Before going into the post carefully documenting my process in setting up everything, here's what this post is about in short:
Installed PiHole on a Raspberry Pi Zero W and connected it to my network to have DNS level ad blocking.
It was reasonably fast to complete and works well.
Here's how it looks before and after:
Now, for whomever wants to understand why and how to build this, carry on...
I've been a consistent user of AdBlock Plus for the good part of the last 4 years, in part because I am a web developer and I am, statistically speaking, constantly and overly exposed to Internet advertisement.
I've surfed the web for a while now (~15 years) and I've seen it turn into a massive advertisement landfill, thanks to big tech and media companies.
Don't get me wrong there, I understand some of it actually is of benefit to parties involved and a lot of people and companies are finding ways to make a living out of online advertisement.
But let's not forget that for the rest of the cases, there are sites that over exploit this business model to the point where the browsing experience becomes unbearable.
Let's go halfway and take for example theverge.com a very popular tech news site. They have a solid, full width banner, dedicated to online advertising, through what it seems Google AdSense.
Using AdBlock will most likely block it.
- But what if I switch to a browser where I don't have AdBlock ?
- Or what if I navigate to this site in my phone where I also don't have AdBlock?
- What if the ever growing list of devices at my house are not blocking these obnoxious ads ?
A network-wide ad blocking DNS Sinkhole that doesn't require anyone to install anything
So, as per the official documentation and guides, you need your own hardware and Linux distribution.
Disclaimer: I'm doing this tutorial on macOS.
* Any micro usb cable + adapter will do
** Any SD card over 8 Gb will do, I had a 32Gb lying around
*** Free from the RPi Foundation
1. Download Raspbian Buster Lite
This is just the base operative system that handles all the low level for us
Raspbian is based in Debian, which is a very popular Linux distribution.
2. Burn the .ISO on the SD Card
Insert the SD Card in your computer and try to make sure it is formatted to ExFAT, if you don't know how to do this, see this guide
The next step is to burn the previously downloaded .ISO image into the SD Card. Apple-Pie Baker is a fantastic piece of software I keep using for this step when dealing with Raspberry Pis (Pies?), and it's free, but you can always donate !
You have to:
- Select Disk: Your SD Card
- Restore: The downloaded Raspbian ISO
Wait for it to finish. You should see a mounted volume called
3. Configure Wifi Credentials
This next step is very important when you first boot a headless Raspberry Pi (No screen), as it ensures that the Raspberry automatically connects to your network and lets you access it through SSH.
- Enable SSH
All you have to do is run the following line in your Terminal
It will create an empty file called
ssh, which will instruct Raspbian to open the SSH port (22)
- Add your SSID
Using your notepad or code editor, create a file called
wpa_supplicant and enter the following
Then move it to
Or you can use the terminal to paste the following:
Don't forget to change the country, ssid and psk attributes to your own
For the country code, refer to the ISO/IEC alpha 2 standard, for example
- GB: United Kingdom/Great Britain
- US: United States
- FR: France
- DE: Germany
4. Insert SD card to Pi and power up
Give it a while and if all went well:
- Your Raspberry connected to your Network
- Your Router assigned a IP address to it
- Your Raspberry has SSH enabled at port 22
Here's a detailed guide by the RPi Foundation on connecting via SSH to the Raspberry Pi.
For now, all you need to know are the defaults:
- User: pi
- Hostname: raspberrypi.local*
- Password: raspberry
* Some macs will not resolve this hostname to the IP address, so you'll have to find the actual IP address of the Raspberry Pi
To discover the IP address of your Raspberry Pi, there are several ways:
Using a 3rd Party App
I'm using Fling - Network Tools on my Android phone to detect the hosts currently connected to the network,
Using a Network Utility
If you want to see the host name, IP and all of the Raspberry Pi information on your machine, you could either go to your router homepage (boring) or use nmap (Network Mapper) a fantastic CLI utility for network discovery:
It will take a while depending on the amount of devices connected to your network, but, it will also get you the open ports of said devices.
We're only interested in the hosts that have the ssh port 22 open.
Nmap scan report for 192.168.0.21 Host is up (0.019s latency). Not shown: 999 closed ports PORT STATE SERVICE 22/tcp open ssh
We now know, that our Raspberry Pi is using
5. Connect via SSH
As said before, you can try using the hostname, or the IP address
You should see the following authenticity prompt
The default password is raspberry.
Enter it and then after login, you should see a prompt at the end like this one:
If you read closely, there is a security warning that exhorts you to change the default password.
I would very much like to emphasise that you SHOULD GO AND CHANGE THE DEFAULT PASSWORD. Raspberry Pi is synonym of ubiquity, which means there's a high chance that if you see one in the wild, it will still have the default settings.
You don't want people that come visit to snoop around your browsing habits, do you?
6. Install PiHole
From the official page of the PiHole project, we get redirected to the official Github Repository, were there are several installation methods.
Lets follow the easiest one. Copy and paste that into the Raspberry Pi SSH Session
sudo curl -sSL https://install.pi-hole.net | bash
The installation scripts will start running and you will see your Raspberry Pi blinking at times.
Follow along with the installation wizard. For the most part, the defaults will work and all you have to do is keep pressing enter.
When you reach the Upstream DNS Provider, Google is the default one, and it will work, but I usually go with Cloudflare.
There are some reports that Cloudflare are seemingly the "good guys"
You should see your Admin Panel password at the end of the wizard and somewhere at the Terminal window. Make sure you store it and keep it safe.
7. Open the Admin Console
If you see something similar to the following, it means you're almost there.
Make sure to login and remember your password.
That's it for the hardware and the DNS sinkhole, now, you can tell your devices or your router itself to use the Raspberry Pi's IP address as the DNS Server.
8. Configure the DNS
For the sake of completing this tutorial and because at the moment my router is locking itself (Thank your Virgin Media), I will only test this on my Phone and my Computer, but should be a sufficient PoC that this works
To test it your computer:
- Go to your System Preferences > Network > Advanced
- Go to the DNS Tab
Enter whatever IP address your router gave to your Raspberry Pi.
In this case
192.168.0.21, on the left side
Don't forget to click OK and then Apply
Let's go back to theverge.com and see if it worked.
As you can see, the ad is gone and I can see in the PiHole Admin Panel the Queries (Requests to Ad Servers) being blocked in real time.
9. Test Again
I went ahead, redid the last step, this time restarting my browser, to do another test.
This is before the DNS setting:
This is after.