====== Pi-Hole installation and configuration ====== Who does not know that, clicked on a link on Google and ended up with a seller, called up a website and waited what felt like minutes until all the advertising banners were finally loaded. It doesn't have to be like that, you don't have to endure advertising. \\ The possibilities are many and start with installing ad blockers in the browser, with black lists in the router. You can make it easy on yourself.... The advertising has to come from somewhere, it doesn't happen like it used to, where I placed an ad in a newspaper and they then published it. Back then, advertising was part of the newspaper and websites look like advertising was part of it too. Fortunately, this is not the case, because the advertising is only downloaded from external sources, so-called advertising networks, when you view the website. This is what makes "personalized" advertising possible. And so that the operator of a website does not have to worry about the traffic generated by the advertising, the browser is persuaded to take over this part. \\ And this is exactly where the starting point is to ban about 80% of all advertising. The idea is to not load any ads that are not part of the website itself. Not only the loading times of the websites are reduced, in combination with [[.:howtos:pivpn|PiVPN]] the mobile data volume is also used for content instead of advertising. In addition, it is a central solution that does not require on every use an ad blocker on each device.\\ ====== Installation ====== curl -sSL https://install.pi-hole.net | bash As with [[.:howtos:pivpn|PiVPN]], this one command is enough to install Pi-Hole. In the following configuration dialog, which follows the automatic installation of the necessary packages, you will be asked for some settings, including which DNS (__D__omain __Name__ __S__ervice) should be used. Here you have the choice of either your home router (if it offers DNS as a service, like the Fritz Box), the DNS of the Internet provider or, to prevent tracking, one of the [[https://www.kuketz-blog.de /dns-uncensored-and-free-dns-server-without-logging|free, non-logging DNS server]]. I have decided to enter my Fritz Box here. For the settings that you should make well-considered, I give my selection here: * Select Upstream DNS Provider - 192.168.178.1 (my Fritz Box) * Select Protocols - I deselected IPv6 here, but only because my provider doesn't offer me IPv6. * Do you want to use your current network settings as a static address? - * Ip Address: 192.168.178.30 (IP of the Raspberry Pi in the home network) * Gateway: 192.168.178.1 (IP of the Fritz Box in the home network * Do you want to log queries? - Yes to be able to see statistics. If you want to do without it to protect the Pi's SD card, you can also select "No" here, this has no effect on the functions. In the course of the installation, the URL of the [[http://pi.hole/admin/|Web Interface]] is displayed, as well as the password of the admin user, which you should keep safe. At this point Pi-Hole is fully functional and ready to use. The corresponding services are started when the Raspberry Pi is started, the daily automatic update of the block lists is activated. Now all clients have to be persuaded to use the Raspberry Pi as DNS. The easiest way to ensure this is to adjust the DHCP settings on the home router so that it propagates the Raspberry Pi as DNS. In the Fritz Box you will find the point under Home network -> Network -> Tab: Network settings -> IPv4 addresses -> Field: Local DNS server If you don't succeed, or you only want to use the ad blocker for individual devices, you have to adjust the DNS settings on each individual device. ====== Configuration ====== There is nothing else to configure for blocking ads, but if you want to change something, you can either change the /etc/pihole/setupVars.conf file or do a new installation. If the /etc/pihole/setupVars.conf file is changed manually, the corresponding services must be restarted. sudo service dnsmasq restart sudo service pihole-FTL