Pi-Hole Review
Internet ad-blocker, web filter, w/optional DHCP & DNS capabilities
Discovery
My goal was to filter internet traffic such as ads and unwanted tracking telemetry.
I wanted a home and small business equivalent to the Barracuda web filter which is too expensive
for home use. This led me to the Pi-Hole website. I did some reading and sounded like a cool and
EXTREMELY useful way to meet my criteria. The Pi-Hole website has the files you'll need to get
started on your own or have an IT person set it up for you. There are a several websites that
contain step by step instructions.
The Name 'Pi-hole'
The first part of the name refers to Raspberry Pi single board computer (shown
below). It's a device used by hobbyists to perform minor tasks without the need for a much more
expensive device. However, the Pi-Hole software will run on a LOT of different devices.
The 'hole' part refers to a 'sinkhole'. This is the practice of diverting unwanted internet
traffic such as advertising requests to a sinkhole or black-hole - never to return. This has the
effect of reducing your internet traffic by greatly reducing the ads and unwanted
telemetry.
Installation
Pi-Hole was originally intended to be installed on a Raspberry Pi (shown below), but
just about any old hardware with a Linux operating system will work. You can use a Pi, an old
desktop, laptop, or even go with a NUC or another mini pc. Some users have also installed it in
a virtual machine. The choice of Linux distro is up to the person performing the installation. I
initially picked Raspberry PI
OS,
but I have also used Mint
OS
and a Docker
Container. Each instance was installed on different hardware. You will need
to make a choice as to how you want to set it up and download the appropriate installer. The
installation process is a script that downloads the rest and does everything you need to get
started. The Pi-Hole software not only filters advertising & telemetry, but it can be optionally
configured to include DHCP and DNS services.
First Impressions
Pi-Hole is great software that simply runs quietly in the background. If you want to
set it up yourself - a basic Knowledge of Linux, DHCP & DNS is beneficial. However, you can also
have your IT provider set it up as well. Figuring out what to whitelist can sometimes be
challenging. (Google searches will help with this task.) I have Pi-Hole running in my home lab
and it has significantly reduced unwanted internet traffic while increasing security and
privacy.
Blacklisting
I am using approximately 35 separate blacklists on my Pi-Hole which collectively
block over 1.5 million malware, ad generation & telemetry sites. There are lists available for
Smart TV's, Crypto, Malware, streaming services, phishing, adult content, ad servers and more.
You get to choose what you're blocking on your network. Simply include or exclude the lists or
individual sites as you deem necessary. These lists are updated periodically, so it's a good
idea to run the list update function pickup any additions.
DHCP Feature
The (optional) DHCP server within the Pi-Hole is somewhat basic but performs as
expected. It lacks the ability to specify additional options that are sometimes needed. There is
no ability to specify a proxy server, NTP server, WINS etc... This may be a limiting factor in
some use cases. I tried it, but ended up reverting back to DHCP on my router.
Does Pi-Hole Block Ads on Streaming Services?
YES - if the ads are pop-ups or imbedded somewhere on the page.
Services like YouTube often display a pop-up ad across the bottom of the page. Roku devices
normally show ads on menus screens of the app. These ads will likely be gone. The blacklists are
very comprehensive.
NO - if the ads are streamed directly from the streaming service itself. These
include YouTube Commercials or sponsor spots added by the video creator.
Pi-Hole works by blocking the 3rd party ad providers that are on the blacklist. It does quite
well. If the ad comes from the streaming service itself, such as YouTube, they will NOT be
blocked. Pi-Hole won't stop all ads, but it makes a HUGE difference.
Does Pi-Hole Block Ads within Games?
Maybe - Ads will still display if it's generated from the game
provider. If the ad comes from a 3rd party ad-server, Pi-Hole will likely block it. The
blacklists are very comprehensive.
Use Case
Pi-Hole would be intended for any home or business and can be scaled up accordingly.
It works largely by filtering DNS queries which are quite small and do not require much
processing. Performance and capacity would be determined by what hardware you're using and the
speed of the network connection. Pi-Hole contains roughly 60% of the features of a much more
expensive Barracuda web-filter ($2,000+) but is MUCH more affordable. If you do it yourself, you
can get the price down to $0 if you have the skills and some spare equipment. Pi-Hole lacks the
daily updates and some of the advanced reporting features of the Barracuda. Larger businesses
should go with a Barracuda to support hundreds or thousands of users, higher bandwidth, and
additional features.
