Setting up a DNS sinkhole with PiHole

In today’s day and age, mainstream browsers, such as those based on Chromium don’t provide adequate protection against invasive ads; which makes sense when you think that Google relies on selling your information to make a profit, which they then give to their investors; and give you more services.
It’s fair to say that we, the users, are the product.

In this quick tutorial, I’ll be going over a quick and easy way of setting up a DNS sinkhole, which can be setup to block any URLs you wish. A great many blocklists exist, which are regularly maintained and provide some good protection.
For this tutorial, I’ll be using PiHole, an open-source Python option which is widely used and has a flourishing community.

What is a DNS sinkhole?

Before we get into the “how”, we should briefly touch the “what”.
To put it in terms everyone can understand, think of a DNS sinkhole as a black hole in space. It sucks everything in that gets too close.
Without getting into too much detail on how the Internet (and DNS) works, your computers need to know where to look for information. Computers think in bits, bytes and words, not letters and numbers like us people. This is where the Domain Name System (DNS) comes in. It translates a URL (Unique Resource Locator) into a string of bytes, similar to a phone number, which your computer then uses to “call” another computer for information; like asking your parents what’s for dinner when you come home.

The Hardware

Now that we’ve somewhat cleared what a DNS sinkhole is, we should get into the hardware. Plenty of sites and companies will tell you that you need expensive hardware to serve any kind of information for the Internet. That’s simply not the case. In fact, most people already have sufficient hardware at home! If you have an old laptop or PC at home, you’re basically ready to go!

For me personally, I like having dedicated hardware for a specific task, but it’s absolutely not necessary!

If you’d like a cheap (not just initial investment, but also running cost wise) solution, pick up a cheap Raspberry Pi 3 (or newer), an SD card and you’re good to go. There is a plethora of very good tutorials on the Internet for getting started with a Raspberry Pi, so I’d suggest checking them out!

The Software

To get PiHole up and running, you’ll need to install a Linux distribution on your hardware. I’m using Debian, but any Debian derivative (e.g. Ubuntu) or any other distro should work. I’ve little experience installing PiHole on those distributions, so your mileage may vary if you choose to use a different distro.

Make sure your OS installation is fully up-to-date before getting started. On Debian (and its derivatives – from now on only mentioned as “Debian”), this is done fairly simply by typing the following commands:

$ sudo apt update # update the package lists
$ sudo apt upgrade -y # now update the installed packages

Each command should look a little something like the pictures below:

Updating package lists on Debian
Updating installed packages on Debian (the last steps)

Now that you’re all up to date, we can get started with the nitty-gritty!

Installing PiHole

Before we begin with the installation, I’d like to point you to the GitHub repository:

The installation method I’ll be showing in this tutorial is controversial in the Linux community, because it will prevent you from reading the code you’re about to execute. Nonetheless, this tutorial is written for the less Linux-savvy users under us, who wouldn’t be able to understand most of what they’re looking at. Please be assured, I wouldn’t perform these steps myself, if I didn’t trust the source.

In your Linux terminal (the “command prompt” for Windows enthusiasts), enter the following command:

$ curl -sSL | bash
# if the above fails due to permissions, use the following
$ curl -sSL | sudo bash

What this snippet will do, is it will download the install script and pipe it directly into the command interpreter, Bash. This means you don’t have to faff around with files, rather you can get right into the installation without any hassle. Neat, eh?

The installer will get right to work, and it should look a little something like this. But don’t worry, it’s all perfectly normal!

Preparing PiHole installation

You’ll soon be greeted by a 90’s-esque installation screen like this:

PiHole installation

Type enter to continue through the prompts until you see the following:

Static IP requirement for PiHole

Now we get to the portion of the installation that may seem scary to some. But not to worry, this is a perfectly normal requirement for these types of installation. What this message means, is that the computer your PiHole will be installed to, needs to have the same “phone number” all the time. This is different from a dynamic IP address, which may or may not change, depending on the circumstances of your network.

There’s a plethora of different ways to configure this, the easiest being through your router, however the most stable way would be through your OS.

For most home networks and users, I’d recommend using your router.
I have an AVM Fritz!Box at home, which has an intuitive UI which allows many options. Here, I can simply select that this device should always receive the same IP address (the “phone number”):

My computer always receives the same IP address, although I have dynamic IP configuration

Once you’ve set this up, it’s time to continue the installation!

Select <Continue> with the arrow keys and hit enter to continue:

Next, you’ll be asked to provide an “upstream DNS server”. Why do you need this? The answer is very simple.
Whenever your PiHole encounters a URL it doesn’t know (i.e. it’s not in a blocklist and it hasn’t been cached), it needs an authoritative place to ask the question “what’s the phone number for this address?”.
Assuming you’re installing PiHole for privacy reasons, I’d recommend using the Cloudflare DNS service, instead of Google’s. Of course you can enter a custom server address, but for most users, Cloudflare is a sensible option:

Upstream DNS server selection

Once you’ve selected your desired upstream DNS, hit [ENTER] to continue.

Now the interesting part begins; the part where you get to select your first blocklist! By default, PiHole comes with a fairly good blocklist, which is enough for most beginners and consumers. It will block a variety of ad sites and some malicious sites, too! To select it, hit [ENTER] to select <Yes> and simply continue with the installation.

PiHole’s default blocklist

The next prompt will ask if you want to install the web interface; I’d generally recommend this, as it makes administering PiHole a lot easier.
You’ll then be notified that PiHole requires a web server. If you don’t know what this does, go ahead and use the default settings to setup Lighttpd and use it. If you know what this means, then you likely already have a webserver on your system, such as Apache or Nginx, and you can configure your webserver to serve the PiHole admin site individually.

Select <Yes> to install the default web server and configuration

Privacy concerns

The next portion of the installation may raise some privacy concerns for some – a completely reasonable thing! PiHole allows you to log queries posted to it, which then may be used to monitor traffic and usage. Enabling logging may allow you to view every site visited by everyone who uses your PiHole.

Unless you’re the exclusive user of your network, I’d recommend NOT enabling query logging! Please don’t go snooping around others’ browsing habits. If you do, then there’s no difference between you and a company such as Google, Oracle or Facebook. In which case you may as well go back to using those (ad) services.

Select <No> with the arrow keys and hit [ENTER] to continue

Following the privacy scheme we’re going for, the next prompt will set the privacy level for the FTL installation – the part of PiHole which does the blocking of URLs. Select “Anonymous mode” with the arrow keys, then hit [SPACE] to select it and continue with the installation.

In traditional TUIs, hitting space will select an option in a list

PiHole will now go ahead and use the gathered information and set itself up; this includes setting up user accounts for the service, enabling ports and configuring the web server.

PiHole finishing the installation

With pihole installed, navigate to the IP address of your PiHole and you’ll be greeted with a screen like this:

PiHole admin login

Follow the “Forgot password?” instructions to set a new password for the admin panel and then log in. Your screen will look something like this:

PiHole admin site

Setting up clients to use your PiHole

By far the easiest and best way to make all clients on your network use your new PiHole, is to set the global DNS settings in your router.
Each router has its own way of setting this up, so check your router’s instruction manual if you can’t find a good tutorial online. Just set your primary DNS IP addresses to that of your PiHole and you’re set up! Happy ad-free browsing!

An example of setting the DNS servers for your local network

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.