a pi...
edit for that matter, any good textbooks for networking so I can properly set up this home network lark. I sometimes feel I don't know enough to do it properly.
It's pretty rookie friendly. At its most basic you put the "out of the box" pi OS on an SD card, type in one Linux command copied from the website and then make an alteration to 1 setting on your router.
You can then start to make more complicated if you want by adding blocklists and the like but you don't have to.
-
Re: Pi-Hole: Ad blocking at the network level
Quote:
Originally Posted by
spacein_vader
It's pretty rookie friendly. At its most basic you put the "out of the box" pi OS on an SD card, type in one Linux command copied from the website and then make an alteration to 1 setting on your router.
You can then start to make more complicated if you want by adding blocklists and the like but you don't have to.
Absolutely. And if you should run into difficulties, there is a wealth of advice on the Pi-hole community forums and of course here!
If you buy a kit with the noobs software already on a microsd card, you could be up and running in an hour - and most of that is waiting for the operating system and the pi-hole software to download.
(noobs is just a basic interface to allow you to choose which end operating system you want - you would need Raspbian - but all the details are on the pi-hole webite)
-
Re: Pi-Hole: Ad blocking at the network level
If during the implementation of Pi-hole you hit any issue with your Windows 10 PC's , check out these articles for the various endpoints that services connect to, these lists coupled with the Pi-Hole Query Log should help you to work out what needs whitelisting:
https://docs.microsoft.com/en-us/win...dows-endpoints
https://docs.microsoft.com/en-us/win...prise-editions
https://docs.microsoft.com/en-us/win...prise-editions
-
Re: Pi-Hole: Ad blocking at the network level
Quick question, can this avoid ad blocking detection?
-
Re: Pi-Hole: Ad blocking at the network level
Quote:
Originally Posted by
TooNice
Quick question, can this avoid ad blocking detection?
It has done for me. I never see the "please turn off your ad blocker" messages some sites use. I guess they poll the browser for certain plugins or behaviour but as the block is occurring after the requests leave the PC the site's don't notice.
-
Re: Pi-Hole: Ad blocking at the network level
Has anyone tried running this in a VM? Is there any good reason not to?
-
Re: Pi-Hole: Ad blocking at the network level
Quote:
Originally Posted by
jim
Has anyone tried running this in a VM? Is there any good reason not to?
It means your VM has to be on all the time - running it on a Pi means its pretty much fit and forget and they are lower power devices.
-
Re: Pi-Hole: Ad blocking at the network level
Quote:
Originally Posted by
peterb
It means your VM has to be on all the time - running it on a Pi means its pretty much fit and forget and they are lower power devices.
This. It also means if you have an issue with either the VM or the host you lose DNS and everything associated with it.
-
Re: Pi-Hole: Ad blocking at the network level
Yeah I have a server running 24x7 anyway so seems like it might be a quick way of spinning it up and see how I go. I might see if I can get it up and running over the weekend.
-
Re: Pi-Hole: Ad blocking at the network level
Worth trying it on that, but for <£40 you can just put it on a Pi and forget about it!
-
Re: Pi-Hole: Ad blocking at the network level
As I enjoy watching the world burn, I use a plug in which clicks on every ad it can find (obviously without disturbing me).
Facebook has around 1,000 fake advert clicks currently.
-
Re: Pi-Hole: Ad blocking at the network level
Quote:
Originally Posted by
philehidiot
As I enjoy watching the world burn, I use a plug in which clicks on every ad it can find (obviously without disturbing me).
Facebook has around 1,000 fake advert clicks currently.
I used to use one of those, ad nauseum?
Websites do tend to notice it as an ad blocker though.
-
Re: Pi-Hole: Ad blocking at the network level
Quote:
Originally Posted by
peterb
Worth trying it on that, but for <£40 you can just put it on a Pi and forget about it!
