- cross-posted to:
- lobsters@lemmy.bestiver.se
- cross-posted to:
- lobsters@lemmy.bestiver.se
You must log in or # to comment.
I’ve been thinking of setting one up for a while, if I have a home server would I be better off hosting it on that or as a separate device? What are the alternatives to a raspberry pi? They’ve shot up in price over the years.
If you have a server running, I wouldn’t buy more hardware. They have good example documentation for just such a configuration:
https://docs.pi-hole.net/docker/
If your server already has those ports bound (specifically the DNS port 53) you are going to have to get creative; otherwise it’ll work well!
Worst case, a cheapo pi 3 will do the job. At one point I had it running on a pi zero, so hardware requirements are pretty low.
If your using docker and the ports are bound you can just use the network mode host so the container gets it’s own ip. It’s how I have adguard running on my unraid server
edit: Sorry I mixed up the details as @starkzarn@infosec.pub pointed out. It’s a macvlan configuration. My intention was to point out it’s possible. Here’s some documentation https://docs.docker.com/engine/network/drivers/macvlan/
Thanks, PoopMonster, that’s a good tip!
That’s not how that works.
network_mode: hostshares the network namespace with the container host, so it doesn’t do any NAT, it only exists on the host’s IP. It would be akin to running a natively installed app, rather than in a container.macvlannetworking is what gives a container its own IP on the logical network, without the layer of NAT that the defaultbridgemode networking that docker typically does.Thanks for the clarification I had mixed up the details and went to check my containers. You sir are correct. I added some documentation to my post regarding macvlan network creation.
I personally like it on a dedicated Pi simplly because I don’t want DNS to die if i’m doing other server maintenance. the Pi is pretty much set it and forget it.
But i guerss you might as well try it on your server first and you can always buy a Pi if you find it to be too much of a pain.
I put it onto my home server and it is working great. I can’t tell you about all the options, but it was so easy to start another VM for it that I didn’t look at other options too carefully.
if you’ve already got something running 24/7, you could just put it there. it doesn’t need much for resources.
pihole does not need it’s own box. it can run as a container (docker instructions in the official docs) or in a small vm.
i have two small vm running dietpi and used that to install pihole. i fully expected to run a few more things on them, that’s why i chose dietpi–just have never gotten that far (it’s only been like three years now).
Definitely dont bother with buying a pi if you’ve got other hardware.
I have one physical (a 3b I had no use for anymore), and two running as containers. The containers do most of the heavy lifting, since they are so much faster than a pi they respond far faster, but the physical is nice for when I take down the clusters for maintenance (or when I lose power, the clusters shut down after about 3 minutes, the pi will keep going for a while on UPS).
I have it on my Pi, and it does the job just fine. But if you have a home server with a little more power, do it there instead.
The last thing you want is your DNS to bottleneck. Never had a problem with my Rasp5, but it all depends on how many other services you try to run.
Setup and run two.
This way if one goes down, the other takes over (also makes updates / maintenance easier)
I run mine in Docker. Three containers: PiHole which resolves using Unbound, and a VPN container for Unbound.
That being said, if you routinely restart that device, or it crashes because of something else you are doing, it gets annoying real quick.
A cheap mini-PC running a low wattage n150 is a good thing to have for essential services in docker.
I run mine on a Intel N100 based mini PC from Beelink running Proxmox. It’s just about the only thing it does at the moment so I’ve had no concerns about bottlenecking.
It’s much more powerful than a pi and costs a not too dissimilar amount to one after you factor in a case, storage, power supply.
I run my main pihole on a pi and the backup on a NUC mini pc. Le Potato is a cheap pi alternative.
Don’t fall for the trap that they recommend an expensive Pi 5: I am running Pi-hole on a Pi 2 but you can basically run this on obsolete hardware, whether that’s a Pi or a PC/laptop
Can confirm. I have 10 year old pi2 that is dedicated to pi hole and even that is not utilizing all of its 1gb of memory
I’m running Pi-hole and Pi-VPN on a Zero W (using a Geekworm case w/RJ45). It’s not very taxing at all.
I also run two other Pi-hole instances in my server cluster (one in Docker and one in an LXC container). Mostly just for uptime reasons, so I can take any one of them down at any time to perform maintenance and/or upgrade.
I run mine on a PI 0. Also use it as a samba disk partition for transferring files.
No performance impacts on regular browsing? I never dared to run a DNS on a wifi only device. Or are you using some kind of Ethernet over USB thing?
