Setting up Pi-hole

[Jon20]

Sorry to bring this up again. I setup Pfsense to use Pi-hole as suggested by @Armageus.

@Jon20 your pi-hole address (and only that - no secondary, or set the secondary to the pi-hole address as well) should be added to pfsense's dhcp settings so that devices get given the dns server address when they request an ip address via dhcp.
Other DNS settings on pfsense (e.g. on WAN side) should stay as they were

Was just having a look at the Pfsense reddit and noticed this thread: https://www.reddit.com/r/PFSENSE/comments/acxvbo/problems_getting_all_of_my_dns_requests_to_go/

Is that another way of setting it up? I had noticed that there seemed to be a lot of queries going through Cloudflare DNS. It seems to be working.

 

[the-evaluator]

It's another way but I'd say it's less desirable. With that setup the clients will use Pfsense as their DNS server and Pfsense will then forward the requests onto the Pi-Hole. That way you're reliant on the DNS server on the Pfsense box being up and running for you to have working DNS resolution. That DNS server should be reliable but it is an additional dependancy which isn't giving you anything over having the Pi-Hole set as the DNS server in your DHCP server.

I could do the same in my setup, I could have my USG set as the DNS server and then have the USG forward DNS queries to my Pi-Holes but I didn't see the point.

 

[chris020]

Running pihole on one pi3+ along with Pivpn on another pi working great, but I would like to see which clients are actually having things blocked and let through. I realise that I could use Pihole to set DHCPs but I think I would prefer for the Linksys 1900AcS router to carry this out. any ideas how I can do this?

Thoughts appreciated.

 

[skyripper]

It's another way but I'd say it's less desirable. With that setup the clients will use Pfsense as their DNS server and Pfsense will then forward the requests onto the Pi-Hole. That way you're reliant on the DNS server on the Pfsense box being up and running for you to have working DNS resolution. That DNS server should be reliable but it is an additional dependancy which isn't giving you anything over having the Pi-Hole set as the DNS server in your DHCP server.

I could do the same in my setup, I could have my USG set as the DNS server and then have the USG forward DNS queries to my Pi-Holes but I didn't see the point.

I have pihole forwarding requests to pfsense which then forwards them out to google or OpenDNS [I forget which]

Having both pfSense and pihole works for me in the following scenario

• pihole isnt my DHCP server, my pfsense is - so I want local hostnames resolved by pfsense
• some devices on my network are set in DHCP to use pfsense as the DNS server because their owners want the ads... [go figure!]

If DNS isnt working on my pfsense, I've probably got bigger problems, as it implies the internet is down, or pfsense is down.

 

[Brummies]

I've just set this up and well impressed with it. Works a treat on Sky Go, Some other apps too. I had to enable a few on my whitelist but overall it works really well.

 

[maj]

Is http://livefyre.com/ blocked for anyone else? Looks like one of the custom block lists I've enabled is blocking it but I've manually added it as a whitelist exception but site is still getting blocked. Restarted Pi as well and flushed DNS and cache in web browser but page still getting blocked. It's used for live text commentary on Sky Sports website. As soon as I tell my pc not to use Pi-hole as the DNS the website works again.

 

[the-evaluator]

Yep, it looks like it's blocked on both my Pi-Hole installations but neither of them are using custom black lists, just the standard ones.

 

[thewanted]

Does anyone know why Pi-Hole isn't available as a service? Why isn't someone hosting this publicly so that we just need to change the DNS servers on our network connections to point to it?

I love the idea behind Pi-Hole, but don't really want any more devices or cables in my life.

 

[picnic]

Does anyone know why Pi-Hole isn't available as a service? Why isn't someone hosting this publicly so that we just need to change the DNS servers on our network connections to point to it?

Not Pi-Hole but does this help? https://adguard.com/en/blog/adguard-dns-announcement/

 

[BigT]

Does anyone know why Pi-Hole isn't available as a service? Why isn't someone hosting this publicly so that we just need to change the DNS servers on our network connections to point to it?

I love the idea behind Pi-Hole, but don't really want any more devices or cables in my life.

Part of the reason would be that, as a piece of software, the way it’s designed everyone would be subject to the same black and white lists which would be annoying. Such a service needs to have per user exceptions which it isn’t designed for. If you don’t want another box, and don’t have an existing machine you can put a VM or Docker container on, then pay to host it on AWS. Less boxes and things but I imagine more expensive in the long run.

As has been mentioned by @picnic , there are cloud based alternatives.

 

[thewanted]

Not Pi-Hole but does this help? https://adguard.com/en/blog/adguard-dns-announcement/

Thanks, that does look interesting! I'll do some research about how it compares to Pi-Hole.

Part of the reason would be that, as a piece of software, the way it’s designed everyone would be subject to the same black and white lists which would be annoying. Such a service needs to have per user exceptions which it isn’t designed for. If you don’t want another box, and don’t have an existing machine you can put a VM or Docker container on, then pay to host it on AWS. Less boxes and things but I imagine more expensive in the long run.

As has been mentioned by @picnic , there are cloud based alternatives.

Yeah, that makes sense. I guess I'm the type of user who likes a set-and-forget service, so I wouldn't be fiddling with the Pi-Hole unless it broke a site I was trying to access. I get free hosting on Azure so I might take a look at hosting Pi-Hole there. Someone has written a guide about it, although it's a little old.

 

[bloodiedathame]

Ugh, new Plusnet router (One Hub) doesn't have a custom DNS setting, the old ADSL one did. Oh well, maybe time to use it as a RetroPi.

 

[the-evaluator]

Can you disable the DHCP server on the new router? If you can you could use the DHCP server in Pi-Hole in its place.

 

[the-evaluator]

I get free hosting on Azure so I might take a look at hosting Pi-Hole there. Someone has written a guide about it, although it's a little old.

Unless I could lock it down to only serve DNS to certain IP addresses (which would necessitate you having a static IP at home) I wouldn't run Pi-Hole in an internet facing capacity. You don't want to be used in a DNS amplification attack

 

[bloodiedathame]

Can you disable the DHCP server on the new router? If you can you could use the DHCP server in Pi-Hole in its place.

I've just been reading about that, might give it a go.

 

[picnic]

I've just been reading about that, might give it a go.

It works, it's exactly what I've done.

 

[thewanted]

Unless I could lock it down to only serve DNS to certain IP addresses (which would necessitate you having a static IP at home) I wouldn't run Pi-Hole in an internet facing capacity. You don't want to be used in a DNS amplification attack

I thought about that after I posted. Since I don't have a static IP it's probably too much hassle to host it publicly.

 

[bloodiedathame]

It works, it's exactly what I've done.

Will my Pi be alright running pihole and being dchp server? It's pretty old. It's an RPi 1 Model B v1.2

 

[picnic]

Pretty sure my PiHole is running on an old B, I wouldn't expect there to be any issues unless you're running a massive network against it.

 

[the-evaluator]

I've just updated both my Pi-Hole instances to v4.2.1. Painless upgrade and all is working well.