You're running Pi-Hole wrong! Setting up your own Recursive DNS Server!

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
a couple months ago i promised a brand new tutorial on getting piehole up and running as the ultimate do-it-yourself dns server and this is finally that video today i'm going to walk through installing pihole getting it set up as a recursive dns server and eliminating the need to forward your dns requests to third parties like google opendns or your internet service provider let's get started [Music] welcome back to craft computing everyone as always i'm jeff today's video is all about setting up piehole as your own personal and private dns server that you can host yourself first up let's talk about what pihul actually is it's a dns server that you can host yourself that blocks ads when you attempt to visit web pages so for example if i visit the webpage hackaday.com you can see there are ads at the top and side of the web page but if we visit it through a pie hole dns connection those ads disappear in its standard configuration pihol is what's known as a forwarding dns server in that it only has a very specific list of websites that it has the ip address for resolution and if it doesn't have that address it will forward you on to the next dns provider that you've configured so if you type in the website hackaday.com into your web browser that request is forwarded onto pihole since pihold doesn't know where hackaday.com is since it's not an ad serving website it will forward that request onto the next dns server that you've configured that dns server will then forward back down the ip address for hack a day through piehole and into your pc however while hackaday is loading it also wants to load up a whole bunch of websites that contain ads when those requests go to pihole it is in the adblock list and so they are filtered out everybody got that good because i'm not saying it again so by default pie hole runs great for its advertised features however there is a lot more power under the hood with a little bit of tweaking and that's what we're going to do today we're going to set a pie pihol as what's called a recursive dns server that is essentially what you forward on your request from pihole to such as google and opendns when you ask pyhol where is hackaday.com if it doesn't know the answer it will actually seek out what's called the authoritative domain server of hackaday.com and get the answer from them directly on the very first request of a website this will take a little bit longer than usual however pihl will also cache that information for future use so the next time you visit the website it loads much much faster what's more rather than sending all of your dns requests to a third party you're going to be getting your information directly from the ip server itself and cutting out the middleman entirely so not only will the third party dns servers no longer be able to compile a complete list of your internet browsing history based off the websites that you visit you're also going to be safer from dns spoofing such as serving up a fake website when you try to visit your bank so with all the introductions out of the way let's go ahead and get to building our piehole server first up i'm going to create a new virtual machine inside of proxmox however you can run this on a raspberry pi or on your own hypervisor of your choice i'm going to go to create new virtual machine i'm going to number it number 410 i'm going to name it homelab dash pie hole dash ftl go ahead and click on next under os we're going to select the ubuntu 20.04 live server iso now again ubuntu 2004 server is my linux distro of choice this isn't the time for that argument so use what you like i'll use what i like the commands are the same click on next under hard drive i'm going to go and give this thing 40 gigabytes no real reason for that i just have lots of space on the server and i'm going to select my local server for storage click on next under cpu i'm gonna give this four cpu cores which is again way more than enough but i have lots of headroom click on next i'm gonna give this four gigabytes of ram click on next i'm gonna leave network settings at default click on next and then click on finish once that's been created i'm going to open up the console and we'll go ahead and get ubuntu installed for the installation we're going to leave pretty much everything at the default so english as our main language we're not going to read the release notes we're going to verify that we have a us language keyboard i'm going to leave this at dhcp for right now we're going to give our server a name so home lab dash pihole ftl pick a username i usually go with administrator on a lot of my servers give it a password and we are going to install openssh server because that will make the installation easier later on so go ahead and check that box and click on done click on done again and now we just wait for the installation to complete once ubuntu is back up and running we're going to go ahead and log in it with the credentials you set up during installation and the only thing we need to do here is find out the ip address so we can ssh into the box so i'm going to type in ipspace address and listed right here is my ip address so 192.168.1.99 and that's all i need so i'm going to go ahead and exit out of this session now that we have the ip address go ahead and log into the server over ssh with the ssh terminal of your choosing in this case i am using putty but again you can use whatever you'd like this isn't the place for that argument if i could type today that would really help things out first things first we're going to install pi hole exactly as we usually would and there's a handy little script right here that you can get off either the github or pi hole websites so i'm just going to copy that i'm going to type in sudo paste in that script and then hit enter and pi-hole will automatically install itself and while we're waiting on this to happen it's a good time to introduce today's video sponsor lenode a lot of my audience watches for the home lab content like you all are doing right now but not everyone has the finances or wants to dedicate an entire room to setting up their own home lab i mean just think about what i've gone through here i added two 20 amp circuits to my house plus an air conditioner dedicated for my rack not everyone wants the noise of a full data center in their garage rather than hosting your own