I’m running mine on a pi 0. Very slight latency difference - like 2-3ms. Totally worth it for blocking 30% of garbage on average. The decrease in time it takes to load anything more than makes up for the latency. We have over 20 devices on wifi. Both my son and I play online games and the only time I blame lag is when I suck lol.
I figured the latency would be no greater then going out to default dns, maybe a bit less.
You may even be able to run it on a NAS. My NAS supports docker, which means I can run a pihole on it. I have a Pi 3b as my dedicated primary, but my NAS runs as a backup.
I recommend having two. Otherwise your home internet goes down everytime you update or reboot or it crashes.
Interesting… And this is not a criticism, simply an observation…
I’ve a single Pihole instance running on a RPi 4 and have experienced not a single instance of any of the 3 probs you mention. Except, of course, the very few minutes it takes for a reboot which I can schedule and am aware when it’s happening…
🤷♂️
Literally just had my pihole hard crash this weekend due to a bad update to FTL. Apparently they had a major version upgrade and didn’t bother to read the notes so I had to do a full OS reinstall.
Back up your configs people. Had to dig through documentation to find the sqlite file and then parse through it like some sort of animal.
Literally just had my pihole hard crash this weekend due to a bad update to FTL. Apparently they had a major version upgrade and didn’t bother to read the notes so I had to do a full OS reinstall.
The v6 upgrade was such a disaster. I was bitten by it too, it started the upgrade then halfway through decided it didn’t like my OS (debian-testing) and crapped out … leaving me with a b0rked installation. Luckily I was able to return to v5 using my system backup. It was a right pain to figure out how to restore though, because they write files all over /opt, /etc, /usr/bin, /usr/local and /var.
For this reason I have since dockerized my pihole installation. Not only does this allow you to choose the exact pihole version you want (a bare metal install only supports the latest version), but it allows you to centralize your configuration files neatly under a docker volume, so you only have to backup the volume.
I waffled back and forth on a docker install. Outside of the initial panic to reinstall the OS (Ubuntu 24.04 for me), it was relatively straightforward outside of the config. It may be worth it to dockerize it so I can git control the config but not sure how easy it is under v6. They really changed how the files are parsed.
Before pihole was essentially a frontend for dnsmasq but it seems like it’s a bit more than that now. I haven’t had the chance to look too much under the hood.
If I’m being honest, I’ve wanted to off-load pihole to my router but lack the time and patience these days. I’ve reached the point in my life where IT isn’t the most important thing anymore and just need it to work.
The box I’m running pihole on hosts several other services as well, so I dread having to reinstall everything. Most of it is dockerized, but still.
Anyway, I also waffled back and forth on dockerizing pihole when I initially installed it … but ended up going bare metal, and now I wish I would have gone docker from the start. The initial install is perhaps slightly more complicated, but it’s so much more maintainable and transportable to other devices: transfer volumes, and run your docker-compose.yml on the other box … and voila, you’ve cloned your pihole. I use that system to keep my backup pihole in sync by the way.
Before pihole was essentially a frontend for dnsmasq but it seems like it’s a bit more than that now
Indeed, it doesn’t run dnsmasq separately anymore, but somehow incorporates all dnsmasq capabilities and it still uses dnsmasq syntax config files, and can be configured to include the
/etc/dnsmasq.dconfigs.
deleted by creator
I’ve a single Pihole instance running on a RPi 4 and have experienced not a single instance of any of the 3 probs you mention. Except, of course, the very few minutes it takes for a reboot which I can schedule and am aware when it’s happening…
Yeah, I believe it can vary depending on how you host it.
In my experience whenever I brought down the PiHole instance (Docker Compose) I would lose all internet access, which is expected since I’m essentially taking away my devices one and only library, so to mitigate this I spun up PiHole on another device and set that as my secondary (backup) DNS resolver.
This way I can take a container down, update it and all without losing resolution to the internet.
Right, I didn’t have any issues running it on a pi for years too. The problems came when I started messing with things. So, really my advice is to help save people from ideas like mine.
I decided one day to take a bunch of old laptops and create a proxmox cluster out of them. It worked great, but I didn’t have a use for them, I was just playing. So, I decided to retire the pi and put the pihole on the cluster. HA for the win!
I did that and came woke up a few days later to my family complaining that they had no internet. I found the pihole container on a different node and it wouldn’t start. Turns out with proxmox you need separate storage for HA to work. I had assumed that it would be similar to jboss clustering which I’m familiar with, and the container would be on all the nodes and only one actice at a time, with some syncing between nodes. Nope.