You underestimate just how cheap I am Peter :mrgreen:
-
Re: Pi-Hole: Ad blocking at the network level
Quote:
Originally Posted by
jim
You underestimate just how cheap I am Peter :mrgreen:
Obvoiusly cheaper than a Rasberry Pi :p
-
Re: Pi-Hole: Ad blocking at the network level
Just came across
sb.scorecardresearch.com
as a pi-holed link in the admin log. Not easy to find out much about it, but info here:
https://www.theguardian.com/technolo...web-monitoring
So another one well worth blocking, although in fairness to the parent company, they do say that they require any of their clients using web beacons should announce the fact and list how they are used. Whether clients comply of course, and whether that compliance is monitored is another matter of course.
-
Re: Pi-Hole: Ad blocking at the network level
Quote:
Originally Posted by
jim
Has anyone tried running this in a VM? Is there any good reason not to?
I've a reasonably low power Intel NUC running ESXi that runs this alongside a couple of other VMs. Works fine!
-
Re: Pi-Hole: Ad blocking at the network level
Quote:
Originally Posted by
jim
Yeah I have a server running 24x7 anyway so seems like it might be a quick way of spinning it up and see how I go. I might see if I can get it up and running over the weekend.
If you already have a VM Host running then i see no point why not. If you were standing up a host just to run Pi-hole from an energy point of view you would be better off with a Pi. I initially had it running in a Container on my NAS , just to make sure it worked as anticipated, but that meant the NAS disks never spun down so I moved it off on to a Pi which is affixed to the bottom of my desk.
In other news, whilst browsing for something completely different I can across a different source of blocklists: https://energized.pro/ . The site has various lists, depending on your requirments, in various formats. The "domain list" variant seems to work fine with Pi-Hole.
-
Re: Pi-Hole: Ad blocking at the network level
Wow - so much choice! Please can someone direct me to which of the umpteen pi options on amazon is a good one to go for? Presumably one that comes with a case and has an ethernet port not just wifi? And I'm presuming the largest SD card with pre-loaded software on it?
This seemed good but is it overkill? It doesn't mention RJ45 but does seem to have a socket for it on the case. (or do I need an extra component?)
https://www.amazon.co.uk/CanaKit-Ras...dp/B07C7J8Z8L/
There's also this but I prefer the clear case. https://www.amazon.co.uk/ABOX-Raspbe...dp/B07DB8591S/
Presume it would also need an SSD - or is the SD card sufficient for this use?
-
Re: Pi-Hole: Ad blocking at the network level
Quote:
Originally Posted by
ik9000
Wow - so much choice! Please can someone direct me to which of the umpteen pi options on amazon is a good one to go for? Presumably one that comes with a case and has an ethernet port not just wifi? And I'm presuming the largest SD card with pre-loaded software on it?
This seemed good but is it overkill? It doesn't mention RJ45 but does seem to have a socket for it on the case. (or do I need an extra component?)
https://www.amazon.co.uk/CanaKit-Ras...dp/B07C7J8Z8L/
There's also this but I prefer the clear case.
https://www.amazon.co.uk/ABOX-Raspbe...dp/B07DB8591S/
Presume it would also need an SSD - or is the SD card sufficient for this use?
This will do
https://www.amazon.co.uk/Raspberry-P...i+3+b%2B&psc=1
You don't need an SSD - the SD card provides non volatile storage.
-
Re: Pi-Hole: Ad blocking at the network level
Quote:
Originally Posted by
ik9000
Wow - so much choice! Please can someone direct me to which of the umpteen pi options on amazon is a good one to go for? Presumably one that comes with a case and has an ethernet port not just wifi? And I'm presuming the largest SD card with pre-loaded software on it?
This seemed good but is it overkill? It doesn't mention RJ45 but does seem to have a socket for it on the case. (or do I need an extra component?)
https://www.amazon.co.uk/CanaKit-Ras...dp/B07C7J8Z8L/
There's also this but I prefer the clear case.
https://www.amazon.co.uk/ABOX-Raspbe...dp/B07DB8591S/
Presume it would also need an SSD - or is the SD card sufficient for this use?
A case is optional, or you can build one but a cheap one will be less hassle.
