Raspberry Pi 5
Published in raspberrypi
Raspberry Pi 5

Setting Up Pi-hole on Raspberry Pi 5: A Beginner's Guide

This guide outlines the steps to set up and configure Pi-hole on a Raspberry Pi 5. Pi-hole functions as a network-wide ad blocker that can improve browsing speed, reduce data usage, and enhance privacy by blocking unwanted advertisements and trackers before they reach your devices. The following instructions will walk you through the entire process from initial setup to advanced configurations.

What is Pi-hole?

Pi-hole is a free, open-source network-level advertisement and internet tracker blocking application. It acts as a DNS sinkhole that protects your devices from unwanted content without requiring any client-side software. Once set up, Pi-hole works silently in the background, blocking ads before they even reach your devices.

What You'll Need

  • Raspberry Pi 5 (or any Pi with an Ethernet port - recommended for stability)
  • MicroSD card (minimum 2GB, 4GB recommended)
  • SD card reader
  • Ethernet cable
  • Raspberry Pi power supply (official recommended, or a compatible alternative with sufficient voltage/wattage)
  • Router with ability to change DNS settings
  • Basic familiarity with command line (don't worry, we'll guide you through everything!)

Step 1: Install Raspberry Pi OS Lite

  1. Download and install the Raspberry Pi Imager from the official website.
  2. Insert your microSD card into your computer using the card reader.
  3. Open the Pi Imager application.
  4. Click "Choose OS" and select "Raspberry Pi OS Lite" (we don't need a desktop environment for Pi-hole).
  5. Click "Choose Storage" and select your microSD card.
  6. Before writing, click the gear icon to access advanced options.
  7. Configure the following settings:
    • Set hostname (optional)
    • Enable SSH
    • Set username and password (remember these, you'll need them later!)
    • Configure your WiFi (if you're not using Ethernet)
    • Set locale settings (timezone, keyboard layout)
  8. Click "Save" to apply these settings.
  9. Click "Write" to flash the OS to your microSD card.
  10. Once complete, safely eject the card from your computer.

Step 2: Set Up Your Raspberry Pi

  1. Insert the microSD card into your Raspberry Pi.
  2. Connect your Raspberry Pi to your router using the Ethernet cable.
  3. Connect the power supply to boot up your Pi.
  4. Find your Pi's IP address. You can:
    • Check your router's connected devices list
    • Use a network scanner like Angry IP Scanner
    • If you configured a hostname in the previous step, you might be able to access it via <hostname>.local
  5. Make note of this IP address - you'll need it for the next steps.

Step 3: Set a Static IP Address

It's crucial to set a static IP for your Pi-hole device so that your network settings remain consistent.

  1. SSH into your Raspberry Pi by opening a terminal (on Mac/Linux) or using PuTTY (on Windows) and entering:

    ssh username@ip-address

    (Replace "username" and "ip-address" with your actual username and the IP address from step 2)

  2. Enter your password when prompted.

  3. Once logged in, update your system:

    sudo apt update && sudo apt upgrade -y

  4. There are two ways to set a static IP:

    • Configure it on your router (recommended) by setting a DHCP reservation for your Raspberry Pi's MAC address
    • Configure it directly on the Raspberry Pi (more advanced)

For router configuration, check your specific router's documentation for setting DHCP reservations.

Step 4: Install Pi-hole

  1. With your SSH session still open, install Pi-hole using the official installation command:

    sudo curl -sSL https://install.pi-hole.net | bash

  2. Follow the installation wizard:

    • When asked to select an upstream DNS provider, Cloudflare (1.1.1.1) is recommended for its privacy focus and speed, but you can choose any provider you trust.
    • Accept the default options for most settings unless you have a specific reason to change them.
    • Make note of the admin password shown at the end of the installation.

  3. If you want to change the admin password, run:

    sudo pihole -a -p

Step 5: Configure Your Router to Use Pi-hole

For Pi-hole to block ads network-wide, you need to set it as the DNS server for your entire network:

  1. Access your router's admin interface (typically by entering its IP address in a web browser).
  2. Locate the DNS settings (usually under DHCP, WAN, or Network settings).
  3. Replace your current DNS settings with the static IP address of your Raspberry Pi.
  4. Save the settings and restart your router if required.

Step 6: Access the Pi-hole Admin Dashboard

  1. Open a web browser and enter http://pi-hole-ip-address/admin (replace with your Pi's actual IP address).
  2. Log in with the password that was provided during installation.
  3. Explore the dashboard to see real-time statistics on your network's DNS queries and blocked ads.

