Pi-hole Made EASY - A Complete Tutorial

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
in today's video we're going to talk about pyhol a piece of software for blocking ads and malware and other unwanted content on a network-wide basis now you can of course use an ad blocker in your browser and that will give you blocking in that specific browser on that specific device but if you want something that's a bit more of a blanket coverage across your network maybe to take in your iot devices things like a smart tv then pihul is the perfect app for you despite its name piehole doesn't only run on the raspberry pi you can run it anywhere you can run linux it is the perfect use case for a very old machine or for a single board computer so today i'll be using the card as a vim one s which is a single board computer i recently received and recently reviewed check my video here for that this is a board with two gigabytes of ram and 16 gigabytes of built-in storage absolutely perfect more than enough in fact for a pie pihole so let's dive into the installation i've already installed ubuntu on my vm1s and i'll be doing the installation process connected via ssh you can of course connect a monitor and a keyboard and do it that way the installation is pretty simple come to the pi hole website click on the install button i will link all this in the description below and you can copy this command here and paste it into your terminal now if you're not comfortable with this one step installer where basically you're downloading a script and piping it straight into bash which is a known security issue in many cases then there are other more manual steps that i'll link as well i've done this before this is a trusted website for me i have no issue with this approach but you should make your own so here's the decision so i'm going to copy this anyway and come into my terminal and i'm connected to my vim1s already and i'm going to paste this in and press enter to run it you're prompted for your studio password so for me that's kalas and then the installation script is going to update the catalog of packages on your machine to make sure it's up to date and then we'll go through the wizard so you get this little warning to say that this installer will transform your device into a network wide ad blocker so press ok if you find python useful you want to make a donation please do it's a great project press ok pilot is a server so it needs a static ip address there are many different ways of achieving this you can either configure the machine directly or you can configure it in your router i'm going to configure it in the router so we'll do that shortly and press continue now the cool scheme here is a little bit weird so you can't really see but this is showing all of my network interfaces i'm going to use eth0 so my wired ethernet connection i do recommend using ethernet for this you can use wireless if you have to but don't forget that all of your devices are going to be using this pi hole machine to find out where websites are so you need a very reliable connection while wired is definitely best press select you can choose the upstream provider i'm just going to choose cloudflare for now but i'm going to change that later on to something a little bit different press ok you need to bring in third-party add-lists into pihole to actually make it do anything kind of built in it's it's got no blocking it just blocks what the lists say i recommend using the default list and we'll add some more later to make the blocking even more comprehensive you can choose not to install the admin website and then you can use the command line for administration i really like the admin web interface it makes it easy to do a few different things but also you get really nice reports so i'm going to install that so you have to install a web server for the admin web interface to work you can choose to install the default one or customize it yourself if you're just building a single purpose piehole machine i recommend using the default which is what i'm going to do do you want to enable query logging i definitely do because i want to see which queries are being missed so you know if i'm if i'm hitting a website that i think should be blocked i can see that in the log so i press yes you get to choose the privacy mode so this is kind of how much information is logged do you want to show everything in the logs which is zero hide the domains hide the domains and clients or choose anonymous mode since this is a private device on my network and only i get to see it or only my family gets to see it i'm going to choose to show everything that gives me the most data to refine my blocking you can change this later so don't worry if you get it wrong press continue the installation process does take a few minutes and we faster on certain machines and slow on other machines regardless it does take a little bit of time so now's a perfect time to grab a coffee or a break at the end of the installation you'll be shown this kind of summary page that tells you what the ip address of the machine is but also what the admin login password is so make sure you keep track of that then press ok and just in case you didn't get the admin password it is actually shown here in the output of the installation process you can copy and paste it somewhere safe so at this point you have a working pie hole and you now need to integrate it into your network and i like to do this in stages and it's important to kind of understand how pihol works the way it does its blocking is when you make a web request to a certain website say google.com you have to resolve that name google.com into an ip address and pihole acts as a dns server a resolver for those names dns's domain name service and it blocks by returning an empty address for the domains it wants to block and you can do this progressively so we can test from this machine first it's even working then we can make just this machine use pi hole for blocking and then we can make our entire network use pi over blocking and i think when you're getting started that's a nice way to roll this out so the first thing to do is in this screen here we can just run a quick test using the dig command which is a way to look at domain names so i'm going to use dig at and then 127.0.01 which i want to