Setting up Pi-hole

nst68 said:
I've changed to just use the https://dbl.oisd.nl/ list.

It's been running for a couple of days and is now blocking 10.8%, previously using various lists it was around 20-25%.

What rates are others getting?
Click to expand...

The rates are pretty meaningless. Depending on who's home and what gets done in any given day, my home network pushes through anything between 50,000 and 75,000 queries per 24h. My block rate with OISD used to hover between 15% to 20% most days, but it obviously depends on what traffic/sites/domains your users are visiting in any given day... Some days there'll be a lot of blocks, when people are on social media a lot and browsing the Daily Fail (just kidding, noobs who read the DF aren't allowed on my network :p). Other days they're mostly watching Netflix and playing games, and the block rate will be commensurately low.

stats.png


Since AdGuard Home now handles my DHCP as well as DNS - and as such enables local client resolution - a good chunk of my queries are now local lookups (1.0.0.10.in-addr.arpa type searches). Those lookups would never be blocked, but thousands are made every day. That skews the 'blocked' percentage down quite a bit. Filtering those out the block percentage is around 15% to 20%, but on quieter days (where people are mostly gaming and using educational apps or working, versus actual browsing) it can be as low as 5%.

domains.png


The more valuable metric is 'Are users noticing ads and annoyances creeping through, or do the logs show allowed lookups to undesirable domains?'. With OISD, things like gambling, porn, warez etc are not blocked by design. Trackers, ad networks, malicious IPs and so on are. You'll never see the massive block rates you do on the less curated lists, which tend to be millions of lines long and have a 'block everything, worry about false positives later/never' approach. That said, reading the logs you'll never see undesirable stuff being allowed, either - which is what really matters.
 
Any ideas how I can solve this?

I use a couple of Huawei AX3s for the majority of my network (everything wireless and a couple of wired connections), but every client connected via these falls under one client in pihole, so I can't see what devices are accessing and blocking sites. Is there any way to separate the clients out?
 
bloodiedathame said:
Any ideas how I can solve this?

I use a couple of Huawei AX3s for the majority of my network (everything wireless and a couple of wired connections), but every client connected via these falls under one client in pihole, so I can't see what devices are accessing and blocking sites. Is there any way to separate the clients out?
Click to expand...

What are the DNS servers of your clients configured as currently? If they were set to the Piholes I can't see a reason why they wouldn't appear as individual clients, sounds like they are set to the AX3s somehow.
 
Spleen Sauce said:
What are the DNS servers of your clients configured as currently? If they were set to the Piholes I can't see a reason why they wouldn't appear as individual clients, sounds like they are set to the AX3s somehow.
Click to expand...

Maybe that's what it is then, the devices must be using the AX3 as the DNS, and the AX3 is using the pihole as its DNS.

Just noticed that the DHCP was turned on on the AX3. Turned that off as pihole should be doing that.
 
Rainmaker said:
OISD.nl and my own custom list in ABP format (works in AdGuard Home but I don't think PiHole is capable of using them).
Click to expand...

hmm, I have an issue. I’ve setup adguard home in docker on my synology. If I manually add the address to devices, it works fine however when I add the adguard address to my ASUS router, my internet dies. I can see the router did connect to adguard and processed 14 requests, then stopped. Could I have hit a device limit? I had connected three devices before the router (to test).
 
I must be doing something wrong somewhere. At the moment I've got DHCP enabled on the router and DNS on the router configured as pihole IP. As per pihole guidance I've also configured conditional forwarding to be my router since pihole isn't acting as DHCP. This is creating a situation where my PC which I've manually assigned an IP and pihole as DNS, is just being named via it's IP address in logs and my mobile phone which is set to DHCP is coming through to pihole as the router.

If I turn off DHCP on router, turn on DHCP in pihole and disable conditional forwarding, the router stops being classed as a client but I still only get clients showing as IP address and not hostname.
 
Robert said:
hmm, I have an issue. I’ve setup adguard home in docker on my synology. If I manually add the address to devices, it works fine however when I add the adguard address to my ASUS router, my internet dies. I can see the router did connect to adguard and processed 14 requests, then stopped. Could I have hit a device limit? I had connected three devices before the router (to test).
Click to expand...

