Recently saw a post regarding pi-hole, and I am considering to try it out. I am wondering if it would fit my usecase, so I want to ask about specifically what it solves.
I heard pi-hole blocks ads at DNS resolution level, so it does not block e.g. youtube ads. For me and my family who mostly watch youtube with handful of blog surfing, what value would it bring? Most blogs do not seem to contain much ads, so I am not sure ad-blocking helps much there.
Given the praise pi-hole is getting, I guess there are more to it than limited blocking of ads. I would love to learn more about this topic, as I am blind on the networking stuff. Thanks in advance!
You must log in or register to comment.
As other mentioned, an advantage is that it blocks ads on phone apps too. My other use case is to add extra DNS entries to name devices on my local network. Finally, after using pihole for a while I switched to blocky. It has similar features but it lacks the UI and the dchp server, but in exchange it uses much less resources. Since I didn’t use either of these it sounded a good trade to me
For example some mobile games that have in-app ads are blocked.
Was surprised how much is blocked once I opened the app outside of my home network.It’s very good if you have people at home who aren’t as technical. Like it will block ads in your kids phone games, and your elderly mother won’t get as many scam popups etc
I mean that’s mainly it… it’s amazing at clearing adds off of news articles general viewing pages like blogs etc… but yes as you said, it’s not particularly great for things like youtube/spotify etc… things that deliver the ads through the same source as the main content.
It’s basicly domain based filtering. So I use mine to also block phishing, crypto mining, malware and anything tracking my web behavior…my parents have theirs setup to also block adult content for the younger siblings…
Tracking your web behavior? That sounds quite interesting, how do you utilize the data?
I can give you an example. Searching through my logs while writing up my first reply to you, I saw these two entries: https://x0.at/nO3I.png
One is for Skype, which I do not use. I don’t even have it installed on my PC, and the other is for QQ, which is a popular Chinese WhatsApp type service from Tencent, the same parent company as TikTok. Not only is it known for being an arm of the CCP, but why are they operating from within my network? No one uses QQ… So it’s ultra suspicious. The contact was blocked, but if I wanted to investigate further, I can–because now I know its there.
You may be interested in checking out IPS/IDS systems as well, to get true intrusion detection
I get a lot of ads everywhere. And trackers. On most of the news sites, social media platforms, my email provider, .places where I look up information, … The majority of the internet is commercial and financed through advertisements. With few exceptions, like personal/indie blogs and places like this one. I mean if you read just blogs and Wikipedia, you might already be alright. But that’s not how 99% of people use the internet.
Yeah, Youtube ads won’t be blocked by a DNS blocker. You need a browser plugin for that. I use Firefox, uBlock and Sponsorblock. That removes most of the ads everywhere, including Youtube.
In addition to adblocking, some people use it for family censoring like blocking porn and gore on the domain level. It’s a more effective means as it would mean that your kid can’t go to ph on the family computer as well as their iPad.
You can block individual domains if you wish but there are also a lot of lists out there that are generated and maintained by the community to include new sites as they arise.
I like it for my iPhone for playing free games like solitaire and the like. A lot of these have intrusive ads but the PiHole effectively blocks the ads and I don’t have to have any third party apps running on my phone.
Additionally, I set up a VPN on my Raspberry Pi so I can take this adblocking on the go too.
You can also set up the PiHole to keep a log history which some people may want or you can use it to never keep the history for privacy reasons. I suppose this is another use case in ensuring your DNS server at home doesn’t keep a history of websites you visit from any device on the network.
@[email protected] has a great response and also suggests using AdGuard Home instead, which is what I run as well. The biggest benefits the AGH has over PiHole for my family is the fact that you can very easily define a Client and the ips that pertain to that client… so I can define a single client for all of my devices , a single client for each of my kids, etc.
Then from there I can block specific services like social media platforms per client group or allow them. And similar to PiHole, I can setup all the blocklists that I want and it’ll block them across all clients.
