Pi-hole

[Ab]

This is pretty nifty.

pi-hole.net

[Lightspeed]

That looks like everything I want.

[Ab]

I spun up a little Ubuntu VM last night just to test, and Pi Hole seems to do exactly what it says on the box. I've got a Raspberry Pi B here but I can't find a usb cable to power it; I'll grab one tomorrow and set Pi Hole up on the device as the lord intended so I don't need virtualbox running full time on my main Mac.

but so far... very impressed!

edit update: according to the dashboard Pi Hole has blocked 11% of the queries on my home network today.

edit update: ok, it's proved itself so today I got an SD card and installed Debian and Pi-Hole on the Pi and it's fucking awesome. Holy shit so awesome, with basically a $30 investment in hardware. I'm going to throw some money at the devs or I'll feel like a prick.

[Ab]

Just putting this here so I don't forget it, and it might help someone else.

Found that all of a sudden my iOS devices weren't getting filtered. Took a closer look at network settings and each device had an IPV4 address and an IPV6 address, even though I hadn't configured the DHCP server on the Pi to hand out IPV6 addresses. Turns out my main gateway had a hidden setting (always enable "advanced view" kids) that was handing out IPV6 addresses on the LAN and sending IPV6 DNS queries upstream. Here's how it was going.

Phone: hi network! Who am I?
Pi: hi phone, you're 192.168.1.3 and I'll be handling all your DNS queries.
(in secret) Gateway: pssst you're also fd06:6107:ef0b:0:bbe:f52f:391b:790d, let me know if there's an address you need.
Phone: hey Pi, where is xxxpornsite.com?
Pi: never heard of it.
(in secret) Gateway: pssst according to the ISP it's actually at 2001:db8:85a3:8d3:1319:8a2e:370:7348.
Me: why the fuck is that site loading?

Summary: if your Pi-hole seems to be allowing lookups it shouldn't, check to see if your modem/gateway has a hidden setting that allows it to facilitate IPV6 DNS lookups independent of Pi-hole.

[Lightspeed]

This fellow has put together a NZ Pi-hole whitelist:

https://andrewford.co.nz/2018/07/17/...telist-for-nz/

Although, might be just defeating the point. But if you need your TVNZ/TV3 fix...

[Ab]

New hotness for 2022:

https://nextdns.io

Cloud-based Pi-hole, basically. Ad-blocking tracker-blocking malware-blocking DNS service, subscription with a free tier. It has the advantages you'd expect (no need to get hands dirty at a bash prompt, no hardware required, does tracker and ad blocking on mobile devices even when you're away from your LAN, etc) with the obvious disadvantages (the blocking happens further away from you so add some milliseconds on to the first lookup, someone else could be logging your lookups no matter how much they say they can't).

By the looks of it the service has a Linux client that you could install on a Raspberry Pi and have it do stuff locally but I haven't tried that.

I've got a pretty complex Pi-hole ruleset at home now with stuff like "if one of the kids' devices tries to access Youtube block it, any other device allow it; block Google Analytics on every device except my Macbook" etc. Not sure if NextDNS offers that level of customisation.

[[BT]Monza]

I ran a Pi-hole for a few months last year (wee project for lockdown boredom) and found it broke too much shit to be worth the hassle. Eg the Mitre10 website would be messed up formatting, a game on my Switch wouldn't load... The Brave browser does a pretty good job of blocking stuff for you too.

[_indigo1]

I haven't used an off-device DNS based blocker - but I know that the ability to opt-out of blocking PER APP on Blokada is critical or it would suffer the same as you say Monza.

[Ab]

I've kinda settled down on to Pi-Hole handling DNS and DHCP for my home LAN, and NextDNS handling DNS on individual devices away from home.