Pi-Hole (ad blocking DNS server) Controller

Posted on
Tue Oct 01, 2019 9:28 am
kw123 offline
User avatar
Posts: 6583
Joined: May 12, 2013
Location: Dallas, TX

Re: Pi-Hole (ad blocking DNS server) Controller

if you can not do ssh after setup you need to first enable ssh in
sudo raspi-config

ssh is disabled by default when you download the SSD from raspberry


Karl

Posted on
Tue Oct 01, 2019 11:41 am
autolog offline
Posts: 2957
Joined: Sep 10, 2013
Location: West Sussex, UK [GMT+1]

Re: Pi-Hole (ad blocking DNS server) Controller

FlyingDiver wrote:
Are you sure you enabled ssh on the rPi? It's not enabled by default.

Yes, I think you are correct - I now seem to recall that I had a monitor and keyboard plugged into it when I set it up. I will have to do that again to sort it out. :)

Posted on
Tue Oct 01, 2019 8:36 pm
Ramias offline
Posts: 146
Joined: Nov 24, 2015

Re: Pi-Hole (ad blocking DNS server) Controller

I love my RasPi's.

But I run Pi Hole in a docker container on my qnap. night and day difference in reliability. I think it was probably IO on the RasPi SSD card, but didn't debug it that much since the container is so easy and reliable.

Posted on
Thu Oct 03, 2019 6:11 am
DaveL17 offline
User avatar
Posts: 5013
Joined: Aug 20, 2013
Location: Chicago, IL, USA

Re: Pi-Hole (ad blocking DNS server) Controller

I've been thinking about this problem from the standpoint of WAF damage points.

Why not set the preferred DNS to 10.0.1.123 (the piHole) *and* also set one for 10.0.1.1 (or whatever the default DNS is)? Then the client would first attempt to use the piHole and if that didn't respond, wouldn't it then fall back to the default and motor happily along? This, of course, presumes that you want the client to connect in "ad space" if the piHole was down.

I came here to drink milk and kick ass....and I've just finished my milk.

[My Plugins] - [My Forums]

Posted on
Sat Oct 05, 2019 6:02 am
Professor Falken offline
User avatar
Posts: 293
Joined: Mar 29, 2015

Re: Pi-Hole (ad blocking DNS server) Controller

DaveL17 wrote:
I've been thinking about this problem from the standpoint of WAF damage points.

Why not set the preferred DNS to 10.0.1.123 (the piHole) *and* also set one for 10.0.1.1 (or whatever the default DNS is)? Then the client would first attempt to use the piHole and if that didn't respond, wouldn't it then fall back to the default and motor happily along? This, of course, presumes that you want the client to connect in "ad space" if the piHole was down.


I think you are responding to me here Dave, though I'm not completely sure. If not, feel free to disregard.

Your solution might be worth trying. But I think what would happen is, the content blocked by the pi-hole would get loaded by the secondary DNS server, thereby defeating the purpose.

Running it through Indigo was a perfect solution, because it gave a dead simple way to disable it when it was interfering with browsing, etc. (strangely, that never happens to me-- I guess I don't frequent the tracking required sites). Basically the plugin allowed the WAF to go high enough for me to get away with deploying it on our network. I made a nice little toggleable icon on the main home Indigo dashboard that was easy to press if someone needed it off. Even had it turn back on every midnight if someone forgot to turn it back on.

The kids even loved it because it radically cut down on ad clutter in iOS games as well. But unfortunately, the connection to Indigo was one of the things that seemed to fail when it locks up (the other was my ability to easily SSH in to the pi, as well as the browser based dashboard). Oddly, it keeps right on blocking mostly unperturbed, though I think it might over-block a little in thast circumstance.

I've been testing some options for the past week or so by putting the home router back to "regular" DNS servers, but I changed my phone (and only my phone) to the pi-hole-- you can do that for individual wifi connections in iOS. It has been working fine, which kinda makes me wonder if it's a volume problem-- that is, if the pi is hit with too many requests from a busy, very connected house, does it get overwhelmed or something?