More info required please. What's the subnet of your LAN, and what's the subnet for your Docker instance running AGH? Is DHCP being handled by the router still, or by AGH? If your LAN subnet is 192.168.1.0/24, your Docker machine (NAS) itself has 192.168.1.5, and your Docker AGH subnet is 172.16.0.0/24 then you should be using 192.168.1.5 for the DNS address. Make sure there are no firewalls in the way, including allowing access on the NAS too; for ports 53, 80, 443, 784, 853 - UDP and TCP.

Make sure AGH is set to listen on 0.0.0.0 (not a particular IP) and ensure the access controls aren't in use, or if they are that all relevant subnets are allowed - for example 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,127.0.0.0/24.

There are no device limits, or indeed limits of any kind (unless you configure them yourself). How are you adding the DNS to the Asus router? Are you listing it as the router's upstream DNS, or are you setting it as the DNS to be handed out by DHCP?
 
Rainmaker said:
More info required please. What's the subnet of your LAN, and what's the subnet for your Docker instance running AGH? Is DHCP being handled by the router still, or by AGH? If your LAN subnet is 192.168.1.0/24, your Docker machine (NAS) itself has 192.168.1.5, and your Docker AGH subnet is 172.16.0.0/24 then you should be using 192.168.1.5 for the DNS address. Make sure there are no firewalls in the way, including allowing access on the NAS too; for ports 53, 80, 443, 784, 853 - UDP and TCP.

Make sure AGH is set to listen on 0.0.0.0 (not a particular IP) and ensure the access controls aren't in use, or if they are that all relevant subnets are allowed - for example 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,127.0.0.0/24.

There are no device limits, or indeed limits of any kind (unless you configure them yourself). How are you adding the DNS to the Asus router? Are you listing it as the router's upstream DNS, or are you setting it as the DNS to be handed out by DHCP?
Click to expand...

LAN is 192.168.1.0 - synology nas is .222 - the docker container is set to use host address, I used this config for pihole and it worked fine. It’s set to listen on all interfaces.

as I said, weird that if I set my pc to .222 it works fine, but adding the dns entries to the asus and my router just loses its internet connection. I just add them as server 1 and 2 as I usually would.

cheers :)
 
Docker on Synology seemed to be a nightmare when I looked - Synology services bind to a few common ports that you would want to use in docker.

Personally you'd be better off creating a VM on the Synology and then hosting docker in that
 
Armageus said:
Docker on Synology seemed to be a nightmare when I looked - Synology services bind to a few common ports that you would want to use in docker.

Personally you'd be better off creating a VM on the Synology and then hosting docker in that
Click to expand...

If other LAN clients are working, then ports being in use elsewhere (eg system applications) shouldn't be a consideration. Only the router is having trouble connecting.

@Robert it sounds like you've done everything right. Have you double checked the Synology firewall to ensure the above listed ports (my previous post) are allowed? Have you checked that nothing else is installed (eg Synology DNS) that's competing for access to the port just in case as Armageus said? Post up your Docker Compose (or your run cmd) just in case.

Here's mine:

Code: 
version: "2.1"
services:
  adguardhome:
    image: adguard/adguardhome:latest
    container_name: adguardhome
    network_mode: "host"
    restart: unless-stopped
    environment:
      - PUID=1033
      - PGID=100
      - PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
      - ARCH=x86_64
      - ALPINE_REL=edge
      - DOCKER_REPO=multiarch/alpine
      - ALPINE_MIRROR=https://uk.alpinelinux.org/alpine
      - TZ=Europe/London
    volumes:
      - /volume1/docker/adguardhome/conf/:/opt/adguardhome/conf
      - /volume1/docker/adguardhome/work:/opt/adguardhome/work
      - /volume1/docker/letsencrypt/oursecure.network:/LetsEncrypt:ro

Just to check, you did set up the PUID and PGID correctly? Mine are a dedicated Docker user with privs as needed. AdGuard Home shouldn't need root or anything though, just host network access, which you say you've set.
 
You must log in or register to reply here.
Back
Top Bottom