use the local machine is the as the dns service and let's just look up youtube.com so that tells me that the the domain name server on this uh python is working and it's giving me this ip address for youtube.com now i want to make my mac use this pie hole as the domain name server so it's a way to do that is to come into system preferences come to network and in whichever connection you're connected to i've got connected to wi-fi here so i'll come to advanced come to dns these are my default dns servers this here is my current pi hole so not the one i'm reinstalling right now my other pi hole i'm just going to press plus here that wipes out the the default settings i'm going to replace it 192.168.1.75 which is the ip of my new pi hole and i can check that with ipa and if i come to where e0 is here i can see that that's the ip address if you're on windows or you're on linux then the process for setting a dns server for your device will be different but the premise is the same find your network connection find the dns settings and then override them with the ip address of your pi hole and of course it's very likely that the ip address of your pi hole will be different than the ipad 3s i have here so now that my mac is plugged into the new pi hole it's time to test the ad blocking and the easiest way to do that is to come to the browser so back in my browser here let's just close that down i'm going to come to do a search for something i want to buy so i've actually been looking at buying a yeti cooler and you can see all these little ads here from google and if i press on one of them it's blocked and what's happening here is that this domain name googleadservices.com is being blocked by the python in fact if we just take the domain name copy it to our clipboard and come back to the command line here and do the same thing with dig so dig at 127.001 and this time googleadservices.com you can see it's returning this zero zero zero that's the empty domain so it's basically saying there's nothing here and that's essentially how the blocking works once you're happy that your device is working and you want to roll this out to your network it's time to undo what we just did so now we want that default domain name server to be the pi hole the exact steps needed to do this will differ based on your router model but the premise will probably be the same it's most likely that your network is configured to hand out a particular dns server to all of your devices using something called dhcp and what you can do is tell your router to hand out a different dns server via dhcp which is what we're going to do now i will show you how this works on my router which is a unifi setup it will be different for your router but you're doing the same process just with a different ui so here i am in my default network on unifi and if i come down to the advanced configuration section of my dhcp setup you can see here it says dhcp dns servers and what i will do is change this 222 my current pihole server to 175 my new pile server i'm not going to save that here because i'm going to ruin everything for everybody in my house i've already got like a complex pile set up but that's what you would do you can configure these four back servers if you want and this can be quite handy as a rollout step if you're not completely certain that your pie hole install is going to be very robust i would normally get rid of these but i've been testing a new pi hole recently so i put them back in so again i'm not constantly getting calls for tech support from the family while you're in the configuration for your router it can also make sense to configure the static ip address for your device again this will differ based on your router model but let me show you how i do it in unify so the nice thing with unify is i can come to the list of client devices i can type in the ip address of the of the pi hole press on it come to settings and then tap fixed ip here so i'm going to do that now and this will reserve that ip address for this device in my dhcp setup so each time i connect this device it's always going to get the ip address now you can absolutely absolutely set a fixed ip address directly inside ubuntu but you're going to find that the way you do that differs on every different operating system so i really like to assign all my fixed ips in my router because it's the same regardless of what device i'm using your mileage may vary and apply the change for that so now that we've set the device up network wide we would go back to our settings in system preferences come back into the network here come to advanced come to dns and basically undo this you can press minus here to get rid of that remember that i haven't applied this pie hole on my network yet so i'm going to leave this in place for the video but that's what you would do to roll this out everywhere so now you've got a fully working pie hole it's been given its fixed ip address it's been applied as the network wide dns server and you could absolutely stop here you've got the default blocking list so you're already getting some content and ad blocking and i do recommend that maybe for a week or so that you just leave the default configuration in place while you get used to what the pilot does to your network traffic but after you've had it in place for a little while you'll almost certainly want to tweak the blocking and you'll almost certainly find that there are a few little issues issues with browsers like chrome and certainly issues for day-to-day browsing for certain people on your network so let's take a look now at how we add additional blocking then we'll take a look at how we remove blocking and then we'll take a look at how we fix this issue with chrome so to add new block lists you first have to come to the admin panel so to do this i'm going to type in the ip address of my new high hole which is that and you get a link here to go to the admin panel remember we're going to type in the password which i saved to my clipboard so press login and the moment you log in you start to see actually already on this this one device that's using this pie hole i've had 79 queries four of them in blocks and i've blocked about five percent of the queries and this is how many domains i have on the ad list 138 289 and i want to add more lists to that the