Network-wide ad blocking with Pi-hole
Recently I read Against an Increasingly User-Hostile Web by Parimal Satyal (which is a few years old now, but increasingly relevant). It’s a brilliant piece, and if you can only read one thing today, read that instead of this. I left the article pretty upset, and, in need of somewhere to channel that energy, I set out to install a Pi-hole on my home network.
Pi-hole is a network-wide advert and tracking blocker, which you can run on a Raspberry Pi. (I’m more concerned with tracking than adverts, but please consider “ads” to be an abbreviation for “adverts and tracking” for the rest of this article.) Pi-hole blocks ads on every browser and app on every device on your local network, without you having to do any configuration on device. Somewhere you can’t normally install an ad blocker? No ads. A friend visits and connects to your wifi? No ads for them either.
All this is possible because ads are very often served from a different domain than the content you actually want to load. The Pi-hole then, poses as a dns server (responsible for mapping domain names to ip addresses) and refuses to resolve domains that it knows host ads – forwarding everything else to a real dns server of your choice. The result is that adverts never even have a chance to load, usually leaving a calming empty space where they would have been, and that the Googles and the Facebooks of the world can no longer follow your every move around the web. The “no configuration on your devices” magic is achieved by configuring your router to use the Pi-hole as its dns server, or by using the Pi-hole’s built in dhcp server (more on that later).
The setup was more straightforward than I expected it to be, and if you want to install one yourself I recommend primarily following the Raspberry Pi set up guide and then the Pi-hole docs, but partly for my own reference, and partly because someone out there might find it useful, here are the steps I went through:
- Raspberry Pi Zero W
- sd card with noobs (you can often buy these pre-loaded from the same place you buy the Pi)
- Power supply
- Micro usb to usb-a adapter
- usb keyboard
- Mini hdmi to full sized hdmi adapter
- hdmi monitor
I didn’t have a usb mouse, and the Pi Zero only has one usb port anyway, but thankfully the noobs installer is very easy to run through with only a keyboard.
- Insert the sd card into your Pi, plug in your keyboard and monitor, and only then hook it up to the power supply.
- You should be greeted with the noobs installer. Connect to wifi and then follow the prompts to install Raspbian (or maybe Raspberry os now since the name changed recently).
- Follow the post install guide that pops up when you arrive at the desktop for the first time to configure language, wifi, etc.
I only have one monitor, which I need for my computer, so it was a priority for me to get ssh access to the Pi as soon as possible.
- Find the ip address of your Pi and make a note of it – we’ll need it a few times below.
- Enable ssh access with a password as described here.
- Copy a key over as described here.
Now you can unplug the monitor and keyboard, and do everything else over ssh.
Once you’ve got ssh access to your Pi, you can install Pi-hole by piping the install script into bash (there are other options if you find piping to bash objectionable) and following some more prompts. The defaults all looked good to me.
If your router supports it, it looks like the easiest final step is to set your Pi-hole’s ip address to be your router’s only dns entry. Unfortunately, my router doesn’t let me change the dns entries. Instead, I had to disable dhcp on the router, and enable Pi-hole’s built in dhcp server.
A dhcp server assigns ip addresses to devices on your network, as well as telling devices where to find the router and the dns server (among other things). By disabling the router’s dhcp server, devices will automatically use the Pi-hole’s instead, which also means the Pi-hole becomes the authority on which dns server to use, and can point to itself.
The configuration here is mostly straightforward but check the Pi’s dhcp settings carefully. I messed up and failed to set the router ip address (wrongly assuming the default was correct), which briefly left me able to resolve dns queries but unable to actually load any web pages… If you’re feeling patient then devices will move to the new dns server next time they renew their dhcp lease, but you can accelerate the process by finding the option to Renew Lease in your device’s network settings.
Since setting it up, the Pi-hole has been humming along quietly blocking an astonishing 23% of unwanted dns traffic with no issues, and the internet is a better place because of it.
One final note: if you are able, please find other ways to support content creators and services that are normally funded by ad revenue. Buy a digital subscription to your favourite newspaper, pay for services and apps you like, support creators directly. I would love to see the industry at large move away from aggressive tracking and advertising, but the only way we’re going to see that happen is if we make alternatives viable.
Written on the 6th of June 2020.