Shut Your Pi-hole

Blocking ads and reducing traffic on your home-network can totally be done with $30 and an hour.

One of the things that bothers me about the internet is tracking and ads. Mostly I hate trying to read things like IMDB and having it take a minute (60 to 90 seconds) to load, because of ads.

Now I have nothing against ads! I use them on my sites to limited success. I click on them on Instagram from time to time. But the way many sites use ads and tracking is a little obscene to me. It makes it impossible to browse the net. And worse, the add-ons for our browsers don’t always work.

Enter the Pi-hole

I blame my friend Jan, who loves Raspberry Pi’s, for the thought. A Raspberry Pi is a mini computer. It’s the bare bones you need to computer. If you think about how small something like an Amazon Fire Stick is, you have the idea. They’re itsty. But they work. And they work because they have a stripped down operating system that does very little but the basics.

On top of that, we can add software like Pi-hole. A Pi-hole is custom software that watches your internet traffic and blocks ads before they get to your computer. It works by intercepting DNS traffic and checking it against blacklists. If something, like an ad network, is on a blacklist, it blocks.

Finding Your Pi

In order to build this you need a Pi. I bought a kit. I don’t want to hear about it. I don’t need more, I didn’t want more. I wanted, and I got, the basic kit that had what I needed. I bought a Vilros Pi Zero W, which means it’s the smallest, least extendable Pi out there.

The kit came with the following:

  • A Pi circuit board
  • A case (with three lids)
  • Rubber feet for the case
  • A heat sink
  • A camera connector (but no camera)
  • A 2×20 pin set
  • Adapters for HDMI and power and USB

In addition I bought an Ethernet connector because I didn’t want to use WiFi, and a mini SD card.

Putting it together is like LEGO’s, however there were NO directions. Did I need the pins? Did I need the camera? In the end, I attached the heat sink and left it at that. The pins only matter if I’m soldering things and I don’t want a camera.

Installing the OS

The tricky part here is normally people say “connect a monitor and keyboard…” but I didn’t want to do that. I don’t have a spare monitor (though I could use my TV and briefly did for a debug) and I don’t have a spare keyboard. All of this I did on my MacBook.

Go to the official page and download Raspbian LITE. This is the minimalistic version of the official operating system. Download the zip and open it. You’ll get an IMG file. Hold on to it. You also want to download an image builder. I used Balena Etcher, which is a free and open source tool to flash an SD card with an operating system. Or in layman’s terms, it installs that image you downloaded onto the card and magically makes it work.

Insert your SD card and run Balena. Tell it to install your image to the SD card. This takes about 5 minutes, depending on your systems. Once it’s done, you will need to eject the card and then reinsert it. This is because the MacOS can be tetchy. Once the disk is mounted on your Mac, you need to add an empty file called SSH to the main folder. This will allow you to SSH into the Pi when you’re done.

Plug It In

Okay! Now we go back to the hardware. Eject your disk from your Mac and insert it into your Pi. Put the Pi into the case and click it into place. Make sure the various ports line up with the holes. Once that’s in, put the lid on and attach the HDMI adapter (just in case), the Ethernet Adapter (and plug that cable in) and the power.

Your Pi will boot in a matter of seconds. Go get a glass of water. Come back. Now we’re ready to go!

Update All the Things

Before we install Pi-hole, we want to upgrade everything.

To do that we need to know our Pi’s IP. I went to my router’s web interface and scanned the list of devices for raspberrypi. It’s under the DHCP allocation table. Get the IP address of your Pi. With that address, SSH into your Pi.

ssh pi@

The default password is raspberry.

You will be shown raspi-config on first logging in. Press the number 2 and change the password to something better. If you want to run that screen later, you’ll need to run sudo raspi-config

Now we update! To update everything, run sudo apt-get update — this downloads all the things you need. Next you run the upgrader – sudo apt-get dist-upgrade – to install it all. If this fails, it will have advice on how to proceed. Read carefully!

We also want to install Git tools: sudo apt-get install git net-tools

And you may want to change your timezone: sudo dpkg-reconfigure tzdata

Install Pi-hole

You can one-line this, but I prefer to use git:

$ git clone --depth 1 pi-hole
$ sudo bash pi-hole/automated\ install/

This will take you through the installer. You’ll have some options to pick from:

  • Interface — I’m using eth0, which means wired Ethernet and not WiFi.
  • DNS — I picked OpenDNS but for most people Google is fine and reliable.
  • Blacklists — Accept the defaults.
  • Protocols — Most people will use IPv4. You’ll know if you use IPv6.
  • IP Address/Gateway – The system does a good job getting the IP of your Pi. The gateway needs to be the IP of your existing router.
  • Web Admin — Yes, we want the web admin.
  • Web Server – You want this if you picked yes for Web Admin.

Whew. That was a lot, right? And the install takes a bit (don’t panic if it stalls). You’ll get your password for the web admin in this process, so please make a note of it.

Configure Your Pi-hole

At this point, you can visit http://pi.hole/admin to get to your admin page. If that doesn’t work, try (changing that to your Pi’s IP) and that will get you in. It does not log you in. You can log in, and you’ll want to because we have to do some extra configuration.

Also it looks really cool:

The pi-hole admin screen.

If you’re lucky enough, your router lets you change the DNS servers. And if that’s the case, just change it to the IP of your Pi-hole. Done and done. However. If you’re like me and use the router that came from your ISP, you may be surprised to find out they don’t trust you in the slightest and you cannot change the DNS settings.

After you’re done swearing at your ISP, and you’ve decided you don’t feel like shelling out a couple hundred for a router that may or may not work, it’s time to play magic with DHCP.

DHCP (Dynamic Host Configuration Protocol) is the service that lets your router give all the devices on your local network (LAN) an internal IP address. It also handles all the traffic from your device to the rest of the Internet.

  1. Log in to your router and disable DHCP
  2. Log in to Pi-hole admin and enable DHCP
  3. Make sure the Router Gateway address is the correct IP for your router (if it’s not, nothing will work)

If you want to switch everyone over right away, reboot your router. If not, just wait for everyone to pick up the new service.

How Have You Pi’d Your Hole?

What extra tricks have you spun up? Do you have a perfect blacklist? Do you use it for a VPN as well? Did you figure out how to beat the AT&T modems into submission?

FYI. Do not reply to this post with “You should use X hardware instead” or even “You need own your own router.” Telling people they’re wrong about choices they made when the choices are perfectly valid is an 🍆 move. Be helpful and lift up. Don’t gatekeep.

For the people who still have questions, here are some useful posts:

%d bloggers like this: