Setting up pi hole

Shaunak Pandit

2 min read

written: 2024-12-28

TLDR:

  • Existing home network results in majority of troubleshooting during installation
  • ISPs supplied hardware does not usually allow DNS forwarding, and if so, it has restrictions about forwarding through internal DNS

INTRO:

Over this past Christmas break I wanted to gift my parents the internet privacy by installing a raspberry pi running pi-hole and unbound. Like all home networking projects, this implementation came with certain unique issues

What is pi-hole?

A pi hole is basically a pretty fancy firewall. From a high level look, we route all home network traffic (in and outbound) through this pi-hole service, and it blocks content from domains that are associated with ad services or are found to be malicious. The benefit of this is 2 fold...

  1. provides an ad free web browsing experience from home
  2. speeds up our internet by freeing up bandwith that would have been used by rendered ads.

Pi-hole manages a few lists of domain "blocklists", all of which are configurable through a nifty GUI. These blocklists define which domains should be blocked and are open source as well as community managed. Feels trustworthy enough to me!

What is unbound?

Unbound is a self hosted DNS service! Now this begs the question... what is a DNS service? While my understanding may be slightly lacking, a fair description would be yellow pages of the internet. Two popular ones are Google (8.8.8.8) and Cloudflare (0.0.0.0). When we make a request at home, the basic flow of traffic is:

  • we open our browser of choice
  • type in "instagram.com"
  • google/cloudflare steps in
    • looks through their yellow pages book for the "instagram.com"
    • fetches an associated IP address of one of their servers
    • serves it to your browser
  • instagram.com loads on your browser

While this flow is perfectly normal and has no real issues, by allowing google/cloudflare to resolve ALL of our internet requests, we are effectively allowing them to track our internet traffic. Not great!

This is where unbound steps in, it serves as a self hosted yellow pages. When making a request, we call unbound to resolve the DNS request! An additional advantage of self hosting this service is that we can cache fetched pages (store the client rendered code locally) which in turn can be used on subsequent requests to that website and reduce load times. neat!

How to get started with these services at home?

PRE-REQS:

  • any singleboard computer
  • a router/modem that allows ip reservation and custom DNS setting (setting a custom primary DNS)

if you have a router/modem supplied by your ISP, there is a good chance it will not support the required features. If this is the case, as it was for me, you'll have to get a new modem/router. While I encourage doing your own research, I can vouch for the Arris Surfboard S33 modem with 3 erro 6e wifi mesh routers

Guide:

  • flash dietpi to a micro sd card
  • flash to device and follow setup steps
    • opt out of anything optional
  • when asked to install software, select pi-hole and unbound
  • install software
    • unbound requires no manual setup
    • pihole requires following in install guide, it is quite good and easy to follow
      • the last page will show a password, write this down as it is only shown once.
        • if you forgot pass, you can clear it with pihole -a -p
      • pi-hole will ask about a static ip, feel free to skip this and address later
  • Create an IP reservation for the device running the pi-hole in your router web portal or app.
  • setup a custom DNS record with the IP address of the server running pi-hole

Read more