Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Pages: [1] 2 3

Author Topic: pi-hole?  (Read 15221 times)

22over7

  • Reg Member
  • ***
  • Posts: 101
pi-hole?
« on: November 11, 2018, 12:52:18 PM »

Has anyone any experience with "pi-hole"? (https://pi-hole.net/).

I'm pretty intolerant of ad's, and for sometime have been using https://github.com/StevenBlack/hosts. This constructs
a gigantic /etc/hosts, in which thousands of dns names are "/dev/null"d.  This has not been problem-free.

Then I came across pi-hole, and installed it on a (3B) pi that I was using as a cups server for some ancient non-wifi printers,
and doing little else.  I put this top of the DNS servers for a machine or two, just out of curiosity.  So far, I'm quite
impressed. For one thing, I can allow a handful of sites (like kitz.co.uk, sndbforums.com, ..) to show me ads, in the hope that
it thereby might bring them in a few pennies. There's a nice admin-page (it sets up a lighttpd server) where you can configure such things.
I can now see some unobtrusive ads on the kitz sites, and elsewhere.

I've only been using it a day or two.  It's quite crisp, given that the pi involved has fallen down behind an immensely heavy metal filing cabinet,
and has rather dodgy wifi accessibility. I wondered about getting another lower-specced pi, ethernet connected to my router, and powered
via a router USB port.  It doesn't seem to need a 3B.

Does anyone here use a pi-hole "in anger"?  Any gotchas? Advice?

Logged

pooclah

  • Reg Member
  • ***
  • Posts: 151
Re: pi-hole?
« Reply #1 on: November 11, 2018, 03:08:29 PM »


I’ve never used this but it certainly looks interesting.  I have an old Pi Zero gathering dust somewhere and when I get time I’ll try it out on that.

Thank you for pointing it out.

Kevin
Logged

VDSL2User

  • Member
  • **
  • Posts: 31
Re: pi-hole?
« Reply #2 on: November 11, 2018, 03:22:07 PM »

Yes I used it for about 3 weeks and it works well.
You do need control over the DNS settings for clients for it to work best.
I first ran it as the upstream DNS from the router but in this mode it does not record client usage
but shows all requests as from the router IP.
I then ran it as the DHCP server (instead of the router) as well as the DNS and this provided a great solution.
There is a lot of details and support for it on the Internet.
It then wet my appertite to go further and gain more control of my local network and I
now run pfSense with the pfBlockerNG plugin (which does the same thing as Pi-Hole) and so
now have everything in one box.
Logged

chenks

  • Kitizen
  • ****
  • Posts: 1106
Re: pi-hole?
« Reply #3 on: November 11, 2018, 03:22:48 PM »

i used it for a while, but it is worse than just using an adblock browser extension.
it couldn't handle blocking youtube ads natively, so it resulted in having to run both an adblocker extension anyway.
i dumped it shortly after that as it became pointless.
Logged

jid

  • Content Team
  • Kitizen
  • *
  • Posts: 1945
Re: pi-hole?
« Reply #4 on: November 11, 2018, 05:20:32 PM »

Likewise, I tried it for a few weeks and I found it blocking more pages and content completely. There is a lot of tweaking involved to get it working. It has a good online community with lots of tips and advice, the Whitelist suggestions they have on there helped a lot.

I still found it sometimes not blocking ads, or just blocking the whole site altogether. It also played havoc with my Hive Heating. The app would take a minute to refresh data from my thermostats.
Logged
Kind Regards
Jamie

BT FTTP - 75meg | Sky Q |  Bridgend Weather

Weaver

  • Senior Kitizen
  • ******
  • Posts: 11459
  • Retd s/w dev; A&A; 4x7km ADSL2 lines; Firebrick
Re: pi-hole?
« Reply #5 on: November 13, 2018, 07:53:49 PM »

In my experience anti-adblocking techniques and ads built by JavaScript code are getting so common now that sophisticated ad-blocker software is needed, which inspects html and / or even JS maybe and interferes with it. My adblocker in my iPad (1Blocker-X) seems very competent on the whole, and works with half a dozen vast database of regexes that are tested against URLs by a special engin inside Safari. I don’t think a simply DNS-based thing is sophisticated enough, as blocking an entire domain name or not is not sufficiently specific.

I did the hosts file thing myself many years ago, under Windows, but for some common nuisance content rather than ad blocking.
Logged

meritez

  • Content Team
  • Kitizen
  • *
  • Posts: 1623
Re: pi-hole?
« Reply #6 on: November 13, 2018, 09:34:01 PM »

I have been running Pi-Hole for nearly two years, one installed at my plaqce, one at my partners, the lack of ads on any device is wonderful.

I'm only running it on a Pi B+ as anything else is overkill, it runs quite happily on a Pi Zero or Pi A+ if you have a usb to ethernet adapter.
Logged

burakkucat

  • Respected
  • Senior Kitizen
  • *
  • Posts: 38300
  • Over the Rainbow Bridge
    • The ELRepo Project
Re: pi-hole?
« Reply #7 on: November 13, 2018, 10:44:12 PM »

I am, quite shamelessly, going to request that all members please ensure kitz.co.uk is white-listed in your ad-blocker.
Logged
:cat:  100% Linux and, previously, Unix. Co-founder of the ELRepo Project.

