Ever since I discovered the Pi Hole project (not too long ago, surprisingly!) I'd been meaning to give it a try. The long weekend and COVID restrictions provided the perfect opportunity!
So what is Pi Hole? Straight from the docs:
The Pi-hole® is a DNS sinkhole that protects your devices from unwanted content, without installing any client-side software.
First, I needed some hardware to run it on. I naively thought I'd just order a Raspberry Pi (model 4). In hindsight, I shouldn't have been surprised, but I very quickly discovered – to much frustration, disappointment (my project was doomed before it even began) and frankly surprised (why do so many people want Raspberry Pis?!) – that they were out of stock on every single retailer I could find! Sure there are some extremely overpriced options on eBay etc, but it kinda defeats the point of a Pi.
As luck would have it, it turns out I had some very old RPIs (model 2, circa 2015) lying around in a closet. With some cables, an external monitor and keyboard, I was back in business!
I hadn't worked with an RPI in a while. I wanted to wipe the SSD and start with a clean install of the OS: the nifty imager utility made that a breeze. The RPI booted fine and then happily went on to upgrade all the software for ~30 minutes.
Next step was to install the Pi Hole software. This too was pretty straight-forward: I followed the one-step install command:
curl -sSL https://install.pi-hole.net | bash
Incredibly, everything pretty much worked out of the box on first try :)
Finally, I setup a static IP binding keyed off the RPI's MAC address and voila!
For testing, I just manually updated the DNS on one of my laptops. When nothing obviously appeared broken, I updated my router to use the RPI as the default DNS for DHCP clients.
Block Lists: these lists – that determine which DNS queries to "sink" – are at the core of Pi Hole. The Internet is full of wonderful resources and block lists put together by various folks, including many that are very targeted (focused on ads or spyware or ransomware or phishing or malware and so on).
These are my current blocklists, YMMV:
2-3 days in, here are the results
- no hard figures, but anecdotally browsing feels faster, especially on mobile. I'd love ideas on how to empirically benchmark this without a ton of work!
- nothing broke! At least no one in our household has complained yet :)
- Roughly 10-12% DNS queries blocked in aggregate
- The "smart" TVs are really chatty! When we're watching TV, upto 20-25% queries are blocked. I was shocked to see just how aggressively multiple apps (looking at you Disney+) attempt to log telemetry!
Here are the current top blocked domains:
I consider this weekend side-project a resounding success! If you have a Raspberry Pi lying around, I definitely encourage giving Pi Hole a try.
If you'd rather not manage something like this yourself, there are plenty of other alternatives: