How to evolve your network to be ad-free with Pi-Hole®

Follow this 15-minute comprehensive guide on how to build your ad-blocking server

This is the Raspberry-Pi Zero W, a new variant of the immensely popular Raspberry-Pi Zero ($10) (Courtesy of Harrison Broadbent on Unsplash)

Introduction

I first stumbled upon this project back in the early days when companies were adopting the ad-based business model, which meant more and more ads. But as I navigated through their Github Repository, I figured it was too hard to implement, and then my laziness took over. But alas, here we are now in 2020 where advertisements are almost everywhere you go, growing at an exponential pace with no desire to stop, we have reached a stage where it is essential to implement this ad-blocking system as I have had enough with these youtube ads that just seem to be creeping through the small window of the video you are watching that reach a point where you just don’t want to use the internet anymore. And so, I went ahead and ordered myself the Raspberry-Pi Zero W and started setting up my server.

Different Raspberry-Pi Models you can use for this project with the latest being the Raspberry Pi 4 (not listed here)

Now actually implementing this is pretty straightforward, but being a Linux amateur, I encountered a lot of issues and problems. Still, having a strong background in CS, I was able to navigate myself through dozens, and dozens of StackOverflow threads and subreddits and god knows how many open forums to finally derive this perfect in-depth walkthrough on how to set up this server while also applying a bit of my knowledge so you won’t have to. Even if you don’t need it, it can be a cool mini-project to work on if you are bored, which can be very useful and which can also be emphasized in the future. So now that you are all ready and mentally prepared let’s get started!

First Steps: Setting up your Raspberry-Pi

Now just to clarify, you technically don’t need a raspberry-pi for this project. You can run this on any Linux compatible system or even a Docker container, which allows it to run from devices such as the Synology NAS (Network Attached Storage). But I would go for the raspberry pi as I wouldn’t want to keep my computer running all the time and since it’s better suited towards this mini-computer. As surprising as it is, the requirements for this server is :

Hardware :

• 52MB of free space
• 512 MB RAM

Software (Officially Supported) :

• Raspbian: Jessie/Stretch
• Ubuntu: 16.04 / 16.10
• Debian: 8 / 9
• Fedora 27, 28, 29
• CentOS: 7 (not ARM)

Supported Operating Systems

So like I said, don’t stress too much about what model to buy as my Raspberry Pi Zero can handle this with ease. So now what you will need is :

Power Adapter (5V), Rasperry-Pi Model of your choice, Ethernet dongle and cable (if needed, also works with wifi if supported by model) and an SD card with 4GB of minimum storage (Photo: Linus Tech Tips)

Also please, keep the board protected, you can either use a DIY protective box like shown in the image above or buy a protective casing from Amazon #noad

Step 1: Setting up the SD Card

So now that you have all the tools needed, let’s set up the SD Card. Now most laptops, don’t have an SD card port, so by default so you will need an SD/MicroSD card reader as the board utilizes a MicroSD. Once you got that, connect the MicroSD to the computer and format the card.

*Most SD Cards ordered from official raspberry pi vendors come with a variant of Linux installed, typically NOOBS, but just to make sure you learn and know what you are doing, it is recommended to format the card.

You can either use the native format option or download the SD Card Formatter software to format the MicroSD card entirely and delete all partitions.

Once that is done, download the balenaEtcher software to burn the raspberry pi os image, which we will download right now.

Get the Raspberry Pi OS Lite as it takes minimal space and install balenaEtcher

Once the zip file is downloaded, burn the image into the MicroSD card like so.

Flash the image into the MicroSD card and then eject your microSD card and plug it back in, and it should be called “boot.”

Once that is done, we have to add an ssh file since we are doing a headless install so that we can connect to our pi wirelessly. This is only targeted towards individuals who have this feature on their pi.