first question is where do you get the list from well there's a website called firebog.net that collates like well-approved lists so if you come to firebog.net the big block list collection you can see there's a huge set of lists here the ones with ticks are pretty safe to use they're not going to disrupt your browsing experience too much the other ones your mileage may vary they may have blocks that break certain websites that break certain apps i've been using day-to-day the full set of approved lists and i don't have too many issues to get them as an easily copy and pastable format you can come to this link here the csv versions found here and i just choose ticked lists this is all the lists that i'm running so you can just copy that entire thing come back to your pie hole in the side menu here let me just make that a little bit bigger in the side menu here it says add lists and you can just paste them into this address bar here press add and it's successfully added all of those lists close that down now you can see that all those lists are in there but what you'll notice is it doesn't actually apply immediately and you need to run this command pi hold dash g to update the database internal to pi hole to reflect the content of those lists so let's come back to our terminal clear the screen a little bit and we'll run pi hold dash g type in our password again this doesn't take too long okay so with that done if you come back to the admin console you'll see that it actually doesn't update the number of domains in the ad list i found that i have to restart a few more things for this number to be updated so to do that just come to settings scroll down and click restart dns resolver yes restart dns then come to dashboard and you'll now see it reflects a new number so just over 400 000 different domains being blocked if you think about that that's quite quite a lot of network traffic being wasted on things you don't actually want to see on your network so the very first thing that happened to me after deploying python on my network is that my wife complained that websites she wanted to access were no longer accessible and let me show you specifically the use case that we had which is if i come to google again and search for my yeti cooler she wanted to click on these ads now i don't want to click on them and of course if she clicks on them they're going to be blocked so how do you unblock either one domain or many domains on a per device basis well the easiest way i think is if you have certain people who don't want to have blocking at all you can just disable the pi hole for them completely let me show you how that works so come back to the dashboard and then click groups in the side menu and i'm going to create a group here for no blocking i'm going to press add so that's amazing no blocking and now what i want to do is come to clients i'm just going to find this machine so i'm going to come to the known clients here and i'm 192.168.1.125. that's me here on this laptop i'm going to press add so now i've got a specific pull out of this client and i'm going to say this rob's laptop and the default assignment is i'm added to the default group what i want to do is add myself to the no blocking group and remove myself from the default group so press apply so now this laptop is going to have no ad blocking applied to it and if i come back to my search results here and now try to press on the add it brings up the getty cooler that i might want to buy so this is a fairly extreme way of allowing just one or maybe a small handful of domains to be seen by a particular device because i've now opened up the entire world again for that device and i'll show you what i mean so if i come back in here i can obviously click on the yeti link and see the app and see the ads but if i also come to the independent website i'm getting these ads in this little box here but i'm not able to block them because i've basically opened up the world for this device what i want to do is allow just the google url and block everything else and the best way to do that is to create a dedicated group for this machine block everything and then allow just a few things so i'll show you how i do that so first of all come back into groups make sure you've got your non-blocking group here and then in add lists you want to choose for every list which group it applies to i'm just going to choose one or two for now but you can obviously go through and do them all by hand so these two block lists in here and now i'd expect that the independent ads will be blocked because that's blocked by this list here so if i come back here and press refresh they're not blocked now this this will drive you mud if you don't know what's going on here the browser has cached the result of the dns look like up here so it's not even asking the pie hole for the domain name for these ads to check that you really have got this right open up a privacy window visit the website in question do all of the gubbins that we have to do and we'll see that no ads appear so a fresh session will now be talking to the pie hole you're not seeing the caching of the browser so we've re-enabled the blocking on the independent ads but have we also preserved the not blocking of the yeti ads well let's see if we come to yeti cooler in this privacy window to make sure we're getting no dns caching from the browser and click on one of these ads we can see that we've blocked that again we now need to enable just that url so come back what i want to do is just hover over this and see that in this case it's adtmt.com so i'm just going to take adtmt.com come back to my control panel come to domains under domain to be added i'm going to paste that one in and you almost certainly want to choose add domain as wildcard because you want all of the sub domains as well things like www dot and so forth so press that and then choose add to white list so this will allow this domain to be let through now this is doing in this in the default group i actually want this in the non-blocking group so i'm just going to choose just that group press supply so now i'm allowing adtmt.com for devices in the no blocking group i also happen to know that some of the google ads come up under another domain google adservices.com so i've added that to my whitelist as well making sure