HOWTO: Using Pi-hole DNS to block ads. The struggle continues…

This article is a work in progress. Updated: 2020-05-02. This is turning into a bit of a catch-up on the state of DNS for me.

Day 03 and 04 of #100DaysToOffload.

Intro

The war against ads continues. https://pi-hole.net/ looks like a reasonable, good, new?, open source entry in the war against ads. Get ‘yer source/install for linux at https://github.com/pi-hole/pi-hole

Per Paul Vixie

not even non-technical users need a “public DNS” to shield themselves from a lot of known-evil internet sites. check out @The_Pi_Hole or have your 12yo child or cousin install it.

..but I always make things harder.

Figure 1: pi-hole console after a few hours on my system

Figure 1: pi-hole console after a few hours on my system

What

Why

When

How

Install It

Here’s what I did to instlal

[ ] basic install
On a Linux server, the basic install is simple:
            sudo bash basic-install.sh
[ ] Static IP
But you will want a Linux box with a static IP address. This may involve, e.g., convincing your wireless router to hand out a the same static IP to a static IP
[ ] Tell other systems to use this IP for DNS
Again, probably configuring your wireless router to specify your local IP as the DNS server for DNS assignments via DHCP assignments. You could also do this by configuring the individual devices to use it.
[ ] Remember your admin password
Make note of the admin password during install
[ ] hit the local admin web server
Its a very nice. It will be at a something like http://192.168.86.230/admin/index.php.

Test It

[ ] Look something up by hand
Use dig(1) or host(1). Note the SERVER in the response below that shows where the answer came from. If it’s your IPS’s DNS or Google, try again (something’s not configured right). In my case 127.1 is right.
$ dig www.uu.net

; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> www.uu.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54721
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.uu.net.			IN	A

;; ANSWER SECTION:
www.uu.net.		299	IN	CNAME	global.mci.com.
global.mci.com.		959	IN	CNAME	wac.C449.edgecastcdn.net.
wac.C449.edgecastcdn.net. 3599	IN	CNAME	gp1.wac.v2cdn.net.
gp1.wac.v2cdn.net.	3599	IN	A	152.195.32.39

;; Query time: 59 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri May 01 19:16:11 EDT 2020
;; MSG SIZE  rcvd: 146

Tools you may want to use/learn/install

dig
for making/testing queries by hand
Wireshark
Use Wireshark to see what’s going on on the wire, who you’re talking to, etc.

The things you learn

Tune it

I’m not sure all the devices in the house are using the P-hole proxy. If they are, then they are showing up as the single device _gateway. I need to understand this and figure out if I can get other devices pulling wireless addresses via DHCP from the WAP to use the Pi-hole DNS directly. Stay tuned.

POST INCOMPLETE FROM HERE

Migrate

Burn in

Inflict it on others