[Left] How the contents of the boot drive should look ;[Right] Adding the ssh file, make sure it has no extensions and is an empty file

If you don’t know how to make an extensionless file, download the ssh file from here. Next, we have to add a wpa_suppliant.conf. In the file, enter the following content :

country=ca
update_config=1
ctrl_interface=/var/run/wpa_supplicant
network={
 scan_ssid=1
 ssid="Network_Name"
 psk="Network_Password"
}

If you are having issues making this file, download it from here. Keep in mind both these files need to be in the boot drive.

An additional point to take note of is to change the EOL Conversion (if not already) to Linux, so it is compatible with the pi

2. Setting up the Raspberry Pi

Now you can safely connect your raspberry pi after ejecting and inserting the SD card into it, like so and make sure the power cable is connecting to the port closest to the end of the board.

It may take 2–15 minutes to boot up and install the OS depending on your wifi connection.

Meanwhile, install the following programs that will allow us to connect with the pi through ssh.

Install Bonjour Print Services which helps us detect devices in our network and PuTTy for actually accessing the terminal

Now access your routers configuration settings, which you can accomplish by typing the default gateway of your router on your browser (i.e., https://192.168.0.1/). Still, if you don’t know this address, you can check behind your router or search up online (i.e., Hitron router configuration) or just download Angry IP Scanner. If what we did was successful, you should see your raspberry pi connected to the internet.

If you see the raspberry pi, it means that we were successful, and it is connected to the internet. Take note of the IP address of the pi.

Now we can open the PuTTY command centre and input the IP address of the raspberry pi like shown in the image before or entering raspberrypi.local

Make sure the port is 22 as the pi is listening through that and that the connection type is ssh.

After executing this, you should see a terminal window open as well as a security alert asking to add the server’s key to PuTTy’ s cache as it is the first time connecting via ssh.

[Left] Click yes when this prompt shows up; [Right] To login, the default username is ‘pi’ and the default password is ‘raspberry’

Once logged in and good to go, we need to make some configuration changes, but first, you need to promote yourself to superuser (root) which you can do by using the following command :

sudo su #intializes user as root

Next, enter the command :

raspi-config # will allow you to edit settings

This window should show up :

You can change your password and hostname needed when logging in as well as setup overclocking and edit timezone settings.

Just to be organized, once at the menu, navigate to 7. Advanced Options and click ENTER, then select ‘Expand File System’ so the pi properly configures your SD Card. Quickly reboot your pi by using the command :

sudo reboot # reboots pi with updated settings

And log in the same way you did above but use the new hostname or password if you changed during configuration.

Now just to update packages, run the following commands :

sudo apt-get update && sudo apt-get upgrade -y

This may take a while, so get some coffee or go for a quick run, and once this is done, we are ready to finally install PiHole as the raspberry pi is finished setting up.

Final Step: Installing PiHole 😊

Begin installing PiHole dependencies by this one line of code

Make sure to enter this command as a root user which you can become :

sudo su

To establish PiHole use :

curl -sSL https://install.pi-hole.net | bash

Once you start seeing prompts, just enter through them

Setup Static IP Adress

PiHole requires the server to have a static IP address

The reason you have to set up a static IP address is that your router’s DHCP server is responsible for assigning IP Addresses to each device and can sometimes replace your IP Address with some other one that can cause issues with the PiHole server. Therefore, we need to set up a static IP.

There are two ways to do so, but first, we need to navigate to our router configuration panel, which you can find more instructions on the internet once you do so note down the default gateway and range of your IP Addresses.

Note the range (i.e : 192.168.0.10–192.168.0.200) and the Gateway (192.168.0.1)

Now we can either :

1. ) Navigate to the DHCP Reservation option of our settings and just reserve a specific IP address for the Pi which cannot be taken away from you by the router and given to someone else, allowing you to run the server

This involves pointing the Pi’s MAC address to your desired IP address in the range noted in the picture above (i.e., if your range is 192.168.0.1 to 192.168.0.200, you can only choose an IP address in that range)

2.) Just remember the range of the IP address selected by your router, and we can continue with the setup, we can configure that later

Tip : if you are using DHCP Reservation, you might as well just use a static IP (Option 2)

If it asks to select an Upstream DNS Provider, you can select anyone you want, Google is the default, but I am personally using Cloudfare for its speed and security

Default blocklists integrated with the pihole

Select both the blocklists and enter.