The Pi 2 and Pi 3 all have ethernet so opt for those over a Zero which doesn't.
They all run SD cards so no point getting an SSD. 8gb is ample for running PiHole and DNS as the underlying OS is only 2gb at most.
The most important thing with the bundles is that the power supply is up to it. It really wants to be rated at 2.5A to keep the 3 happy as otherwise they can drop out and reboot under heavy load.
-
Re: Pi-Hole: Ad blocking at the network level
Quick and potentially daft question.
This can be installed anywhere on a network right, as long as devices can reach it?
-
Re: Pi-Hole: Ad blocking at the network level
Quote:
Originally Posted by
Disturbedguy
Quick and potentially daft question.
This can be installed anywhere on a network right, as long as devices can reach it?
It can indeed. A pi is small enough to be tucked away out of site somewhere inconspicuous.
A friend of mine has a 4 port switch behind his TV for a sky box, a Roku and the TV itself. He added the PiHole in to the final switch there. Mine is in the (integral,) garage.
-
Re: Pi-Hole: Ad blocking at the network level
Quote:
Originally Posted by
Disturbedguy
Quick and potentially daft question.
This can be installed anywhere on a network right, as long as devices can reach it?
Yes - as Space_invader says, but for setting up you will need a USB keyboard mouse and an HDMI monitor. It really needs a static IP address on your network which you can either do at the router by binding the mac address to the IP address or just set a static ip address on the Pi.
But once set up, it can go anywhere on your internal network.
-
Re: Pi-Hole: Ad blocking at the network level
-
Re: Pi-Hole: Ad blocking at the network level
Quote:
Originally Posted by
peterb
Yes - ad Space_invader says, but for setting up you will need a USB keyboard mouse and an HDMI monitor. It really needs a static IP address on your network which you can either do at the router by binding the mac address to the IP address or just set a static ip address on the Pi.
But once set up, it can go anywhere on your internal network.
IIRC as part of the setup PiHole forces you to give it a fixed IP.
-
Re: Pi-Hole: Ad blocking at the network level
Quote:
Originally Posted by
spacein_vader
IIRC as part of the setup PiHole forces you to give it a fixed IP.
Missed that - maybe I already had - but I bound Mac to IP in the router.
-
Re: Pi-Hole: Ad blocking at the network level
Quote:
Originally Posted by
spacein_vader
It can indeed. A pi is small enough to be tucked away out of site somewhere inconspicuous.
A friend of mine has a 4 port switch behind his TV for a sky box, a Roku and the TV itself. He added the PiHole in to the final switch there. Mine is in the (integral,) garage.
Quote:
Yes - ad Space_invader says, but for setting up you will need a USB keyboard mouse and an HDMI monitor. It really needs a static IP address on your network which you can either do at the router by binding the mac address to the IP address or just set a static ip address on the Pi.
But once set up, it can go anywhere on your internal network.
Thanks, answer my question perfectly.
Building and re-doing my entire desk at home and may well add this under the desk to keep it out the way.
-
Re: Pi-Hole: Ad blocking at the network level
Quote:
Originally Posted by
Disturbedguy
Thanks, answer my question perfectly.
Building and re-doing my entire desk at home and may well add this under the desk to keep it out the way.
now there's a thought. that bit down the back by the wall where your knees don't reach is kind of dead space!
-
Re: Pi-Hole: Ad blocking at the network level
Quote:
Originally Posted by
ik9000
now there's a thought. that bit down the back by the wall where your knees don't reach is kind of dead space!
it arrived without heatsinks or case screws - is it safe to power up without them, or should I wait until I can get some delivered?
-
Re: Pi-Hole: Ad blocking at the network level
Quote:
Originally Posted by
ik9000
it arrived without heatsinks or case screws - is it safe to power up without them, or should I wait until I can get some delivered?
It doesn't need a heat sink, or case screws unless you're fixing it to a wall or the underside of a desk. It'll be fine to setup as a bare board.