For my kids, this means it’s blocking all those pesky ads that pop up in games getting them to go and download more mind numbing and draining games…
Finally, I can keep tabs on my network traffic and see what individual devices are accessing what domains; however, this doesn’t mean that I can see the individual web pages.
I have two AGH instances setup on two different hosts, and an additional AdGuardHome-sync container that syncs between the two instances, to make sure that all settings are mirrored.
Two things. 1, unless you specifically need to run the software on a Pi, I recommend using AdGuard Home over Pi-Hole. It’s more actively maintained (not to imply that Pi-Hole isn’t actively maintained), and is going to be more of a setup once and forget type of solution.
2, the value in running a software like this is to be able to monitor your network traffic for suspicious activity, block ads, and access to malware, porn, warez, gambling, crypto, etc (especially if you have children). You can use custom blocklists like Hagezi’s threat intelligence feeds (TIF) which instantly decreases your attack vector while interfacing with the clear-net. The TIF blacklists block malware, cryptojacking, scam, spam and phishing. Blocks domains known to spread malware, launch phishing attacks and host command-and-control servers.
I very highly recommend using the Hagezi TIF lists. You can setup AdGuard very easily (mine runs off my Synology NAS), and you can easily force your entire network to use it by changing your DNS server in your router configuration page to your AdGuard Home instance IP (in my case, it’s my Synology NAS IP from within my network).
Takes a few minutes to setup, and you’re done. From there you can use the web-ui to change settings, update blacklists, and even see what your network traffic looks like: https://x0.at/D-aY.png and you can even block access to services directly: https://x0.at/QlbJ.png
Good shout. I’ve just recently moved from Pihole to Adguard Home myself, complete with Hagezi lists. I consider myself very tech savvy and I work in the field but AGH suits my needs much better.
One example is wildcard DNS to route all of my hosted services via reverse proxy. In Pihole I had to make weird blocking rules to make this work, but AGH has specific settings for it. It also supports DoH out of the box, whereas Pihole needs non-standard faffery to get it working.
Very pleased with AGH in general.
It also supports DoH out of the box
This is why I choose AdGuard Home, too.
I agree here. AdguardHome is way easier to configure and just have it work. Evidently, it’s always important to maintain, like any other software, but it is way less hands-on than PiHole.
Thanks a lot for detailed analysis!!
May I ask about difference between Adguard Home and Pi-Hole in terms of “setup once and forget”?
May I ask about difference between Adguard Home and Pi-Hole in terms of “setup once and forget”?
To put a fine point on it, its about usability. AdGuard is just a simple DNS stub resolver which acts as a middle-man between your network, and an upstream DNS resolver. Basically, your device makes a DNS request to your AdGuard instance, and it either gets filtered out by your blacklists (and never leaves your network), or its forwarded to an upstream DNS resolver (a real DNS server) and then back again. Pi-Hole does the same thing, and many many many more things. So while they would both do what you want, Pi-Hole (in my experience) is dozens of times more complicated and difficult to setup. Which is awesome–if you need all those other features.
Hmm, so basically AdGuard is streamlined for the dns-filtering usage? I was thinking of buying an raspberry pi and running pi-hole on it, can I do the same on adguard, presumably easier?
It’s mostly about the setup. Adguard you run via a container, and you’re done–it starts working as soon as you change your DNS settings. Pi-Hole takes some setup to get working.
Thanks! Adguard seems like a good fit for me, gotta set it up soon.
You can also set it up to point at unbound for either recursive resolving of DNS, or resolving over HTTPS/TLS, as right now most DNS traffic is sent over unencrypted connections, meaning your ISP can see all of the domains you are resolving.
Can’t the ISP pretty easily tell what website you are going to anyways? After all they are the one that ultimately connect you to the destination so they know the IP. Would just be one more step for them but they could figure out which domains resolve to that IP.
DNS logging is the simplest way they’d track you, so you’d limit that
Reverse DNS lookups would be less precise as well as it’d just point to an IP owned by some cloud provider, so they’d have a hard time there
But yes a privacy respecting VPN is better, however I don’t love browsing on a vpn as I hate captchas and like being able to access services I host on my local net
