Pi-Hole Ad and Malware Blocking

[Darren Wright]

I went into this a bit on Leo's thread and thought it probably could be its own thread regarding Ad and Malware blocking. Might be a bit much for some of you, but if anyone has questions I'd be happy to answer to the best of my ability.

Pi-hole (https://pi-hole.net/) is a software server you run on your network for filtering out all traffic to known Ad and malware servers on the internet. Basically you route all your home network traffic through it by changing a couple of settings on your home network router and all your computers receive the change to start routing network traffic through pi-hole. When you visit a website, the page loads from sometimes hundreds of website and ip addresses. Pi-hole will look at each of those and if they are in the known Ad or malware database, it will return a 404 or unknown site error for those, but load the rest of the page as normal, filtering out Ads (and potential Malware).

The pi-hole software can run in a few different ways, most popular is to run on a raspberry pi. However, many of the new NAS devices/software (TruNas, Synology, QNAS, Buffalo, etc)will also run applications and/or docker, which lets you install the pi-hole software through their application list or run a docker instance of pi-hole. Also some newer internet routers do have a pi-hole app installed or ability to add the application on the router itself.

A couple of caveats to running a pi-hole:
* You have to be able to change the DNS settings on your network for it to be network wide. You can just change it on one computer, tablet, or phone by changing that device's network settings.
* When you leave your network the pi-hole filtering is no longer available, so if you're on a cell service or at a friends house, or a separate hotspot, you're no longer having your internet browsing filtered.
* If the pi-hole device is turned off or down, your internet browsing will stop working as no DNS lookups will occur. You either need to get that pi-hole device working or change back to your default DNS settings back to automatic on your home network router if the pi-hole can't be fixed at the time. I run two separate pi-hole instances and both ip addresses are in my network configuration, so if one goes down, computers and devices will fall back to the other.

 

[Rennie Heuer]

ΑβΓ γ Δ δΕΖ ζηΘ θ Λ λμξπΣ σ/ςΦ φΩ ω

 

[Vaughn McMillan]

ΑβΓ γ Δ δΕΖ ζηΘ θ Λ λμξπΣ σ/ςΦ φΩ ω

Shut yer Pi Hole, Rennie! We don't use that kind of language around here, buddy!

Good info, Darren. It's a little above my pay grade, but I may be coming back to this thread for reference in the future.

 

[Brent Dowell]

Went ahead and installed pihole on my Synology NAS. Took a few tries to find a good guide that actually worked. The biggest trick was I needed to go through 3 or 4 upgrades of the nasdrive operating system. Once I got there it was a piece of cake. It actually seems like my browsing has sped up some.

This is the guide that I followed. Note: This guide references a couple other guides on setting up a restricted docker user and a network bridge that need to be followed as well.

https://drfrankenstein.co.uk/pi-hole-in-container-manager-on-a-synology-nas/

Oh, And then I followed this guide to configure my router to actually use the pi-hole.

https://discourse.pi-hole.net/t/how-do-i-configure-my-devices-to-use-pi-hole-as-their-dns-server/245

 

[Darren Wright]

Pi hole does keep a cache of sites temporarily, which does speed up your browsing since it doesn’t have to wait those few milliseconds to the internet and back.

And while a few milliseconds may not seem like much, a typical modern web page makes hundreds of requests, taking a few milliseconds each, and those few hundreds of milliseconds add up to seconds per page.

 

[glenn bradley]

Great stuff Darren. Like any inspection device the throughput will be device (the server) specific. I doubt that any home user (and none of us retired IT guys either probably) would hit any kind of limitation. The overall experience should be a better user experience by whittling off all the bloat. With the number of scam and advertising threads we get on here I am sure a little front end effort by those folks could solve a lot of issues. Those in the satellite-only service areas could really benefit once the filtering kicks in . . . unless I misunderstand the mechanism. My point is that a little brain-strain in getting set up could be paid back in spades ever after.

 

[Darren Wright]

It certainly would help having one for satellite folks, just depends on the sites you visit of course. I'm pretty specific on my searches and sites I visit, but in the last 7 days mine have resolved about 800,000 requests, blocking 15% of those requests from even going outside my network.

So to put that into perspective, it blocked 120,000 requests. Average legacy satellite (HughesNet, Viastat, etc ) latency, which is the the amount of time from when your browser requested it, to when you got a returned result for the request, is about 700 milliseconds (1 second = 1000ms). So 120,000 X 700 = 84,000,000 ms >> 84,000,000ms = 23.3 hours

Total time saved browsing over that 7 days, 23.3 hours, by simply blocking those requests.

Given I'm on Starlink and their latency is about 50 ms per request, I saved about 1.6 hours over the last 7 days...never mind how much I wasted on the 800,000 requests.

 

[Darren Wright]

BTW, There are other lists available for blocking besides the default list, but you'll have to research what they are blocking. The default list doesn't block most google ads or youtube ads, but you can add filters for those yourself too.

 

[Brent Dowell]

It's actually working great right now. Things are faster and I'm not noticing as many random delays and other sorts of ads.