For the selection of protocols, you could select both IPv4 and IPv6, if supported by your router.

Static IP Address

Now it will show you a page where it asks if you want to use your current network settings (IP Address) or change it. If you locked in your IP address with DHCP Reservation, you could enter yes and pass-through, but if you went through step 2, let’s make some changes.

If you selected Option 2, select no on this page

Now, remember the range of IP Addresses your router supports and choose any IP Address with the same prefix (192.168.0.xxx). You can only modify the xxx part and make sure that it is not in the IP range. So if the IP range is 192.168.0.10 and 192.168.0.200, then you can choose something like 192.168.0.5 to be your static IP as it does not interfere with your router settings.

[Left] Enter desired IP Adress keep the /24 to indicate that the x of 192.168.0.x is the value being changed; [Right] Make the gateway the same as it is in your router settings

[Highly Recommended]: You will have the option to install the web admin interface/webserver which is incredibly useful and would be a no-brainer to get

And now you should get a screen like this :

You can now access the web-console with the following URL and password.

So, the pihole is finished setting up and is running, but it requires just a few adjustments to be 10x.

Firstly run the command :

pihole -a -p #to change your password for the web console

Now we need to decide how you want this server to function and block ads; there are three options :

1. ) Pointing your router’s DNS settings to the raspberry pi’s IP address which is running the Pihole server to get the network-wide implementation
2. ) If you can’t configure DNS settings, setup Pi-hole as the DHCP server, which I recommend as you get more comfortable with the web console
3. ) If you can’t do either or don’t want all your network traffic routed through the pi, you can manually configure specific devices to point to the pi to get ad blocking and security on them

Let’s see what each option offers :

1.) Pointing router DNS settings to PiHole Server

This option will configure your router to direct all internet traffic through the server providing you with adblocking and security for the entire network. One downside is that if the pi is down, the wifi is down unless you configure the DNS settings back to normal. All you have to do is navigate to the router settings panel and input the IPv4 and if supported IPv6 addresses of the pi into the DNS settings.

Point the DNS to the IP Address of the raspberry pi running pihole, if it requires both the DNS fields enter the same address or else leave the second field empty like shown

2.) Setup PiHole as DHCP Server

Setting up the Pihole as a DHCP Server ensures that nothing can go wrong when running the server as now the PiHole as taken responsibility to assign IP addresses to each client and now making it visible to see what traffic is going to what device, which is not visible for the other two options. The only downside is that like the first option, if this is down, then the entire wifi is down, and since devices rely on the DHCP server to assign IP addresses, no devices would be able to connect. But otherwise, it is no different from the first option, providing service across all devices connected to the network but instead also having additional visualizations.

I personally recommend to utilize this option

Enable DHCP Server under the settings and DHCP tab

Now for this to succeed, you need to remember the range of the IP address to hand out and the default gateway, which you can get from the router configuration panel.

Now pay attention, before you disable the DHCP server of the router, enable the DHCP server of the pihole and then after that disable the DHCP server of your router

Disable only after allowing the DHCP server on the pihole

3.) Manually route individual device traffic through the server

In this method, you need to manually change the DNS settings on each device you want to run through the pihole server.

Navigate to the wifi settings by selecting the wifi network and configure DNS, the same way we did for the router in Step 1, but in this case, only on the phone or other devices you might want to use

Now the PiHole server should be up and running, and you can test it by going to a website you usually get ads on, and you will notice now you don’t.

This tedious and challenging process has paid off yayy! But how do I enhance the adlists to block more content? By default, you are only blocking about 80,000 unique domains, but there is so much more than that so let’s get to work and add some malicious links and ad links as well as any other links you would want to be blocked, whether it be pornography or the dark web. This way, no one can access these websites.

Some adlists, I would recommend is :

https://hosts.oisd.nl/
https://filterlists.com/
https://firebog.net/

From https://filterlists.com/ and https://firebog.net/ you could just copy the links of the elements that you would like to block like so :

Select Links to add to adlist

You can then add these links to the pihole adlist manager by navigating to the settings tab and then adlists. You can then paste them into the field :

Add Links to the adlist.