it's in the no blocking group and not the default group so press apply and then if i open up a new privacy window come to the independent website see that the ads are still blocked but open up the yeti cooler search accept and then click on this here and see that we're able to get through to the search results now one thing you can try is leaving everything blocked in the default group and selectively adding your clients to another group that only has the allow list or the white list i've had mixed results with that sometimes it seems to work and sometimes it doesn't i think there's an ordering issue so i much prefer creating these discrete groups where i can assign each client to just one group and make sure that that's the experience they get let's now turn our attention to chrome and the issue with chrome is that in many cases it can bypass your pi hole let me just show you what i mean so here i am in safari and i've got the independent website open and none of the ads are showing if i come to chrome and let's just open a privacy window to make sure we don't get any caching go through the the jump here and i get an ad it's the same machine same dns configuration chrome shows the ad safari doesn't so what's happening here well the issue here is that chrome where it can will not use traditional dns it will use something called dns over https which is a much more secure much more privacy preserving protocol than basic dns but it has the downside that your pi hole can't intercept it when chrome does this depends on how you've configured dns for your machine if the only dns server given to your machine is your pi hole chrome will not use dns over https so it will absolutely honor the pi hole settings if you have set up multiple dns servers and one of them can support dns over https then chrome will probably use that one and will bypass your pi hole completely obviously the easiest solution here is to only have one dns server and have that be your pi hole but if you do want to have a fallback but you don't want chrome to use https dns then you can turn it off so come into settings come to privacy and security scroll all the way down come to security come all the way down and just disable use secure dns so with secure dns disabled if i open up another privacy window in chrome and come to independent.uk press agree and you'll see no ad appears now you might think well that's great but do i really want to disable secure dns and the answer is probably not it is a worthwhile feature even though it has this downside but you can replace it with network-wide secure dns using another piece of software called unbound let's see how to do that so for this i want to refer to this amazing guide from barton bytes which is really really useful i will link this below but it's a very simple process we're going to first of all install these two packages on our pihole server so sudo apt install dash y for yes unbound and dns utils type in the password so you'll probably see that it's a status failure don't worry about that that's because there are now two dns servers on this machine and they're trying to to share the same port we're going to fix that we're going to fix that by taking the config that this website recommends so we'll use citywidget and we're going to put it in the right place so let's run that command and it will fail at least on my ubuntu and the version of ubuntu that i'm on because this folder does not exist and it is in fact rather than just conf.d it is unbound dot conf dot d so run that now we have the right config file in place we can restart unbound and it should start successfully this time so sudo system ctl restart unbound great and if we just check the status you can see it's now running that's perfect you might also want to make sure it starts up automatically so we'll do enable we'll do enable unbound as well studio system ctl enable unbound so now it will start when the pi hole starts using dig we can check that this is actually working so 127.001 again and we want dot one check google.com but this time we want to make sure we use the port that we've assigned to unbound which is five five three three that's in the config file we downloaded so that's actually working now we need to tell pihole to use this unbound server for all of its outbound dns really simple come to the admin console come to settings come to dns and disable what you selected whatever you selected in the wizard before we reflected here so i selected cloudflare so i'm going to disable those two and then scroll down here and it says custom one so i'm gonna do one two seven zero zero one and then you gotta do a hash and then the port number is five five three three tick that and press save all the way at the bottom and you can just check that that's still working by coming back here getting rid of the p let's choose something new let's check like youtube.com and you can see it's now working so now what i've got is all the devices in my network talking to the pi hole and i've even disabled the secure dns in chrome so it's it's picking up the pi hole and the pi hole is doing its onward dns requests using the secure protocol rather than the insecure traditional dns so there we go that's how to install pi hole how to configure custom blocking lists how to make sure things like chrome work how to opt out for certain devices for the blocking behavior and generally just to improve your network experience i do think that piehole is an excellent addition to any network it can run on any old computer it takes maybe 30 minutes of just concerted effort to get it installed get it all configured correctly get it in your router get the blocking as you want it and then you're gonna have a much faster internet experience at home because you're downloading much less content and the content you are downloading isn't decorated with ads and malware and other annoying things i hope you found this video useful if so please hit like please hit subscribe maybe hit the bell as well don't miss out on your future content thanks so much for watching and i'll see you in the next video
Info
Channel: Tech Craft
Views: 81,061
Rating: undefined out of 5
Keywords:
Id: e_EfmKdP2ng
Channel Id: undefined
Length: 22min 14sec (1334 seconds)
Published: Sun Oct 09 2022
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.