help with pihole setup and tips

jata

Senior Member
Hi all,

I have decided to try using pihole installed (via docker) on my RPI4 and I know lots of folks in this community are pihole users so i'm keen to get some tips please.

So I have the pihole setup and working on my network. I used a docker stack and macvlan network config so pihole 'appears' to be running on a stand alone server. It's using an IP in my router DHCP range that I have bound/manually assigned on the router.

For initial testing, I have setup my WAN connection on the router to use pihole as the DNS server so all clients are using pihole for DNS.

My questions are:
1. pihole sees all DNS traffic/queries as coming from my router. I think this could be solved by using pihole as the dhcp server but are there other ways to achieve this?
2. should i care that i can't see individual clients in pihole?
3. what's the best way to setup on the router? I'm thinking that DNS filter might be a good approach?
4. how/what can I do with dnsmasq and pihole?
5. how can i get my router to use my ISP DNS when pihole is offline?

Anything else that i will find useful or consider?

Thanks all!
 

jata

Senior Member
but this device is a NAS as well as Pi-hole...
 

bbunge

Part of the Furniture
Hi all,

I have decided to try using pihole installed (via docker) on my RPI4 and I know lots of folks in this community are pihole users so i'm keen to get some tips please.

So I have the pihole setup and working on my network. I used a docker stack and macvlan network config so pihole 'appears' to be running on a stand alone server. It's using an IP in my router DHCP range that I have bound/manually assigned on the router.

For initial testing, I have setup my WAN connection on the router to use pihole as the DNS server so all clients are using pihole for DNS.

My questions are:
1. pihole sees all DNS traffic/queries as coming from my router. I think this could be solved by using pihole as the dhcp server but are there other ways to achieve this?
2. should i care that i can't see individual clients in pihole?
3. what's the best way to setup on the router? I'm thinking that DNS filter might be a good approach?
4. how/what can I do with dnsmasq and pihole?
5. how can i get my router to use my ISP DNS when pihole is offline?

Anything else that i will find useful or consider?

Thanks all!
Save the Pi for desert and use it as a NAS. Install Diversion on your router as it can use the same block lists as Pi-Hole.
 

dave14305

Part of the Furniture
I’ve written about this a few times, linking back to this post:
 

bennor

Very Senior Member
Anything else that i will find useful or consider?
One general method of setup is discussed in a few posts I made in other threads about setting up Pi-Hole with Asus routers.
https://www.snbforums.com/threads/pihole-dns.74646/#post-712118
https://www.snbforums.com/threads/pihole-dns.74646/page-3#post-712319

In my case I'm using Pi-hole on a couple of Raspberry Pi's. So if one Pi-Hole fails the other Pi-Hole picks up the slack. Unbound is also installed and running on the two Pi's. The Asus router (running Merlin) does the DHCP. The Pi's generally see the client traffic and I have "Use Conditional Forwarding" enabled in both Pi-Holes so client names are resolved. There are likely other ways to handle client name resolution if one so chooses. Also have DNSFilter enabled to route to the Pi-Holes as well. Been using this setup for a few years now, works well for the most part.

Just note that while Asus may recommend using the Pi-Hole IP addresses in the WAN DNS fields, Pi-Hole's documentation does not recommend using the WAN DNS, instead just use the DHCP DNS fields.
What Asus recommends: https://www.asus.com/support/FAQ/1046062
What Pi-Hole recommends for Asus routers: https://docs.pi-hole.net/routers/asus/
 

jata

Senior Member
thanks everyone. Lots of interesting information for me to look into.

the dietpi suggestion led to to remember I have an old rock64 not doing anything so I could bring that to life as a dedicated pihole device.

Will come back here with more questions probably!

thanks again all.
 

sfx2000

Part of the Furniture
the dietpi suggestion led to to remember I have an old rock64 not doing anything so I could bring that to life as a dedicated pihole device.

Rock64 and armbian is a good choice for a pi-hole application...


They have a CLI release that's lightweight, and more than sufficient
 

jata

Senior Member
Thanks. Had my rock on Armbian with an OMV nas setup on it. Worked well but now using a rpi4 for that.

I have put dietpi and pihole on the rock. Set dhcp server on router to assign it as primary dns and using the docker pihole on my rpi4 as secondary.

so now I’m getting client identification on both piholes and everything working fine even when i reboot the rock.

just looking to optimise now. Maybe with unbound or dnsmasq but need to work out what the advantage is over how it’s working now.

thanks again everyone for the tips!
 

jata

Senior Member
One general method of setup is discussed in a few posts I made in other threads about setting up Pi-Hole with Asus routers.
https://www.snbforums.com/threads/pihole-dns.74646/#post-712118
https://www.snbforums.com/threads/pihole-dns.74646/page-3#post-712319

In my case I'm using Pi-hole on a couple of Raspberry Pi's. So if one Pi-Hole fails the other Pi-Hole picks up the slack. Unbound is also installed and running on the two Pi's. The Asus router (running Merlin) does the DHCP. The Pi's generally see the client traffic and I have "Use Conditional Forwarding" enabled in both Pi-Holes so client names are resolved. There are likely other ways to handle client name resolution if one so chooses. Also have DNSFilter enabled to route to the Pi-Holes as well. Been using this setup for a few years now, works well for the most part.

