Some have the opinion that ad-blocking is piracy as you’re trading the online money-making ability of a company or content creator for saving a few seconds (and one’s sanity). Traditionally, digital piracy is the downloading of digital media or software that’s on sale for free use. While I understand where they’re coming from, I think it’s a dumb opinion because online ads also open you up to security problems with trackers and the potential for malware. That’s why I have no qualms about adding a Pi-hole to my local network.
Pi-hole is a Linux-based ad-blocking application that acts as a DNS sinkhole and occasional DHCP server. In layman’s terms, it basically puts a router in your router so you can route while you route. You install Pi-hole in a Linux-based device that’s connected to your LAN, then point your router to it as a DNS server so your incoming web traffic goes through it, and it will block domains based on lists added to the . It blocks not only ads, but also trackers and whatever malware may come from.
Having a Pi-hole to filter your incoming traffic can help ensure privacy and safety online. Never mind if you’re just annoyed by ads since you can also have ad blockers in your browser. However, being able to better avoid malware without having to actively think about it all the time is always a good idea. All of that can be done with a device smaller than the palm of your hand connected to your router or network switch.
NOTE: This is both a blog on my personal experience with setting up a Pi-hole and a guide on how you can do it yourself based on what I’ve learned. It’s not the most comprehensive guide on this out there, but it’s also not copy-pasted from other online guides. I ensure that whatever I’ve written here is based on having tried it first.
Most can be satisfied with the ad blockers on their web browsers, either built-in or from extensions. However, they only work for the browser they’re in, so you need to have one in every app of every device you’re using if you want to never see ads at all. That shouldn’t be a problem for the most part, but having extra stuff installed can impact performance and require further configuration.
Also, there are some big companies that actually pay developers of browsers and ad blockers to exclude ad-blocking for those particular sites, so you’ll still get ads from them.
Then again, if you’re reading this and haven’t closed it yet after reading that introduction, then you may be someone who finds the idea of setting up separate hardware for blocking ads and trackers to be not a problem or even fun. You may also take online privacy seriously, whether it’s because of being advertised things you may have searched for or mentioned in passing, or you have been hit by malware or even ransomware.
I think the only true reason you’d want to go out of your way to set up a Pi-hole for your home network is because you think it’s neat to have an extra bit of security. It’s also a good way to learn more about setting up a Linux system without having to buy a whole new desktop or laptop computer. You also get to learn more about how to manipulate your home network, especially if you don’t already know about DNS servers.
It’s also a good thing to block those pesky ads, whether you believe Mr. Linus Sebastian or not on whether doing so is indeed a heinous act of digital piracy.
Pi-hole in Synology
The first time I set up a Pi-hole was in my Synology DS920+ NAS, which I previously talked about in this blog post. Since it’s a significant investment, I might as well use it for whatever I can think of until I can be bothered to then buy something else to handle that job if it somehow gives me even a hint of trouble. In the case of Pi-hole, I did just that.
For this guide, I’ll include how I installed and ran Pi-hole in my Synology NAS, as well as how it was to live with. Let’s assume you’ve already set up your Synology, have it set with a static internal IP address, and know how to do stuff in DiskStation Manager (DSM) — Synology’s custom Linux-based operating system.
Most of these instructions are based on this guide, which is mostly how I set up my Pi-hole for my Synology NAS.
1. If you have not reserved an IP address for your Synology NAS in your router, do so now. It’s better to have a static internal IP address for your device so you won’t have to keep changing the DNS server settings in your router. [see instructions here]
2. First off, bring up DSM, open Package Manager, search for Container Manager (formerly known as Docker), and install it.
3. Go to File Station, go to the docker folder, create a pihole folder in it, then create two subfolders named dnsmasq.d and pihole inside it.
4. You then open Container Manager, click on the Registry tab, and search for pihole. Download the first result, which should come from pi-hole.net.
5. Go to the Image tab and run pihole/pihole to start installation. Choose the latest tag.
6. Select Use the same network as Docker Host and click Next.
7. Give the container a name (Pi-hole or Peepee-hole or whatever).
- If you intend to use the Pi-hole as a DHCP server, you’ll have to check the Execute container using high privilege option. If not or you don’t know what this means, you can skip this step.
8. Click on Advanced Settings, go to the Environment tab, fill in the following below, then click Next:
- WEBPASSWORD: (your chosen password)
- WEB_PORT: (your chosen port, somewhere in the 8000s like 8888)
- DNSMASQ_LISTENING: local
- ServerIP: (the IP address of your NAS)
9. In Volume Settings, add the two subfolders you created earlier in the pihole folder inside the docker folder. When you’re done, click Next.