-
Re: Pi-Hole: Ad blocking at the network level
The case should just clip together and the lid is deliberately loose for external connections which you won’t need in this application. But it should push on reasonably firmly. Remember the Pi was designed for experimental use for controlling physical things - but Pi-hole doesn’t need those.
The power consumption is about 10w distributed across all the onboard devices - including the wi-fi - so a heat sink isn’t necesssry. Air cooling on the chips in their naked state is fine!
-
Re: Pi-Hole: Ad blocking at the network level
Quote:
Originally Posted by
ik9000
now there's a thought. that bit down the back by the wall where your knees don't reach is kind of dead space!
Yup.
I'm in the process of building a new desk, my plan is to have as much hidden as possible.
I plan to have a network switch, HDMI switch and any other items small enough / light enough attached to the underside of the desk with all cabling that is visible, neat and tidied.
I'll post images in the workspace thread when done
-
Re: Pi-Hole: Ad blocking at the network level
Quote:
Originally Posted by
Disturbedguy
I'll post images in the workspace thread when done
looking forward to it!
-
Re: Pi-Hole: Ad blocking at the network level
ik9000 - got it working yet?
-
Re: Pi-Hole: Ad blocking at the network level
Quote:
Originally Posted by
jim
Has anyone tried running this in a VM? Is there any good reason not to?
I used too but had some problems with Pihole breaking something in dnsmesq on my Ubuntu VM. Now use the Official Docker image: https://hub.docker.com/r/pihole/pihole/
Hardly uses any resources on my unRAID server and has been running for months without issue :)
-
Re: Pi-Hole: Ad blocking at the network level
Quote:
Originally Posted by
peterb
ik9000 - got it working yet?
nope! It rattles around in the box so I'm ordering some screws. And the lack of heatsink makes me feel.... wrong. But the main reason for the lag is I've barely been in.
It's been interesting to read more about how it works. If I've read it right (and it's quite possible I haven't) but it sounds like you're essentially routing your traffic through their site and via their selected DNS server (which is 3rd party) but they get all the usage stats information. So that's a lot of data they can mine. (NB you need a paid account to not have as much of the tracking - but then everything is linked to your account, which is arguably worse).
It also loses the filtering you get with, say, openDNS if you apply their content filtering. It seems to me like you'd be better manually updating the block list onto your own piece of kit which filters it before it goes off to openDNS or whoever. Or have I missed something?
-
Re: Pi-Hole: Ad blocking at the network level
Quote:
Originally Posted by
ik9000
nope! It rattles around in the box so I'm ordering some screws. And the lack of heatsink makes me feel.... wrong. But the main reason for the lag is I've barely been in.
It's been interesting to read more about how it works. If I've read it right (and it's quite possible I haven't) but it sounds like you're essentially routing your traffic through their site and via their selected DNS server (which is 3rd party) but they get all the usage stats information. So that's a lot of data they can mine. (NB you need a paid account to not have as much of the tracking - but then everything is linked to your account, which is arguably worse).
It also loses the filtering you get with, say, open DNS if you apply their content filtering. It seems to me like you'd be better manually updating the block list onto your own piece of kit which filters it before it goes off to openDNS or whoever. Or have I missed something?
You have missed something. It intercepts DNS calls to your normal DNS server - filters out the DNS calls to ad servers - then routes the calls to your normal DNS server.
So lets say your PC uses open DNS. You set your PC to use the Pi as the DNS server, and the PI to use open DNS. You click on a link to <some ad ridden sight> which generates a lot of DNS calls - some to the useful content - others to various adservers.
The Pi returns a bland pixel to your PC for each adserver call, but otherwise drops it. The call to the content gets forwarded to open DNS in the normal way.
If your router acts as a DNS relay, you set it to point to the Pi so that all devices on your network benefits from DNS filtering. You can also add filters to any website manually so if you want to stop anyone accessing (say) Facebook - just add facebook.com to the blacklist.
Surprised it is rattling in the box - but I used a box from RS. You only need a heatsink if you are generating a lot of heat. The Pi doesnt with a total power consumption of < 10 watts!