You can then navigate to the PuTTy terminal and run the following command actually to update the gravity database, so your changes come into effect :

pihole -g #update the gravity database

This might take a few minutes, but once it is done, you can verify that the server is up and running via this command :

pihole -status #check status

Over time as more ads get blocked, your admin interface should look a bit like this.

The fantastic thing about this interface is that it shows the temperature, load and memory usage this process is having on your pi. If you are running multiple processes on your pi other than this, get an external accessory like a heatsink, which can redirect the heat produced from the processor to prevent it from any sort of throttling and is also helpful when you are overclocking your pi.

And that’s it! We are done setting up the PiHole. Feel free to add any more links to the list or unblock any as there are cases where there are false positives.

If you try to block tracking and ads from sites such as Facebook and Google, it will affect the other services such as Messenger and, in terms of Google, pretty much everything ranging from Gmail to Youtube, so make sure to keep updating the gravity database and whitelisting certain domains.

If you got what you came for, you could just skip the section below where I explain how this process works, but if you are interested, keep on reading.

How does this server work

Now that we have set everything up to be up and running, you may be like how does this work? Is it magic? You may be confused, if you are not, then yay! But let me still clear this for you. So typically, when you visit a website like The Verge or even Speedtest.net, you will type the link and see the webpage load but with loads and loads of advertisements. To be more specific, when you type a web address, your computer sends a request to a server to find out where this link is located (i.e., phone book, address book) and relays this information to the computer. So it starts sending pings to this webpage and begins downloading it so that you can see it. Still, it also runs other queries in the background where it is asking the server where to find domains like doubleclick.com, http://b.scorecardresearch.com/. It begins downloading their elements as well, which are used to display ads, so not only is that taxing to your wifi if you have a fixed quota every month, but it’s also very annoying.

*By the way, clicking those two links is an excellent way to check if your pihole works as they are responsible for ad services and should be automatically blacklisted

You might already know this and already have solutions like uBlock Origin, or even Adblock Plus installed on your computer.

So how is PiHole different from these services?

Queries are made from your local network, which is then forwarded to an external upstream server, which makes the request and pings back information to you.

A traditional adblocker would just hide these ads from you by editing the source code (HTML, CSS, JS), which means that you are still pinging other servers and again downloading their content, but you do not see it, which is an acceptable solution. But why not just utilize a server that takes maximum about a day to set up that can detect domains that serve these advertisements and just ping them a fake address and act as an interceptor between you and the servers, so the webpage loads without downloading these content in the first place meaning there is no need to hide it. This provides faster internet speed and less bandwidth usage.

You most probably have an adblocker on your computer, but what about your phone or SmartTV that you can’t install these services on?

Well, PiHole, if the device is routed through their DNS servers or it’s a network-wide implementation, you will have this effect on all devices that are connected to the network. That’s right, ALL!

This is why you don’t have to worry about anything and just enjoy ad-free browsing. One essential service whose ads are not 100% blocked is YouTube as they are continually evolving and now send their content and announcements through the same server, which means blocking ads would prevent the content itself. So a wise thing to do would be to pair up PiHole with an adblocker. Still, many amazing people in this community are continually finding a way to bypass this, while YouTube is continuously finding a way to get their ads through as it’s their primary source of income. So, that is the only sort of limitation, but other than that, everything works like a charm.

In a world where advertisements have become a significant source of attracting consumer’s attention while companies like Google and Facebook make a substantial source of income from it, it can also sometimes be a hassle. The perfect solution for this would be PiHole (A black hole for internet advertisements). So, with this software installed, the possibilities to iterate more are endless and are a fun little mini-project to enhance your browsing and streaming experience.

If you enjoyed this article and it helped you out, please leave me a clap down below, and if you have any questions, you could always leave a comment down below or even better email me at zakirangwala@gmail.com.

If you would like to learn more about me and the work I do, visit my website at zakirangwala.com