Just note that while Asus may recommend using the Pi-Hole IP addresses in the WAN DNS fields, Pi-Hole's documentation does not recommend using the WAN DNS, instead just use the DHCP DNS fields.
What Asus recommends: https://www.asus.com/support/FAQ/1046062
What Pi-Hole recommends for Asus routers: https://docs.pi-hole.net/routers/asus/
Thanks for the links/tips. Very helpful and I think I have my setup quite good now.

Have unbound as resolver on my primary DNS server (rock64/pi-hole)
DHCP using my pi-holes as DNS with router ip advertised as 'no'
DNSFilter set to 'router' with both pi-holes in the list as un-filtered

So all good.

with NextDNS I had a setting to allow affiliate / tracking links - the ads that show up at top of google search page - my wife clicks on these and thought the internet was broken :)

Is there a way to enable affiliate links or in pi-hole is it better to block them and explain that these are ads to the wife?
 

GL_Red

Occasional Visitor
Thanks for the links/tips. Very helpful and I think I have my setup quite good now.

Have unbound as resolver on my primary DNS server (rock64/pi-hole)
DHCP using my pi-holes as DNS with router ip advertised as 'no'
DNSFilter set to 'router' with both pi-holes in the list as un-filtered

So all good.

with NextDNS I had a setting to allow affiliate / tracking links - the ads that show up at top of google search page - my wife clicks on these and thought the internet was broken :)

Is there a way to enable affiliate links or in pi-hole is it better to block them and explain that these are ads to the wife?
Nextdns has some of the lists open source, here is the whitelisted domains:


or

 

jata

Senior Member
Thanks everyone.

I thought I was all done once I got pi-hole installed and working... Now I see why I was happy using NextDNS :)

I'm going to keep going as I like the idea of having control (and transparency) of what is happening/blocked/etc.

So a stupid question. Apologies... How do I add a whitelist? Do you add it as a Adlist? How does pi-hole know if something is blacklist or whitelist?
 

bennor

Very Senior Member
So a stupid question. Apologies... How do I add a whitelist? Do you add it as a Adlist? How does pi-hole know if something is blacklist or whitelist?
You can add specific domains to be whitelisted or blacklisted to the Domains page.
You can use SSH to add whitelist or blacklist domains from the Pi-hole command line: https://docs.pi-hole.net/guides/misc/whitelist-blacklist/
You can select a domain from the Query Log as well.
You can use the Adlist page to link to online ad lists then enable or disable that list(s).

Example of Domain management page:
DomainManagement.jpg


Example of Adlist page:
Adlist.jpg
 
Last edited:

bluzfanmr1

Senior Member
Thanks everyone.

I thought I was all done once I got pi-hole installed and working... Now I see why I was happy using NextDNS :)

I'm going to keep going as I like the idea of having control (and transparency) of what is happening/blocked/etc.

So a stupid question. Apologies... How do I add a whitelist? Do you add it as a Adlist? How does pi-hole know if something is blacklist or whitelist?

Unlike Diversion, there's no way to add a whitelist url via the interface in Pi-hole. If you want an easy way to add a whitelist url in Pi-hole you can do it this way, using my whitelist as an example.

SSH to the Pi-hole server and then:
Code:
curl -sSL https://raw.githubusercontent.com/anudeepND/whitelist/master/domains/whitelist.txt | xargs pihole -w

You can also do it this way with a whilelist file, which is a little more complex:

SSH to the Pi-hole server, create the file and then:
Code:
xargs pihole -w < whitelist.domains.list

To delete the list:
Code:
xargs pihole -w -d < whitelist.domains.list
 

jata

Senior Member
Unlike Diversion, there's no way to add a whitelist url via the interface in Pi-hole. If you want an easy way to add a whitelist url in Pi-hole you can do it this way, using my whitelist as an example.

SSH to the Pi-hole server and then:
Code:
curl -sSL https://raw.githubusercontent.com/anudeepND/whitelist/master/domains/whitelist.txt | xargs pihole -w

You can also do it this way with a whilelist file, which is a little more complex:

SSH to the Pi-hole server, create the file and then:
Code:
xargs pihole -w < whitelist.domains.list

To delete the list:
Code:
xargs pihole -w -d < whitelist.domains.list
Thanks for this info. much appreciated!

I wish I read this post before I went and added a whitelist url to the Adlist area along with a few blocklists. Absolute chaos as i was working from home and I blocked outlook and a load of other things.

So from this I see that you can add URL blocklists in the GUI but you need to add/manage whitelist URLs from the command line. Correct?

If so, how can you tell/see what whitelists have been added?
 

jata

Senior Member
I still have 2 months of paid NextDNS service so I have switched back to using this service and I am now taking much more time to configure and test pi-hole as a side project over the next few weeks.

I'm keen to get similar level of protection/usability as nextdns then transition to pi-hole when my paid nextdns service expires.

I was thinking of using the free nextDNS service as my secondary DNS with pi-hole as primary. What do you guys think about this idea?
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top