You don't need to put in the box to get it working though - just place it on a bit of card and connect it up!
-
Re: Pi-Hole: Ad blocking at the network level
My Pi kit arrives tomorrow so hopefully will have some time over the weekend to get this up & running and see how well it works. Always wanted a Pi to play around with and now this is a good excuse!
-
Re: Pi-Hole: Ad blocking at the network level
My kit has just arrived, so I'll have a play with it over the weekend and get this set up.
-
Re: Pi-Hole: Ad blocking at the network level
Make sure to white list HEXUS ;)
-
Re: Pi-Hole: Ad blocking at the network level
Quote:
Originally Posted by
MLyons
Make sure to white list HEXUS ;)
Scouts honour promise that I will. :) i.e. it will teach me how to white list sites as I'm sure there will be others I need to whitelist.
-
Re: Pi-Hole: Ad blocking at the network level
The command to whitelist is: -
pihole -w forums.hexus.net
Although interestingly, the ad banner at the top still showed on the main forums regardless, but adding the whitelist enabled the one to my right of this reply box and an ad banner to the top in threads.
The web interface says my pi is currently as 48°C. I guess that's fine? It's in a case I got from https://www.amazon.co.uk/Raspberry-P...dp/B01CI5879A/
-
Re: Pi-Hole: Ad blocking at the network level
Quote:
Originally Posted by
Gerrard
The command to whitelist is: -
pihole -w forums.hexus.net
Although interestingly, the ad banner at the top still showed on the main forums regardless, but adding the whitelist enabled the one to my right of this reply box and an ad banner to the top in threads.
The web interface says my pi is currently as 48°C. I guess that's fine? It's in a case I got from
https://www.amazon.co.uk/Raspberry-P...dp/B01CI5879A/
That's fine temp wise. Mine tends to sit somewhere around 45-50c.
You can add to the whitelist through the webUI as well.
If the banner showed before it was probably because it was hosted directly by hexus rather than an ad syndicate.
-
Re: Pi-Hole: Ad blocking at the network level
Quote:
Originally Posted by
Gerrard
The command to whitelist is: -
pihole -w forums.hexus.net
Although interestingly, the ad banner at the top still showed on the main forums regardless, but adding the whitelist enabled the one to my right of this reply box and an ad banner to the top in threads.
The web interface says my pi is currently as 48°C. I guess that's fine? It's in a case I got from
https://www.amazon.co.uk/Raspberry-P...dp/B01CI5879A/
Yeah the ad in the banner shows for me too as does the one to right of my reply box (corsair ad) and i've not done the white list yet, but will do it in a min now you've kindly given me the command. :)
-
Re: Pi-Hole: Ad blocking at the network level
Quote:
Originally Posted by
MLyons
Make sure to white list HEXUS ;)
I found I didn't need to expicilty whitelist HEXUS - it worked as is out of the box (I did play with blacklisting the HEXUS ad server when I was in the 'lets fddlewith it" mode) and then removed it.
HEXUS ads are not intrusive anyway. :)
And to repeat an earlier post
Quote:
Originally Posted by
peterb
Just one thought
Many web sites rely on adverts to keep running. That includes HEXUS. Long term, the widespread use of these may result in more paywall websites and a reduction in content.
With regard to HEXUS, the advertising is not particularly intrusive, so you might like to whitelist the HEXUS adservers.
(But as stated earlier, they don't seem to be blacklisted anyway)
-
Re: Pi-Hole: Ad blocking at the network level
Would it actually matter in this case, or even be a bit better than just using Adblock? The site still thinks it's showing adverts via pi-hole and therefore would count as a view but would detect it being blocked via Adblock. So if I disable Adblock as I no longer need it, more sites would think they are getting views, even though I have no intention on clicking on any even if I saw them.
-
Re: Pi-Hole: Ad blocking at the network level
Quote:
Originally Posted by
Gerrard
Would it actually matter in this case, or even be a bit better than just using Adblock? The site still thinks it's showing adverts via pi-hole and therefore would count as a view but would detect it being blocked via Adblock. So if I disable Adblock as I no longer need it, more sites would think they are getting views, even though I have no intention on clicking on any even if I saw them.