restart ====== Für Experten ====== Ihr wollt mehr, z.B. weil er heimische Router keinen DNS Service bietet oder ihr eigenen Adressen umleiten wollt? Natürlich ist dies kein Problem, denn Pi-Hole benutzt für seinen Funktionen den Dienst dnsmasq, einen kleinen, einfachen DNS Server. Die Konfiguration des DNS Servers findet man unter /etc/dnsmasq.d/01-pihole.conf . In dieser Datei stehen alle Informationen, die Pi-Hole benötigt. dsnmasq liest alle Dateien in diesem Verzeichnis, die auf .conf enden. Ich beschreibe nun mal, wie einfach man * heimische IPs mit einem Namen versieht * externe Adressen auf interne Adressen umleitet. Wozu? Ihr betreibt sicherlich eine eigene Cloud im Heimnetz, um Daten auf allen Geräten zur Verfügung zu haben. Diese Cloud muss natürlich auch aus dem Internet zu erreichen sein, was dazu führt das ihr zwei Namen für die Cloud verwenden müsst. Der Name im internen Netz unterscheidet sich also von dem Namen, der aus dem Internet verwendet werden muss. Um dies zu vermeiden kann dnsmasq den externen Namen im Heimnetz auf die interne Adressse umleiten. Als erstes legen wir eine eigene Konfigurationsdatei /etc/dnsmasq.d/02-lan.conf an, deren Inhalt wie folgt aussieht: addn-hosts=/etc/pihole/lan.list Damit teilen wir dnsmasq freundlich mit, das eine Datei /etc/pihole/lan.list ebenfalls zu berücksichtigen ist. Der Inhalt dieser Datei, die wir ebenfalls anlegen müssen, entspricht im Aufbau exakt einer [[https://wiki.ubuntuusers.de/hosts/|/etc/hosts]] Datei. Hier ein Beispiel: 192.168.178.30 raspberrypi raspberrypi.fritz.box # PI fuer PiHole 192.168.178.40 pi3 pi3.fritz.box onkelhartwig.myfirewall.org onkelhartwig.myfirewall.org # PI fuer owncloud und OpenVPN Client Wie man sieht, habe ich hier zwei Raspberry Pi eingetragen, für die dnsmasq die Namen in IP Adressen (und umgekehrt) übersetzt. Wenn ich im Internet bin wird "onkelhartwig.myfirewall.org" zu meiner externen IP aufgelöst, während zu Hause die interne IP (192.168.178.40) benutzt wird. \\ Apropos: in einer /etc/hosts Datei wird alles, was hinter dem Zeichen "#" steht als Kommentar interpretiert. ====== For experts ====== You want more, e.g. because your home router does not offer DNS service or you want to redirect your own addresses? Of course, this is not a problem, because Pi-Hole uses the dnsmasq service, a small, simple DNS server, for its functions. The configuration of the DNS server can be found under /etc/dnsmasq.d/01-pihole.conf . This file contains all the information Pi-Hole needs. dsnmasq reads all files in this directory that end in .conf. I will now describe how easy it is to * naming home IPs * Redirects external addresses to internal addresses. What for? You certainly operate your own cloud in the home network in order to have data available on all devices. Of course, this cloud must also be accessible from the Internet, which means that you have to use two names for the cloud. The name in the internal network is therefore different from the name that must be used from the Internet. To avoid this, dnsmasq can redirect the external name in the home network to the internal address. First we create our own configuration file /etc/dnsmasq.d/02-lan.conf, the content of which looks like this: addn-hosts=/etc/pihole/lan.list This is a friendly way of telling dnsmasq that there is a /etc/pihole/lan.list file to consider as well. The content of this file, which we also have to create, has exactly the same structure as a [[https://wiki.ubuntuusers.de/hosts/|/etc/hosts]] file. Here's an example: 192.168.178.30 raspberrypi raspberrypi.fritz.box # PI for PiHole 192.168.178.40 pi3 pi3.fritz.box onkelhartwig.myfirewall.org onkelhartwig.myfirewall.org # PI for owncloud and OpenVPN client As you can see, I have entered two Raspberry Pis for which dnsmasq translates the names into IP addresses (and vice versa). When I'm online, "onkelhartwig.myfirewall.org" resolves to my external IP, while at home it uses the internal IP (192.168.178.40). \\ Speaking of which: in an /etc/hosts file, everything after the "#" character is interpreted as a comment.