Pi-hole Ad-Blocking DNS
Purpose
Pi-hole is a DNS-level adblocking system. It resolves known advertising DNS names to 0.0.0.0 so the ad servers are never contacted.
You can choose to run Pi-hole on any supported system.
Using with Other Resolvers
You can configure the Pi-hole to forward all requests to your other resolver if you have set up an internal authoritative DNS resolver. Clients querying the Pi-hole will also be able to resolve FQDNs defined in authoritative zones on your other resolver.
Procedure
Install the OS
Install and update whatever operating system you are using to run Pi-hole.
Ensure the system has been configured with a static IP address.
Install Pi-hole
Pi-hole has different installation methods available.
Perform the installation on your target system and follow the prompts until Pi-hole is installed and running.
Configuring Additional Lists
Pi-hole uses a default set of built-in lists of known ad servers. You can add more lists to block more advertisers.
Click on the 'Adlists' button in the left navigation panel, then paste the site URLs into the 'Add new adlist' form and hit 'Add'.
Additional lists:
- DNSBlacklists
- AdAway
- NoTrackMalware
- First-party trackers
- OSINT DigitalSide
- PGL YoYo AdServers
- anudeepND
- Easylist
- HostsVN
- WindowsSpyBlocker
The FireBog ticked lists provide even more options for vetted adblock lists.
Configuring Forwarding
No Internal Resolver
If you have not set up an internal resolver to name your firewalled systems, your DNS traffic flow from a client to public resolvers looks like this:
graph LR
A[Client] --> B
B[Pi-hole] --> C
C[Public DNS]and no additional configuration is needed to use the Pi-hole.
With Internal Resolver
If you have set up an internal authoritative DNS resolver, your traffic flow from a client to public resolvers should look like this:
graph LR
A[Client] --> B
B[Pi-hole] --> C
C[Internal DNS] --> D
D[Public DNS]But it doesn't yet. You must configure Pi-hole to forward all queries to your internal resolver instead of recursing using public nameservers.
To set up your internal resolver as a forwarder in Pi-hole:
- log into your Pi-hole's web interface
- click on the 'settings' button in the left navigation menu
- click on the 'DNS' tab near the top of the page
- enable custom 'Upstream DNS Servers': enable 'Custom 1 (IPv4)' and set the IP of your internal resolver
- scroll to the bottom of the page and click on the 'Save' button
Configuring Clients
Configure your clients' DNS resolver to use the Pi-hole's IP address.
If you have a DHCP server, adjust the DNS resolver the server hands out in a lease to be the Pi-hole. The next time your clients refresh their DHCP lease, they should start using the Pi-hole as a resolver. If you specify multiple resolvers in your DHCP lease, your client may not always use the Pi-hole to resolve DNS names, and ads may appear on web pages.