The calls to the ad server are blocked by Pi-hole so the ads are never served - so it won't count as a view.
-
Re: Pi-Hole: Ad blocking at the network level
Of course, I was getting it backwards. I guess websites pick up Adblocker with a script that detects when the calls aren't made then.
-
Re: Pi-Hole: Ad blocking at the network level
pi up and running - and that rattle... :Oops: there are 4 clips on one side of the case. You need to swing the board in at an angle, then shuggle it a bit - and make sure the sd card isn't rolling around the case. That last bit is key.
:stupid:
any point installing ufw and/or fail2ban before reaching for pihole?
https://www.raspberrypi.org/document...on/security.md
-
Re: Pi-Hole: Ad blocking at the network level
It largely depends on how good the firewall in front of it is. If your router or network firewall is fairly robust you could do without, but it won't do any harm.
Ufw would be fairly simple, disallowing everything that doesn't come from the internal network and via port 43.
-
Re: Pi-Hole: Ad blocking at the network level
Quote:
Originally Posted by
Gerrard
Of course, I was getting it backwards. I guess websites pick up Adblocker with a script that detects when the calls aren't made then.
They normally use some JS to see if the element loaded by the ad is there. If the node in the DOM for the advert isn't there then they show the popup
-
Re: Pi-Hole: Ad blocking at the network level
I am very interested in this and have ordered the Raspberry Pi 3 Model B+ Value Starter Kit recommended by peterb. I am not much of a networking guru, but understand the basics. I have no previous Pi knowledge. My ISP is BT and I have "Superfast 2 Unlimited" and my current router is BT HomeHub 6.
The BT HomeHub 6 does not allow me to change the DNS settings, so I am going to have to change the router to one that will and works with BT FTTC Infinity 2 as the service was previously called. I am researching routers by Netgear, Asus, TP Archer, LinkSys etc, but would value suggestions/recommendations from you guys who know what you are talking about. Normal family internet stuff, I stream TIDAL and Spotify, and iPlayer and I want stable uptime and improved WiFi.
Many thanks......
-
Re: Pi-Hole: Ad blocking at the network level
I personally like the Draytek series - https://www.draytek.com/en/products/...or2862-series/
these give solid performance. You could buy a unit with built in wi-fi or get a base model and a ubiquiti access point - they are rock solid performnce - the AC lite version is ideal for a domestic set up.
-
Re: Pi-Hole: Ad blocking at the network level
Quote:
Originally Posted by
peterb
I personally like the Draytek series -
https://www.draytek.com/en/products/...or2862-series/
these give solid performance. You could buy a unit with built in wi-fi or get a base model and a ubiquiti access point - they are rock solid performnce - the AC lite version is ideal for a domestic set up.
I would argue that a Draytek recommendation comes with caveat that the UI is old and arcane and not helpful to anyone who is not well versed with networking in general. Not talking Cisco level arcane but certainly not friendly for the home user.
Asus or TP-Link Archer would get my vote, especially in the case of Asus as 3rd Party firmware is available for certain models which is truly excellent (Merlin firmware).
-
Re: Pi-Hole: Ad blocking at the network level
In other news I'm getting severe grief from SWMBO because and I quote:
"Whenever I click on the top search result and ads it doesn't work. Something about Google Lead Services denied."
Me: "Yes Honey, your unsafe web browsing habits have now been Pi-holed"
SWMBO: "Huh???? Whats unsafe about that?? What are you talking about, you shut your pi hole and stop buggering up the wi-fi!"
Teenage son:"Yeah I can't access some sites either, please turn whatever it is off!"
Me:"That's because some of your porn sites or links on those porn sites are blocked"
Teenage son says nothing, turns red and does a swift exit.
SWMBO: "Just sort it out or you'll be needing porn sites soon!"
So long story short the wife wants me to remove Pi Hole or at least not protect her unsafe browsing and she won't accept that what she's doing is not good.