Step 7: Enhance Your Pi-hole Setup (Optional)

Install DNS-Over-HTTPS for Added Privacy

For enhanced privacy, you can set up DNS-Over-HTTPS with Cloudflared:

Cloudflared Setup:

  1. Download and install Cloudflared for Raspberry Pi 5 (ARM64 architecture):

    wget https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-arm64
sudo mv -f ./cloudflared-linux-arm64 /usr/local/bin/cloudflared
sudo chmod +x /usr/local/bin/cloudflared
cloudflared -v

    Note: For other architectures, follow the instructions at Pi-hole's official documentation.

  2. Create a dedicated user to run the daemon:

    sudo useradd -s /usr/sbin/nologin -r -M cloudflared

  3. Create a configuration file for Cloudflared:

    sudo nano /etc/default/cloudflared

  4. Add the following content to the configuration file (these are the command-line options that get passed to Cloudflared on startup):

    # Commandline args for cloudflared, using Cloudflare DNS
CLOUDFLARED_OPTS=--port 5053 --upstream https://cloudflare-dns.com/dns-query

  5. Update permissions for the configuration file and binary to allow access for the cloudflared user:

    sudo chown cloudflared:cloudflared /etc/default/cloudflared
sudo chown cloudflared:cloudflared /usr/local/bin/cloudflared

  6. Create the systemd service file:

    sudo nano /etc/systemd/system/cloudflared.service

  7. Add the following content to the service file:

    [Unit]
Description=cloudflared DNS over HTTPS proxy
After=syslog.target network-online.target

[Service]
Type=simple
User=cloudflared
EnvironmentFile=/etc/default/cloudflared
ExecStart=/usr/local/bin/cloudflared proxy-dns $CLOUDFLARED_OPTS
Restart=on-failure
RestartSec=10
KillMode=process

[Install]
WantedBy=multi-user.target

  8. Enable and start the service:

    sudo systemctl enable cloudflared
sudo systemctl start cloudflared
sudo systemctl status cloudflared

  9. Test that Cloudflared is working properly by using the dig command:

    dig @127.0.0.1 -p 5053 google.com

    You should receive a response similar to this:

    ; <<>> DiG 9.11.5-P4-5.1-Raspbian <<>> @127.0.0.1 -p 5053 google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12157
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 22179adb227cd67b (echoed)
;; QUESTION SECTION:
;google.com.                    IN      A

;; ANSWER SECTION:
google.com.             191     IN      A       172.217.22.14

;; Query time: 0 msec
;; SERVER: 127.0.0.1#5053(127.0.0.1)
;; WHEN: Wed Dec 04 09:29:50 EET 2019
;; MSG SIZE  rcvd: 77

    This confirms that Cloudflared is correctly functioning as a DNS-over-HTTPS proxy.

  10. Update Pi-hole to use Cloudflared:

    • Go to Pi-hole admin interface
    • Navigate to Settings > DNS
    • Uncheck all upstream DNS providers
    • Add a custom DNS server: 127.0.0.1#5053
    • Save

Install Tailscale for Remote Access

To block ads on your devices even when you're away from home:

  1. Install Tailscale:

    curl -fsSL https://tailscale.com/install.sh | bash

  2. Authenticate your Raspberry Pi:

    sudo tailscale up --accept-dns=false

  3. Follow the URL provided to authenticate your device to your Tailscale account.

  4. Note the Tailscale IP address assigned to your Raspberry Pi.

  5. When you're away from home, connect your devices to Tailscale and configure them to use your Pi-hole's Tailscale IP as their DNS server.

Set Up Automatic Updates

Create a simple script to keep everything updated:

  1. Create an update script:

    sudo nano /usr/local/bin/update-pihole.sh

  2. Add the following content:

    #!/bin/bash
# Update system packages
apt update && apt upgrade -y

# Update Pi-hole
pihole -up

# Update Cloudflared (if installed)
if command -v cloudflared &> /dev/null; then
    # Use the built-in update command
    cloudflared update
fi



# Update Tailscale (if installed)
if command -v tailscale &> /dev/null; then
    tailscale update
fi

  3. Make it executable:

    sudo chmod +x /usr/local/bin/update-pihole.sh

  4. Set up a cron job to run it weekly:

    sudo crontab -e

  5. Add this line to the file:

    0 2 * * 0 /usr/local/bin/update-pihole.sh > /var/log/pihole-update.log 2>&1

    (This runs the script every Sunday at 2 AM)

Create a Disable Pi-hole Bookmark

For those times when you need to temporarily disable Pi-hole:

  1. Create a bookmark in your browser with this URL:

    http://pi.hole/admin/api.php?disable=300&auth=WEBPASSWORD

  2. Replace WEBPASSWORD with your actual Pi-hole admin password and 300 with the number of seconds you want Pi-hole to be disabled (300 = 5 minutes).

