Pihole

From regional-training
Revision as of 23:55, 14 August 2022 by Ralph (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

overview

The Pi-hole® is a DNS sinkhole that protects your devices from unwanted content, without installing any additional client-side software.

It contains:

  • (its own) dnsmasq - a lightweight DNS and DHCP server
  • curl - A command-line tool for transferring data with URL syntax
  • lighttpd - web server designed and optimized for high performance
  • php - a popular general-purpose web scripting language
  • AdminLTE Dashboard - premium admin control panel based on Bootstrap 3.x
  • sqlite3 - SQL Database engine

The database is used to contain white and blacklisted domains.

It implements a DNS via dnsmasq, and optionally a DHCP server.


See also some comparisons [1][2] and overiew [3]

goal

The intention is to wire this in as the DNS server for my Mikrotik router, and maybe optionally look at using it for DHCP at some date in the future.

blacklists

Items provided by the blacklist, or via the group lists are used to match and block names that you want to resolve to 0.0.0.0 (null ip address) so they are inaccessible.

pihole comes with a default list (appearing as the first group) which manages to block a lot of unwanted sites.

See the following for a large list of additional filter groups:

whitelists

You can unblock names by including them in the whitelist.

installation

  • prerequisites
apt install git
  • ensure that nginx is not listening on port :80 sicne default installation is of lighttpd listening on port 80
vi /etc/sites-available/security.arising.com.au etc
  • clone repo
cd /usr/src
git clone --depth 1 https://github.com/pi-hole/pi-hole.git
  • install
cd pi-hole/automated\ install
./basic-install
  • change the admin password with
pihole -a -p

configuration

The pihole server DNS forwarded is to be configured to use CloudFare DNS 1.1.1.3 which is a family safe DNS that filters out malicious name and pornographic domain resolutions.

A few files get overwritten on your pihole server during installation.

  • make sure your router is being used for default resolution (in cases where your router DNS has static entries)
$ vi /etc/resolv.conf
nameserver 192.168.88.1
  • make sure that the dhcpcd.conf is using your router DNS and not the ones supplied during configuration
$ vi /etc/dhcpcd.conf
 static routers=192.168.88.1
 static domain_name_servers=192.168.88.1

port

Pihole uses the lighttpd web server to provide the /admin path.

If the port 80 is in conflict with your other needs it can be moved:

  • vi /etc/lighttpd/lighttpd.conf and change like follows:
# RBH moved to port 8100 (from 80)
server.port = 8100

router

🚩 If your router is capable ...

After installing and configuring pihole you then configure your Router DNS server/client to point to your (static) pihole DNS server, that way all your network devices will have domain and host resolution performed by the static DNS within the router, or the cache, or if not present via the pihole server. If both pihole servers time-out, then the router will forward the name resolution to the dynamically configured external DNS server(s).

disable

You may disable pihole via [4] 

systemctl stop pihole-FTL
systemctl disable pihole-FTL

uninstall

pihole uninstall

remove

rm -rf /etc/.pihole /etc/pihole /opt/pihole /usr/bin/pihole-FTL

PXE

This is a future research project towards providing network boot.

bibliography

references

  1. compare ad blocker https://home-assistant-guide.com/2020/09/26/adguard-home-vs-pi-hole-2020-two-ad-and-internet-tracker-blockers-compared/
  2. utube comparison https://youtu.be/6wToQrcvkF8
  3. pihole overview https://docs.pi-hole.net/
  4. disable pihoe https://www.reddit.com/r/pihole/comments/o5egx0/how_to_stop_pihole/

categories

[[category:Network]

Retrieved from ‘https://regional-training.org:443/rt-dir/index.php?title=Pihole&oldid=462