What’s worse is the container refused to move back to the origional node AND wouldn’t start. The pi was stored away at this point so I figured it would be easier to just create a new container, but duh, no internet. Turn off dns settings on the router, bam have internet.
Eventually set up the old pi again, and it took me a while to figure out what I had done wrong with proxmox. But while I was figuring it out it was nice to have the backup.
Now I always have two running on different hardware, just in case.
The problems came when I started messing with things
🤷♂️
I just set up keepalived with a virtual IP. Nebula sync syncs them once a day. Dead simple and has been working for ages.
Raspberry Pies (is that how you pluralize it?), and especially their SD cards are not the most reliable pieces of hardware. I’ve already had a few die on me.
As for how annoying outages are, I guess that depends on how many people and services you have on your network relying on a functioning DNS. I am running two pihole instances on separate hardware in a keepalived virtual IP setup, with a replicated configuration. Sounds complicated, but it’s really easy.
It’s just nice to be able to reboot or perform maintenance on my pihole knowing it won’t impact DNS, and not having to worry about interrupting my girlfriend streaming her Netflix series or whatever. For example, just a couple of weeks ago I converted my bare-metal pihole installation to a dockerized one, which was a couple of hours of work, without any DNS downtime at all.
Raspberry Pies (is that how you pluralize it?), and especially their SD cards are not the most reliable pieces of hardware. I’ve already had a few die on me.
I grabbed a le potato with an emmc module a little while back and recently got a rock 3c with an emmc slot. I doubt think I can ever go back to microSD based SBCs. I have a good handful of pis from the first one to the 4. Each one of those has chewed up at least one card until I made a point to buy high quality microsds. They do work quite well if you don’t have them reading and writing from the card much, so if it’s just running as an appliance it should be able to last a while.
But yeah, I regularly dd my sd cards so I have a backup of a clean setup and a more recent one that I can revert to if I lose a card. Which reminds me, I should probably do that with my pihole, since it’s somehow become that one brick keeping my entire network functioning.
Mine never crashed until the latest major update, now it’s down every time I come home. Am mad
Yep, if you have somewhere to put a docker container or VM you can have redundancy.
honestly don’t find it necessary. raspberry OS basically never needs to be rebooted and if you really need planned maintenance you can just use a normal DNS server til you’re done.
Right, I never said two raspberry pis, I meant two instances. Like one pi and a container run elsewhere.
Yes especially if you’re using DHCP on Pi-hole
You specifically shouldn’t run two DHCP servers on the same network. It can cause IP conflicts when two servers assign the same address to different devices. Because the device doesn’t care which DHCP server gave it an address; It just listens to whichever one happens to respond first. And each DHCP server will have its own table of reserved/in-use addresses. And if those tables don’t match, IP conflicts can occur.
Device 1 connects to the network, and requests an IP address. DHCP server 1 checks its table of available addresses, and responds with “your address is 192.168.1.50.” It marks that address as in-use, so it won’t assign it to anything else in the meantime. Device 2 connects to the network, and requests an address. DHCP server 2 checks its table of available addresses (which doesn’t match server 1’s table) and responds with “your address is 192.168.1.50.” Now you have two devices occupying the same IP address, which breaks all kinds of things.
The largest reason to run two is because DNS queries are split amongst the primary and secondary DNS servers. If you only have a primary pihole, you’ll still occasionally get ads when devices use their secondary DNS servers.
Sorry, uh… I didn’t mean run them at the same time. I had to have a DHCP server stand in for it when I had to take that device itself down (the pi). That was ages ago. But I was still starting out!
I’ve got two piholes running on the home network, and they are both DHCP servers - with different ranges, i.e. #1 serves 192.168.0.11 - 100, and #2 serves 101-200. Each uses option 6 to specify DNS servers, and they both reference each other. It doesn’t matter if one goes down because each client will have the both piholes specified as DNS servers. I’ve never had an address conflict problem.
I suppose as long as your subnet mask is set properly, this would work? Each one could only support half as many devices, but that’s not likely to be an issue on a small home network with less than a hundred devices.
You’d only have half of your devices listed under either pihole’s DHCP client list. But at least you would have (kind of) redundant DHCP service.
Adguard Home has been absolutely rock solid for me, and it offers DoT and DoH servers so you can easily connect devices over those protocols if you want to.
Great, I recommend having two Adguard Home instances.
phrasing
I’m reasonably certain the name was intentional because of the way it could be phrased.