Ideas On Where to Install Pi-Hole
There are quite a few ways that people choose to implement the system. The route
chosen depends on your network and what you have available as some users can do this without
even purchasing anything. These are a few possible choices:
- Use a Raspberry Pi single board computer. (shown above)
- Consider a Zimaboard if you need low power and additional speed. (shown)
- Purchase a used HP, Dell or Lenovo mini-desktop from a site like eBay. (shown)
- Simply repurpose an old desktop. (This may consume more power but provides more speed.)
- Setup a virtual machine on Hyper-V, VMWare, VirtualBox, or Proxmox hyper-visors
- Use a Synology NAS or other NAS that supports apps or Docker containers (This is how I have mine.)
Advantages
Unlike traditional security software such as Norton or McAffee, a Pi-Hole will
protect EVERY device on your network. This includes smart TV's, Roku's Firesticks, camera
systems, cellphones, tablets, smart watches and more. Your total internet traffic will drop
by as much as 50%. This really helps if you have heavy Internet usage. Best of all - NO
SUBSCRIPTION REQUIRED!
Blacklists
I use over 30 different black lists that come from various sources which total
over 2 million domains. GitHub, and FireBog are where you will find most of what you need
and are updated frequently. These are divided into various categories such as malware,
crypto, smarttv's, ad servers, malvertising, trackers, phishing and more. The idea here, is
to provide separate lists for each category so you pick and choose what you want.
https://adaway.org/hosts.txt
https://bitbucket.org/ethanr/dns-blacklists/raw/8575c9f96e5b4a1308f2f12394abd86d0927a4a0/bad_lists/Mandiant_APT1_Report_Appendix_D.txt
https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-malware.txt
https://hostfiles.frogeye.fr/firstparty-trackers-hosts.txt
https://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&showintro=0&mimetype=plaintext
https://phishing.army/download/phishing_army_blocklist_extended.txt
https://raw.githubusercontent.com/anudeepND/blacklist/master/adservers.txt
https://raw.githubusercontent.com/AssoEchap/stalkerware-indicators/master/generated/hosts
https://raw.githubusercontent.com/bigdargon/hostsVN/master/hosts
https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/spy.txt
https://raw.githubusercontent.com/DandelionSprout/adfilt/master/Alternate%20versions%20Anti-Malware%20List/AntiMalwareHosts.txt
https://raw.githubusercontent.com/danhorton7/pihole-block-tiktok/main/tiktok.txt
https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.2o7Net/hosts
https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.Risk/hosts
https://raw.githubusercontent.com/FadeMind/hosts.extras/master/UncheckyAds/hosts
https://raw.githubusercontent.com/Perflyst/PiHoleBlocklist/master/SmartTV.txt
https://raw.githubusercontent.com/Spam404/lists/master/main-blacklist.txt
https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
https://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt
https://urlhaus.abuse.ch/downloads/hostfile
https://v.firebog.net/hosts/AdguardDNS.txt
https://v.firebog.net/hosts/Admiral.txt
https://v.firebog.net/hosts/Easylist.txt
https://v.firebog.net/hosts/Easyprivacy.txt
https://v.firebog.net/hosts/neohostsbasic.txt
https://v.firebog.net/hosts/Prigent-Ads.txt
https://v.firebog.net/hosts/Prigent-Crypto.txt
https://v.firebog.net/hosts/Prigent-Malware.txt
https://v.firebog.net/hosts/RPiList-Malware.txt
https://v.firebog.net/hosts/RPiList-Phishing.txt
https://v.firebog.net/hosts/static/w3kbl.txt
My Experience with Long Term Use
I first installed a Pi-Hole in October of 2022. It was one of the best decisions
I have made for my household and home-based business. Yes, there was a learning curve. I
went through several iterations getting it setup as I was new to Linux at the time. Each
time gave me more and more experience. I learned a LOT along the way. Once I had Pi-Hole
installed on the final hardware, it hasn't been touched other than installing software
updates and tweaking the blacklist. Allowing certain streaming apps proved to be the hardest
part. (Paramount+ streaming was challenging.) Google searches solved most of the blacklist
issues, but a few had to be fixed by trial and error. Now that I have used it for several
years, I can’t imagine not having it.