I've seen a few comments online that a weak spot on the pi's may be the microSD card. I'm pretty sure I set this one up with a high quality card, but it might be worthwhile to see if redoing it with a different card might help.

Thanks for the suggestions.

Posted on
Sat Oct 05, 2019 6:22 am
DaveL17 offline
User avatar
Posts: 5013
Joined: Aug 20, 2013
Location: Chicago, IL, USA

Re: Pi-Hole (ad blocking DNS server) Controller

Professor Falken wrote:
I think you are responding to me here Dave, though I'm not completely sure.

I was approaching it from a "the pi-Hole is locked up which will cause WAF damage points" perspective. I'm thinking that having the client fall back to a "wide-open" DNS server (with all its ads and cruft) is preferable to having the client not be able to connect at all. I'm thinking that the client will always use the first DNS server in the list, so the pi-Hole would always be the one used (unless it was down.)

This makes me wonder, too, whether there's a way to send an alert message to the client to let them know that they're being tracked when that happens.

I came here to drink milk and kick ass....and I've just finished my milk.

[My Plugins] - [My Forums]

Posted on
Sat Oct 05, 2019 6:45 am
Professor Falken offline
User avatar
Posts: 293
Joined: Mar 29, 2015

Re: Pi-Hole (ad blocking DNS server) Controller

I hear ya, thanks.

Here's the scenario...

1) Wife wants to connect to some blocked site (say, for example eBates, which appears to be REALLY bad for trackers).

2) Pi-Hole correctly blocks this tracking heavy site (even when it is locked up, it still somehow executes its core function and blocks).

3) Wife, now slightly annoyed, tries to temporarily disable the pi-hole using the Indigo dashboard icon, which fails because that's something that doesn't work when it gets into this state.

4) Chaos ensues.

Since the dashboard also locks up, as well as SSH access, it's a bit of a process to get it disabled, especially if I'm not around. That's why for now, I've reset most of the network to generic DNS servers (via the router) and am just running the pi-hole for my phone.


Strangely, this all worked well for around 6 months. Not really sure what changed. I updated the pi-hole software when it started happening, but that didn't fix it.

Posted on
Sat Oct 05, 2019 7:45 am
DaveL17 offline
User avatar
Posts: 5013
Joined: Aug 20, 2013
Location: Chicago, IL, USA

Re: Pi-Hole (ad blocking DNS server) Controller

Got it. I somehow missed that the pi was still blocking when it was unreachable by Indigo. I thought it was completely unresponsive.

Therefore, my suggestion is totally OT. :D

I came here to drink milk and kick ass....and I've just finished my milk.

[My Plugins] - [My Forums]

Posted on
Sat Oct 12, 2019 9:02 am
Ramias offline
Posts: 146
Joined: Nov 24, 2015

Re: Pi-Hole (ad blocking DNS server) Controller

It is called "Pi Hole" because I think Raspberry Pi was the original targeted platform. But the IO is probably too much for the SD Cards. Run it on another system (try a docker container on your Mac -- pihole/pihole is the official one) and it will run so much better.

Posted on
Sun Oct 13, 2019 6:20 am
Professor Falken offline
User avatar
Posts: 293
Joined: Mar 29, 2015

Re: Pi-Hole (ad blocking DNS server) Controller

Ramias wrote:
It is called "Pi Hole" because I think Raspberry Pi was the original targeted platform. But the IO is probably too much for the SD Cards. Run it on another system (try a docker container on your Mac -- pihole/pihole is the official one) and it will run so much better.


Yeah, thanks. I guess I am going to have to try something like that. Running it with just my phone using it for the DNS server didn't seem to change the behavior at all, so I guess it's not a volume of queries issue. And yesterday I swapped out transformers as an easy troubleshoot and it is already locked up again.

I think my problem with Docker on the Mac is that my OS is one too far back for it, if I remember correctly, but I'll need to check. The (strangely persistent) Insteon driver bug has kept me from constantly updating the mac mini that runs the home automation setup.

Thanks for the suggestions.

Who is online

Users browsing this forum: No registered users and 1 guest