-
Re: Pi-Hole: Ad blocking at the network level
Find out which sites she wants to visit and whitelist them (and ask your son to show him the sites he wants to visit!)
-
Re: Pi-Hole: Ad blocking at the network level
It sounds like your wife is trying to click on the advertising links that Google puts at the top of its searches for products. This will go through lead services so Google gets a cut for the referral. Often the next link down is an unpaid link to the same site.
-
Re: Pi-Hole: Ad blocking at the network level
Quote:
Originally Posted by
spacein_vader
It sounds like your wife is trying to click on the advertising links that Google puts at the top of its searches for products. This will go through lead services so Google gets a cut for the referral. Often the next link down is an unpaid link to the same site.
Yep 8 times out of 10 it's exactly that, however because she's predominantly a Safari user, those unpaid links often aren't the same immediately underneath. And she can't be arsed to keep scrolling :crazy:
Other times it's referral links embedded in others sites so it's just not practical to keep white listing them every time she comes across a different one as often I'm not there to do it.
She wont change her habits, I'm reluctant to expose our network to crap and malware.....Never the twain shall meet.
May have to put her devices on static IP's and send them to an alternative DNS.
-
Re: Pi-Hole: Ad blocking at the network level
I'm on safari - maybe change the default search engine to duckduckgo?
-
Re: Pi-Hole: Ad blocking at the network level
Well thanks for the pointers chaps, I have been doing a lot of research, reading and viewing reviews on lots of kit, and have a final shortlist of two routers, both Asus: the RC-AC88U or the RC-AC5300, both of which are good in their own rights and both have Merlin Firmware support.
Pi arrives from Amazon tomorrow. I am now looking for the VDSL Modem.
EDIT: Going with the DrayTek Vigor130 VDSL2 Modem.. all on order with SCAN, arriving Friday.
-
Re: Pi-Hole: Ad blocking at the network level
Raspberry Pi 3 Model 3+ up and running Pi-Hole and initial testing looking good.
At present only my laptop using it as DNS as I have to change the Router out to enable my own selection of DNS via DHCP for all devices on my network. I went with the Asus RT-AC5300 and the DrayTek Vigor 130 to replace my BT HomeHub 6. Delivered super efficiently by SCAN today.
-
Re: Pi-Hole: Ad blocking at the network level
Quote:
Originally Posted by
EtheAv8r
The BT HomeHub 6 does not allow me to change the DNS settings, so I am going to have to change the router to one that will and works with BT FTTC Infinity 2 as the service was previously called.
Sorry, a little late to this one. The pihole is built on top of dnsmasq which includes a perfectly good dhcp server. You could just disable the dhcp server of on HomeHub and use the pihole to serve dhcp with the relevant dns settings.
-
Re: Pi-Hole: Ad blocking at the network level
Quote:
Originally Posted by
matts-uk
Sorry, a little late to this one. The pihole is built on top of dnsmasq which includes a perfectly good dhcp server. You could just disable the dhcp server of on HomeHub and use the pihole to serve dhcp with the relevant dns settings.
OK I did wonder if that was possible, but moot now as new Asus RT-AC5300 and Vigor 130 in and running. Seems stable and the internet speed is slightly faster than the HH6, but WiFi not measurably better. The Asus is of course much more configurable, which is both good and bad (if/when I cock it up playing with settings). I do have the HH6 as a fall back option.
-
Re: Pi-Hole: Ad blocking at the network level
Quote:
Originally Posted by
peterb
Find out which sites she wants to visit and whitelist them (and ask your son to show him the sites he wants to visit!)
son :surprised: :embarrassed::undecided
dad :O_o1::eek:
some things are best not shared.
-
Re: Pi-Hole: Ad blocking at the network level
Quote:
Originally Posted by
EtheAv8r
OK I did wonder if that was possible, but moot now as new Asus RT-AC5300 and Vigor 130 in and running. Seems stable and the internet speed is slightly faster than the HH6, but WiFi not measurably better. The Asus is of course much more configurable, which is both good and bad (if/when I cock it up playing with settings).