- For /docker/pihole/dnsmasq.d, set mount path to /etc/dnsmasq.d
- For /docker/pihole/pihole, set mount path to /etc/pihole
10. Review your settings in the summary to make sure everything is correct. Once you’re absolutely sure, click Done and your Pi-hole container should be good to go.
11. Open port 53 on your router and the WEB_PORT you entered in the PI-hole setup (8888 is a good one) on the Synology firewall. That will serve as your default DNS port, as well as the port for the Pi-hole web interface.
- Go to your Synology’s Control Panel, go to Firewall, then select Edit Rules.
- Create a rule with a custom port for your chosen Pi-hole WEB_PORT. Keep the protocol at TCP.
- Create another rule for DNS port 53. Set the protocol to All.
- Make sure these rules are put above the Deny All rule.
12. You may now access your Pi-hole web interface through:
http://[internal IP address of your NAS]:[WEB_PORT]/admin
- You may also access it through http://pi.hole/
13. Go to your router settings and set the DNS server to the IP address of your Synology NAS.
Tadah, your incoming web traffic is now being filtered through your new Pi-hole.
Pi-hole in Orange Pi Zero
The problem with having my Pi-hole in my Synology NAS is that if I had to update it or turn it off, I have no internet until I either turn the NAS back on or change the DNS server setting in my router. That was inconvenient, so I finally got around to figuring out how to put a Pi-hole in an Orange Pi Zero I purchased back in June 2022 for this very purpose.
The reason why it took me over a year to get around to it was that I was lazy and I had to get used to using SSH to issue commands to it. I floundered around looking for an AV cable to plug it into my TV, but it didn’t work for some reason. I even bought an expansion board that would let me plug in cables and other accessories more easily, as well as an enclosure to house everything, but I don’t know enough about this thing to do all that.
However, unless I wanted to keep it as a paperweight, I had to get around to it. I thought about using my old Ouya as a substitute, but having to do the whole ADB thing with that thing in order to do anything with it since its older and less adaptable hardware was more trouble to deal with than it was worth. The Orange Pi Zero was a lot easier to work with in the end.
You need an Orange Pi Zero or a similar SBC (maybe put it in something like a little box or a 3D-printed enclosure), microSD card, micro USB cable (and AC adapter), and ethernet cable (preferably a short one).
It doesn’t have to be an Orange Pi Zero — this can be done with a Raspberry Pi, a Banana Pi, a NUC, or any computer that you can install Linux on. But for this section of the guide, we’re doing it with a Pi using the Armbian operating system.
Installing and Setting Up Armbian
2. Insert the flashed microSD card into the Pi, connect the device to your router with an ethernet cable, and plug it into a power source with the micro USB cable.
3. Reserve an IP address for the Pi in your router. [see instructions here]
4. Open an SSH client like PuTTY and enter the IP address to SSH into the Pi.
5. Log into the Pi with username root and password 1234. You can then create a new user account and log in with that later on. It’s not recommended to use root as your primary account. You’ll have to type sudo a lot, but that’s just part of the Linux experience.
6. Type sudo armbian-config and press Enter. Go through the setup as needed.
- If you have not assigned a static IP for the Pi on your router, you can do so now through the IP config in armbian-config.
7. When you’re all done, you can run exit to log out and disconnect.
Installing and Setting Up Pi-hole in Armbian
1. SSH back into your Pi with the account you created earlier.
2. Run curl -sSL https://install.pi-hole.net | bash on the Pi.
3. Run pihole -a -p to set the admin password for the Pi-hole web interface.
4. Go to your router settings and set the DNS server to the IP address of your Pi.
5. You can access your Pi-hole web interface by entering the Pi’s IP address on a browser, then logging in with the password you previously set in step 3.
Congratulations, your Pi is now a Pi-hole. These instructions are based on this guide.
Why the Orange Pi Zero?
You can do this with a Raspberry Pi or a similar single-board computer (SBC). However, I chose an Orange Pi Zero because it’s a lot cheaper compared to putting it in a Raspberry Pi 4, which I also have and am currently working on turning into a web server as of this writing. It doesn’t take much to run Pi-hole, even if it’s going to be on 24/7.
The Orange Pi is best known here in the Philippines mostly for use in PisoNet stations, which are coin-operated computers used for internet access. They’re still used by small businesses to make a few extra bucks on the side while also providing internet access for their neighborhoods, although they’re not as popular these days due to the availability of smartphones.
Other than that, second-hand SBCs are usually sold on Facebook Marketplace and Carousell by fresh graduates who just got done with their thesis for their computer engineering degrees. There had been a Raspberry Pi shortage a couple of years ago mostly due to the global semiconductor shortage, so just know that you can’t just tell yourself that it’ll be there whenever you need it. Even if it were, it won’t stay at the same price.