personal cloud let lenode host it for you if it runs on linux it'll run on the node and that includes the software in today's video tutorial you can set up your own ad blocking recursive dns server or set up your own personal vpn tunnel so you can browse the web securely wherever you're at from any device linux makes it easy to deploy and manage your own cloud services with solutions starting from a single shared cpu to massive multi-core virtual machines with shared cpu plans that start at as little as five dollars per month and scaling up to as high as you need to go you'll be able to find a hosting plan that fits your needs install your favorite server apps and services from scratch or start with one of the many pre-configured one-click installs from the lenode app marketplace even if you do host your own servers you can use lenode to keep a backup of your systems off-site visit lenode.com craft computing and receive a 100 60-day credit when starting a new account and get your home lab up and running today that's lenode.com craft computing and now back to the piehole installer we're pretty much going to use nothing but the default settings in the installer itself so it lets us know that it will transform our device into a network-wide ad blocker but we're gonna do just a little bit more than that so go ahead and click on ok first thing it'll ask you is to set up an upstream dns server this is so the dns forwarder inside of pi hole can work now for right now we're just going to select google however later on we will be removing that entry and letting pi hole get its own dns by default right now pihole comes with the stevenblock adblock list and that's pretty much all you need to move forward so go ahead and click on ok we're going to block ads over ipv4 and over ipv6 so again go ahead and click on ok and then it's going to ask if you want to convert your dhcp address into a static address i'm going to go ahead and click on yes because this is only going to be a temporary solution for me you can also click on no and assign it a new dhcp address or set it whatever static address you want do you wish to install the web admin interface of course i do yes you want to install the web server and require php modules of course also yes do you want to log queries now this will keep a comprehensive list of all of your dns requests however that kind of spits in the face of the privacy aspect of it for my use case i'm going to go ahead and select yes because i don't care if my dns queries are logged on my own server but if that's a concern of yours click no if you selected that you want to keep logs there are four different modes the default is show everything which keeps a record of a client and what website they tried to access there's hide domains there's hide clients and domains and then there's anonymous mode again for my use case i'm going to show everything and after about 60 seconds or so pie hole should be completely installed and we can bring it up inside of a web browser and installation is now complete now the one thing you need to take note of is how do you actually access the web interface so for most people it's going to be the ip address forward slash admin there's also a password right here that you need to take note of or you can reset the password from the ssh session you're in right now if you do want to set up a custom password for the pi hole web interface the command is hole dash a dash p and then whatever your password will be so i'm gonna type in password one i know nice and secure once the password has been set it's a good idea to try to log into the web interface to make sure it's correct so i'm gonna go to 192.168.1.99 forward slash admin if pihul is up and running correctly you should see this interface right here i'm going to go down to the login tab and then i'm going to enter the password that i set inside the terminal so password1 if that's successful you'll have a bunch more options here on the left hand side and you know you have admin access and now for the secret sauce that transforms this standard ad blocking installation of pi-hole into a full recursive dns server and for that we're going to install unbound now down in the video description i will have a link to the full written tutorial over on the pi hole website i do recommend definitely clicking on that as you're going to want to get in on that copy pasta action so first up we're going to go ahead and update our app repository so sudo apt update once that's done we're gonna install unbound so sudo apt install unbound and yes i would like to continue once inbound has been installed the fun part starts we actually need to write our own configuration for unbound to actually work lucky for us there is an example configuration file on the pi hole website so again you're going to want to go down there and copy that but for right now let's go ahead and create that configuration file first so i'm going to go up to this directory right here and copy that from the pi hole website i'm going to do sudo nano and then paste that directory in that will create that configuration file for us and next i'm going to copy this configuration file right here so copy that and then paste it in with all of that pasted in there i'm going to hit ctrl x to exit i'm going to hit y to save and i'm going to hit enter to confirm the file name now part of that configuration file was actually to change the dns port inside of unbound from 53 to 5335 now why would we do something like that when all of the clients on your network are expecting port 53 well pihul is already listening on port 53 and you can't listen on the same port with two different services so the way your network will be set up now is pihole will be your dns server that all of your clients communicate with and since it's on port 53 there's no configuration change you need to make on the clients pyhol will then forward those requests to unbound via port 5335 as a standard dns request on a secondary port from there unbound goes out to the internet and finds the authoritative domain server you were looking for forwards that request back to pi hole pi hole strips out all of the advertiser ip addresses out and feeds you the end client a clean ip address so we're going to go back to our pi hole main page here i'm going to go to settings i'm going to click on the dns tab up at the top i'm going to uncheck the two google dns servers that we set up during the installation process and scroll down to