Hmm. My personal view is that fancy WiFi routers are rarely worth the money.
Quote:
I do have the HH6 as a fall back option.
If you are feeling brave, and are handy with a soldering iron, the HH6 can be reflashed with LEDE/OpenWRT. Underneath the horribly dumbed down UI there is a not too shabby WiFi router trying to get out.
-
Re: Pi-Hole: Ad blocking at the network level
Quote:
Originally Posted by
matts-uk
Hmm. My personal view is that fancy WiFi routers are rarely worth the money.
If you are feeling brave, and are handy with a soldering iron, the HH6 can be reflashed with LEDE/OpenWRT. Underneath the horribly dumbed down UI there is a not too shabby WiFi router trying to get out.
In most instances I'd agree however the Asus ones around £100-150 tend to be very good once flashed with AsusWRT Merlin firmware. Having said that I'll soon be replacing my Asus RT-AC 87u with an Ubiqiti EdgeRouter Lite and hooking my BT Whole Home directly into that.
-
Re: Pi-Hole: Ad blocking at the network level
Quote:
Originally Posted by
matts-uk
Hmm. My personal view is that fancy WiFi routers are rarely worth the money.
.
thanks for that, my experience with the new setup seems to bear this out. I am getting quite a number of disconnect/reconnect outages, which is probably not a co-incidence.
Yesterday my internet dropped to a crawl, 4.5mps rather than my usual 68-70mps. Called BT who were VERY helpful, ran tests and requested I plug BT HH6 back in, which I did and speed returned to 70mbs.
They then held on the line whist I went back to the Asus/Vigor setup and again speed was back to 70mbs. so it seems I could/should have stayed with BT HH6 and run DHCP on the Pi-Hole and saved quite a bit of dosh.
What are the benefits of switching the Asus router to Merlin firmware? is it really worth doing?
-
Re: Pi-Hole: Ad blocking at the network level
Quote:
Originally Posted by
EtheAv8r
thanks for that, my experience with the new setup seems to bear this out. I am getting quite a number of disconnect/reconnect outages, which is probably not a co-incidence.
Ultimately, the problem you are up against is WiFi transmit power is tightly regulated. As WiFi access point technology is fairly mature, the difference between the poorest quality radios and highest quality radios is trivial. Multipath (MiMo) radios and high gain antennas can increase coverage a bit. Overall however, the system is usually bottle-necked by the client device radios, where form factors limit the efficiency of the antenna and sensitivity of the receiver. To significantly increase the range of the network, you need more radios, so clients are closer to access points...But as soon as you add a 2nd access point, you create a potential for issues at Layer 2 of the protocol stack.
Quote:
so it seems I could/should have stayed with BT HH6 and run DHCP on the Pi-Hole and saved quite a bit of dosh.
You could have spent the dosh much more effectively. Improving coverage has become a great deal easier since the mesh networking technology became affordable, only in the last 18 months. A Tenda MW6 triple pack is currently a steal.
Quote:
What are the benefits of switching the Asus router to Merlin firmware? is it really worth doing?
It's an OpenWRT/Lede derivative (fork). Unlikely to provide much in the way of increased speed or coverage, but will uncover many of the capabilities that home router manufacturers hide from you. Personally, I would leave the Asus as stock, e-bay it along with the Draytek modem, use the money to buy a mesh (so called Whole Home) kit.
-
Re: Pi-Hole: Ad blocking at the network level
I thought I'd give this ago today. I set up Pi-hole on an Ubuntu virtual machine on a Windows host and configured the router to intercept DNS requests etc...
Everything was working perfectly.
Except my Android phone was still showing ads.
After an entire afternoon of troubleshooting... I remembered to turn off mobile data...
The whole time, Pihole was blocking ads over Wifi/LAN like a champ, and the phone was then loading blocked elements over mobile data.
Being on PAYG, over the course of an afternoon I spent £3, purely downloading ads.
fml