Raspberry Pi 1b > DietPi > Pi-hole > Unbound <3
I never hear anyone else talk about dietpi, I install that more than raspbian
Same
DietPi looks interesting, especially for a 0W and my older B+ model that’s just hanging around doing nothing…
I’m running mine in Alpine.
I played with a pi-hole setup for a bit. It was nice. I got distracted and set up NextDNS. That’s where I am now.
I like I can easily turn it on/off when I just need to do something and no time to fuss with it.
I’ve got a home server, just not fully setup and going yet, but someday…
Any thoughts on why I might do pi-hole over something like NextDNS? I think the cost is roughly $1/mo.
If that’s what you’re happy with and works for you, continue.
Personally, I’m creating an environment in which I’m not dependent on any cloud provider on the front end.
I do have a cloud backup solution for all my data files on the off chance I lose every single on-site backup and closely-held remote backups (read: not in main building but still on property…).
Just trying to get away from reliance on the existence of someone else’s computer/datacenter…
🤷♂️
Thanks for sharing the reasons for your approach.
There’s so many ways to accomplish this, such as ad guard or portmaster then add on the drivers for our choices. Finding the balance between privacy and easy of use is tough as it is. Then add in the rest of the family that’s more interested in things “just working”.
Used pihole for years. Loved it. Made the switch to nextdns a year ago. Not going back to pihole. There is nothing wrong with pihole. I got tired of all the time I spent tinkering with it. But, the biggest win for me…nextdns works when I’m off my home network. So I don’t have to deal with the whole vpn back into my home network for dns thing.
The beauty is that you can shove Pi in it of course.
Is it possible to do something like this with a newer router? My wireless-G router is finally dying after 20 years, and if I need to upgrade it’d be nice to wrap it all in one.
You can do it with any router by manually configuring devices, but one that lets you advertise the PiHole IP as the DHCP DNS option makes it a lot easier.
OpenWrt with AdGuard Home is one option. Big fan of the former, haven’t used the latter
I haven’t installed it direct on my router. I used to have it running in a container on my little proxmox server (aka old PC repurposed). I really liked the interface.
Then I was practically gifted a really nice Asus router. I flashed merlin-wrt to it and read some guide on how to install a different ad blocker. It’s really good whatever it is. I haven’t had to touch it in months, and I never see an ad.
Getting an error trying to access this:
https://den.dev/blog/pihole has a security policy called HTTP Strict Transport Security (HSTS), which means that Firefox can only connect to it securely. You can’t add an exception to visit this site.
Works for me
Perhaps it’s blocked for you.
Are you getting MITM’ed by your work WiFi or something? You should be able to connect to it securely. If that security handshake is failing for some reason, it’s a red flag that someone is likely mucking with your traffic.
My work’s filter tagged the link as “Phishing”. Seems suspicious. That said, it works fine on my personal device; got a valid certificate and everything.
Ive got a pi hole running, but I’m not sure if it’s worth the hassle. To me it feels like it breaks more things than it helps.
If it’s websites that are breaking, maybe you are using some really aggressive blocklist. Also, you can use multiple blocklists and assign clients to them however you please.
I took fell into the 7 million sites blocked trap!
What issues do you have?
Any reason to use this instead of a free NextDNS?
Local hosting
Additionally you have control over it. Sure, you don’t need local since you’re using it in conjunction with the internet. You control it though. You decide entirely what you want to trust and don’t have to delegate that trust as much.
That was a great read. Really enjoyed that.
Anyone have recs for a site that I can pick up simple hardware for this purpose. Maybe not a pi but like a nuc? Or a refurbed.
Take an old PC or laptop out of the box-o-crap, install Ubuntu server, give it a fixed IP address, install pi hole with the one line command from their website, tell your regular PC that the laptop IP is your DNS server.
This is the easiest way to play around before rolling out to your whole network.
You can try refurb NUC or mini PC on Amazon with N100 that you can find easily between $150-$200 range.
eBay for NUC. Le potato for a pi alternative.
deleted by creator
Nothing in this article describes it solving any problem that isn’t better solved by an ad blocker. In fact they even admit that you still need an ad blocker anyway. So why bother with the pi hole?
Excellent question. You can set the Pi-hole as a default DNS provider on your router which will the set it as a DNS provider for any device connected via DHCP (which in a home network should be basically everything). This means ads will be blocked across all devices and apps instead of just your browser where you installed adblock.
That means you can play free games on your phone and have no pop up ads.
You can use Netflix ads tier and crave ads tier and the pi hole blocks them It’s amazing!!
Does that also work with a VPN?