Step 8: Customize Your Block and Allow Lists

One of Pi-hole's most powerful features is the ability to customize which domains are blocked or allowed through your network. By default, Pi-hole comes with a basic set of blocklists, but you can significantly enhance its effectiveness by adding additional curated lists.

Block Lists (Deny Lists)

Block lists (also called deny lists) contain domains that Pi-hole will prevent devices from accessing. These typically include advertising servers, trackers, and potentially malicious domains.

Some excellent resources for block lists include:

  1. The Firebog (https://firebog.net): This website categorizes various curated lists as "tick" (safe to use) or "non-tick" (may cause issues with regular browsing). The tick lists are generally safe for most users.
  2. StevenBlack Hosts (https://github.com/StevenBlack/hosts): This repository maintains several comprehensive host files that combine multiple sources. The unified hosts file contains over 163,000 entries: https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts

To add a new block list:

  1. Go to your Pi-hole admin dashboard
  2. Navigate to "Adlists"
  3. Enter the URL of the list you want to add (e.g., https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts)
  4. Click "Add"
  5. Go to "Tools" > "Update Gravity" to update your lists

Allow Lists (White Lists)

Allow lists contain domains that should never be blocked, even if they appear in your block lists. This is useful for services that might break if certain domains are blocked.

Some excellent resources for allow lists include:

  1. Pi-hole Discourse Forum (https://discourse.pi-hole.net/t/commonly-whitelisted-domains/212): A community-maintained list of commonly whitelisted domains.
  2. Anudeep's Whitelist (https://github.com/anudeepND/whitelist): A comprehensive collection of whitelists categorized by purpose, including:
    • Domains required for basic internet functionality
    • Common services that might break with ad blocking
    • Optional but commonly used services

Common domains you might want to whitelist include:

  • Domains required for services like Microsoft Office, Windows updates, or smart home devices
  • Domains needed for website functionality that might be mistakenly blocked

To add domains to your allow list:

  1. Go to your Pi-hole admin dashboard
  2. Navigate to "Domains" > "Whitelist"
  3. Enter the domain you want to whitelist
  4. Click "Add to Whitelist"

Finding Balance

The key to an effective Pi-hole setup is finding the right balance between blocking unwanted content and maintaining functionality. If you add too many aggressive block lists, you might end up breaking legitimate websites or services.

If you notice a service isn't working correctly after adding new block lists:

  1. Check the Pi-hole query log to see what domains are being blocked
  2. Add any legitimate domains to your whitelist
  3. Consider removing overly aggressive block lists

Remember that block and allow lists require occasional maintenance as services change and new advertising domains emerge. Regular updates to your lists will help maintain an optimal balance between ad-blocking and functionality.

Limitations to Be Aware Of

While Pi-hole is extremely effective, it's important to understand its limitations:

  • Pi-hole can't block all ads. Some ads are served from the same domains as legitimate content.
  • Some devices and applications have hardcoded DNS settings that bypass your network's DNS.
  • YouTube ads are particularly difficult to block with DNS-level blocking.
  • Some websites may detect ad-blocking and request you to disable it.

Troubleshooting Tips

  • If devices aren't blocking ads, ensure they're using the correct DNS server.
  • Check Pi-hole logs in the admin interface to diagnose issues.
  • If Pi-hole becomes unresponsive, you can SSH into your Raspberry Pi and restart it with sudo service pihole-FTL restart.
  • For more persistent issues, the Pi-hole community on Reddit and GitHub are excellent resources.

Conclusion

Congratulations! You now have a network-wide ad-blocking solution that enhances your browsing experience and adds an extra layer of privacy to your internet usage. As you become more familiar with Pi-hole, you can customize your blocklists, whitelist certain domains, and further optimize your setup.

Remember that maintaining your Pi-hole installation with regular updates is important for security and performance. The optional enhancements we've covered will give you even more control over your network's DNS traffic.

This article was updated on

Comments

Featured Posts

Recommended Topics

powered by rc6.org