Please consider making a donation to support the running of this site.

chenks

  • Kitizen
  • ****
  • Posts: 1106
Re: pi-hole?
« Reply #8 on: November 14, 2018, 08:39:14 AM »

I have been running Pi-Hole for nearly two years, one installed at my plaqce, one at my partners, the lack of ads on any device is wonderful.

I'm only running it on a Pi B+ as anything else is overkill, it runs quite happily on a Pi Zero or Pi A+ if you have a usb to ethernet adapter.

You must not use YouTube much then as it can't block those ads without some major constant manual editing
Logged

chenks

  • Kitizen
  • ****
  • Posts: 1106
Re: pi-hole?
« Reply #9 on: November 14, 2018, 08:40:37 AM »

I am, quite shamelessly, going to request that all members please ensure kitz.co.uk is white-listed in your ad-blocker.

Nope sorry, my adblock extension applies to all sites without prejudice
Logged

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 7382
  • VM Gig1 - AAISP L2TP
Re: pi-hole?
« Reply #10 on: November 14, 2018, 11:46:05 PM »

Blocking ads with a DNS server is useful but it wont replace a browser adblocker.  Reason been is that DNS based solutions work on blocking an entire domain as that is all they can do.

This means if a domain hosts adverts but also serves proper content it either is blocked (which is a problem if you need it for the proper content) or left unfiltered.  Also community based blacklists tend to have false positives and even have domains added for ideological reasons, e.g. a few lists block betting sites when they supposed to be just for malware/ads.

Since I first started using pfblockerNG on pfsense, the lists I am using have slowly dwindled down, I removed all lists that have no sane policy for false positive removals (As after all if there is no way to report a false positive then how can they be removed), as well as any lists that had excessive false positives in my usage of them.  Some lists are defenitly useful but some also cause more trouble than they worth.

Where DNS based filtering has value more is for things like phones, where apps integrate ads into the app, generally the only way to filter those is via DNS based filtering.

The potential for browser quality of filtering at the network level is implementing a solution similar to how child porn is filtered by isp's.  So a DNS lookup at the router, then if it hits, traffic is redirected to a proxy on the router, and then specific path url's can be filtered instead of entire domains, particularly for malware blacklists this would be far superior to just DNS based filtering.  However this would be for http only, because otherwise on https the router would be a MITM on encrypted traffic which is a big no no in my opinion.  I dont know how the uk child porn filters handle scanning of https links.

Generally the solution is as good as bad as the blacklists you choose to use, I am assuming pi-hole comes with preset lists configured, but I also expect they can be disabled as well as new ones added.  So if you getting false positives, disable the bad blacklists.
Logged

Weaver

  • Senior Kitizen
  • ******
  • Posts: 11459
  • Retd s/w dev; A&A; 4x7km ADSL2 lines; Firebrick
Re: pi-hole?
« Reply #11 on: November 15, 2018, 09:58:35 AM »

I just had a go at installing pi-hole. However I didn’t get very far. My machine is hosted externally out on the internet, and I get the feeling that an installation is assumed to be internal, within some lan that it is ‘serving’. The second thing is that my machine is IPv6-only, but the installation was asking for IPv4 addresses of upstream DNS servers. Looking at the installation routine’s code, I could fix the latter by changing the chosen upstream DNS servers’ addresses to the corresponding IPv6 ones. I’m not sure how far it would get me. Given that the machine is not inside my main LAN, I had just thought about trying to use it as an intermediate DNS relay which would serve my router, a Firebrick, telling the Firebrick that the pi-hole server was to be the preferred upstream DNS server. That was the idea anyway.
Logged

chenks

  • Kitizen
  • ****
  • Posts: 1106
Re: pi-hole?
« Reply #12 on: November 15, 2018, 10:39:18 AM »

pi-hole is meant to be a local DNS server on your LAN
Logged

Weaver

  • Senior Kitizen
  • ******
  • Posts: 11459
  • Retd s/w dev; A&A; 4x7km ADSL2 lines; Firebrick
Re: pi-hole?
« Reply #13 on: November 15, 2018, 12:48:46 PM »

Yes. As I thought. I had a second go but it just created a horrendous mess.

It asked some incomprehensible question about using IPv4 and or IPv6, I couldn’t tell whether it meant accessing DNS upstream over one or t’other or both, or filtering both types of queries, or providing services in both aspects as a DNS server, or a DHCP server or both, or what. I tried saying no to IPv4 and then it got a lot further, before finally wrecking the existing DNS on the system so it would not resolve anything at all any more. That meant that every thing was broken since no DNS lookups could be done, couldn’t use apt-get any more as lack of DNS resolver made it fall over, so it was time to admit defeat and wipe the system. A pretty disastrous attempt at writing an installer, with no global system transactional rollback facility. Maybe really really can’t cope with an IPv6-only system, difficult to know.

It may well not be possible to simply use it as a straight relay dns server independently. The designers perhaps never thought about such a usage.
Logged

chenks

  • Kitizen
  • ****
  • Posts: 1106
Re: pi-hole?
« Reply #14 on: November 15, 2018, 12:51:00 PM »

well you are trying to use it out-with the scope of what it's designed to be, so you can't blame the installer for the mess you created.
Logged
Pages: [1] 2 3