As of this writing, I’ve been able to run my Orange Pi Zero Pi-hole just fine with no problems. It stays at around 30-33°C with no additional thermal solution, so it does look like I can keep this here for a good while. If it does go on the fritz somehow, I can always turn the Pi-hole in my Synology NAS back on or buy a slightly bigger and more robust SBC to set up Pi-hole in.
As amazing as it is, Pi-hole isn’t magic. It doesn’t just magically identify which incoming traffic has ads, trackers, and malware, then filter them for you like a loyal butler with a shotgun. The easiest way to let your Pi-hole know what to block is to add an adlist, also known as a blocklist, which is a link to a list of domains and URLs that Pi-hole should filter out.
Pi-hole comes with a stock adlist that you can select during installation, namely https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts. In most cases, that works pretty well on its own. But if you want to cover more ground, you may want to add more.
There are a ton of community-run projects out there that update these adlists for Pi-hole users all over the world. The most popular ones include oisd.nl, The Firebog, Blocklist Project, Developer Dan, and so on. For more information on adlists, check out this post by Avoid the Hack.
Take note that more does not mean better. You wouldn’t want to block everything, including innocuous stuff like Facebook comments sections (Yes, you can do this deliberately or by accident). If you wish to block certain things on your own, you can add URLs to the blacklist manually. It’s not recommended to have it done for you via adlist.
Adding Adlists to Your Pi-hole
1. Go to your Pi-hole web interface and log in.
2. Go to the Adlists tab.
3. Enter the URL of the adlist to the Address box.
4. When you’re done adding all the adlists you have, click on the Tools dropdown tab, click on Update Gravity, then click on the Update button.
- Alternatively, you can also SSH into your Pi-hole and run pihole -g to do the same thing. You need to do this in order for the Pi-hole to start using the adlists.
5. Go back to the Dashboard to see how many domains on the adlists are added to the Pi-hole.
Blocking Ads from Major Platforms LIke Facebook and YouTube
Take note that big corporations with resources to hire the best developers in the world certainly know about Pi-hole and are actively working to defeat them on a regular basis. Since the main income stream of Meta and Alphabet is in online advertising, they’re going to do everything they can to keep serving you ads, whether you like it or not.
Therefore, ad-blocking solutions like Pi-hole are going to have a hard time keeping up. Pi-hole blocked everything back in the day, perhaps enough to show dips in those companies’ financial statements. Therefore, even with a Pi-hole with every known adlist known to man won’t block Facebook and YouTube ads in 2023. You either have to use other means to block them or just bear with it.
I still struggle with Facebook ads on my phone, but YouTube ads are a bit easier to deal with. You can either pay for YouTube Premium or use YouTube ReVanced to patch the YouTube app with plugins for various features. You can have YouTube playing in the background while you’re using other apps or even with your phone on idle, skip intros and sponsor spots, bring back the dislike count, and so on.
While I’ve not dug in further to block Facebook and YouTube ads with Pi-hole, I’ve taken a look at how it’s done. As far as I’m aware, it looks like you have to set up scripts that will automatically update your blocklists since those platforms update their ad delivery all the time to stay ahead. That’s a bit above my paygrade, so I haven’t really looked deeper into it.
If you’re interested in taking a look at it, here’s a link to YouTube adlist repositories.
Bonus Feature of Pi-hole
This really isn’t a feature that was intended in the design of Pi-hole, but I found it to be pretty useful in my daily life. If you tend to shut down, sleep, or hibernate your devices, including your computer, before you go to sleep, then that halts active network activity. You then wake up and likely turn your devices back on, which then continues active network activity.
You can then look at your Pi-hole dashboard and see that gap. It tells you when active network activity stopped and started again.
I know that does seem like a nothing burger for most people, but not if you’re a health-conscious individual who likes tracking their sleep. It’s especially useful for adults who have to make sure they’re getting ample rest each night. Knowing whether they got a full 7 to 8 hours or came up short with 3-5 hours for some reason helps with maintaining one’s health and understanding if they need to change how they sleep, when they sleep, or even where they sleep.
It’s not much, but it’s an unintended feature of Pi-hole that I found somewhat useful throughout the time I’ve been using it, so I thought it was worth sharing here.
Have something to say? Do you agree or am I off-base? Did I miss a crucial detail or get something wrong? Please leave whatever reactions, questions, or suggestions you may have in the comment section below.
You may also like/follow and leave a message on either Facebook or Twitter. Please subscribe to both the Avoider.net YouTube channel and my personal YouTube channel, as well as my Twitch channel for more content. Thank you for dropping by.