upstream dns servers i'm going to check the box on custom 1 ipv4 and type in 127.0.0.1 pound 5335 sorry i'm old once that is done go ahead and scroll all the way to the bottom of the page and click on save and with that your pi hole server should now be up and running as a full recursive dns server with everything set up and ready to go let's go ahead and test pi hole both as an ad blocker and as a recursive dns server so as you can see on the left side i have my pi hole logging and on the right hand side i have msn one of the most notorious ad heavy websites in existence like why would anyone come here this is an ad at the top this is an ad in the middle this is an ad right here mixed in with some news headlines but most of them sponsored over here is topics for you which are all ads honestly it's just terrible so let's see if we can fix it just a little bit i'm going to bring up my network interfaces we're going to open up my ethernet connection i'm going to go down to properties i'm going to go to ipv4 connections and then down at the bottom i'm going to say use the following dns server address and i'm going to type in the ip address of my pi hole server so 192.168.1.99 hit ok and close we're going to open up a new tab and i'm going to go to msn.com again now this website is not a great example again because microsoft likes to host a lot of their own ads but as you can see a good number of them have gone away it's no longer asking me to switch to edge chromium from firefox in a banner up at the top there's no ads right here in the center although the logo for add choice is still right there and this big large video player is now also gone now let's see what happened inside a pie hole down here at the bottom of our log history you can see a bunch of requests that say forward it on to localhost 5335. that is pi hole responding saying i don't know what the dns is asking for i'm going to forward this on to unbound so unbound can find the actual domain route as we scroll up a little bit you see a bunch of results that are starting to say okay cached those are websites that pihl has actually cached the data of so it knows the ip address directly and can serve that query directly to the client rather than forwarding that query off to unbound and having unbound find the domain root off on the internet pihul can respond to that request directly which is exactly what a recursive dns server does you can also see a bunch of requests that are being blocked and that is pi hole saying that is part of my ad repository you're not allowed in so there you go an ad blocking and recursive dns server all in one very tidy package but for home lappers there's one more very important feature that i'd like to draw your attention to and that's that pi hole can now respond to local dns queries now pihole could kind of always do this and i've used it for this purpose before but before you had to go into the pie hole hosts file and manually add in the ip address of any local dns queries you wanted to respond to now there's actually a dedicated tab just for local dns so if i go down here to the local dns tab and dns records i can create dns records based off internal services that i run in my server stack that is pretty cool with that i think you have everything you need to get up and running with pi hole as a recursive dns server ad blocker and even a local dns authority if you have any questions or comments about this video go ahead and leave them down below and i will do my best to respond on your way down there make sure to drop this video a like and subscribe to craft computing if you haven't done so already follow me on twitter at craft computing to keep up with my daily shenanigans and if you like the content you see on this channel and want to help support me in what i do consider joining the patreon or float plane links are also down in the video description as a bonus you'll get exclusive access to the discord server where you can chat with myself and join the ever-growing community over there and it gives you an opportunity to pick my brain without blasting me with twitter dms that's gonna do it for me in this one thank you all so much for watching and as always i will see you in the next video cheers guys [Music] today's beer is from fry geist beer culture and it is the elf schneider hoppy german style hefeweizen ale 6.0 percent they are out of st louis missouri and appear to possibly be a gypsy brewer as it says on the side brewed and canned by urban chestnut brewing company st louis missouri for fry geist so uh using someone else's facility to brew your own beer it's got kind of an interesting smell to it um let me see if there's any hint about what hops they're using fried ice was founded in 2009 with a mission to revive germany's lost artisanal ales we now offer bold american influence american brood twists on our homeland's most popular beer styles generous editions of cascade and mosaic cops gives this german style hypervison ale its tropical fruity notes an extra burst of american style bitterness okay so cascade and mosaicops i thought i smelled mosaic but those cascades were kind of throwing me for a loop that is definitely an interesting beer i think i like it but i'm not quite sure yet this reminds me kind of like doing a shandy though with uh like grapefruit soda and a lager but it's an ipa and a hypovision like it's definitely tropical but it's much more of like a melon kind of tropical it's not citrusy uh it's very interesting yeah your brain tells you ipa and then there's that rich banana kind of like flavor from the german malt that just kind of carries the back of the flavor but i'm also missing some of those quintessential hepa vise and spices and and and taste that are usually so predominant in half beers um it's a little conflicting it's it's weird i'll say this one is interesting um i'm not disappointed in it it's not a bad beer but it's not it's not doing it for me either um if it is being called a half i'd prefer it be a little bit more towards the heifen and a little bit less americanized however it's not quite americanized enough for me either as the hop flavor just really isn't quite there to be fair it's a fine drinkable beer i just don't think this one's for me you
Info
Channel: Craft Computing
Views: 487,173
Rating: undefined out of 5
Keywords:
Id: FnFtWsZ8IP0
Channel Id: undefined
Length: 18min 1sec (1081 seconds)
Published: Thu Jan 28 2021
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.