Setting up Pi-hole
- Thread starter NoNameNoNumber
- Start date
Nice coming back to this. Needed a very fast and dirty way to push some basic filtering into a couple of networks so have jumped on Pihole.
Upstream DNS are set to 1.1.1.3 & 1.0.0.3 and then running a couple Hagezei lists over the top. Seems to be doing the trick with only AirBnB messenger being a casualty.
@Feek did you try to dig out any possible domain names to whitelist for wifi calling to explicitly allow or just disabled the list that you found causing it?
Upstream DNS are set to 1.1.1.3 & 1.0.0.3 and then running a couple Hagezei lists over the top. Seems to be doing the trick with only AirBnB messenger being a casualty.
@Feek did you try to dig out any possible domain names to whitelist for wifi calling to explicitly allow or just disabled the list that you found causing it?
Oh yes, I need to update.
I had a situation a couple of days later when I had an incoming call, which I answered but couldn't hear anything, it was from the local surgery so I called them back and they said I'd not answered. I went straight onto my Piholes and dropped them both down to just the minimal list but at the same time, I remembered that a few years ago, I had a situation with my work desk phone, which is an IP phone. When anyone called me, I couldn't hear them and all my outgoing calls failed.
The fix for that was to reboot my Draytek 2865.
So I rebooted my Draytek 2865 and WiFi calling has worked perfectly since. I've left my Piholes with just the minimal Hagezei list enabled and nothing else and that's been perfectly adequate, I've not noticed any ads getting through which were previously blocked.
It was probably my router, perhaps a little confused by something.
Quite annoyingly, migrating my PRTG network monitor to a new machine broke the pihole update sensor. Genuinely can't find anything different between the two machines (other than a slightly newer version of power shell, which doesn't affect the generated XML) so have given up.
Have set up GitHub notifications from the pihole repository for any release alerts.
Have set up GitHub notifications from the pihole repository for any release alerts.
Soldato
- Joined
- 8 Jan 2003
- Posts
- 3,869
- Location
- Scotland
Setup pi-hole on Thursday on a spare RPi 3b+ I had lying about. One thing I can’t figure out is why my wife’s iPhone is still having blocks being applied. I have the default group with a few lists added to it and a new group e.g. “No block” which has lists applied to it. My wife’s iPhone is in the “No block” group but is still having issues with blocks being applied.
For example, her mail app was showing the warning about network privacy settings blocking content and this is because the mask.icloud.com and mask-h2.icloud.com domains were being blocked, even though no block lists are attached to the “No block” group. Am I missing a setting somewhere?
For example, her mail app was showing the warning about network privacy settings blocking content and this is because the mask.icloud.com and mask-h2.icloud.com domains were being blocked, even though no block lists are attached to the “No block” group. Am I missing a setting somewhere?
That sounds like an iPhone setting. Does this still happen when not connected to the WiFi?
So Pihole has had an update, but also i have noticed the Hagezi github addresses have stopped working for the moment, the alternative links do work
www.reddit.com
Also for me, after updating pihole, i needed to rename the FTL database in order for pihole to start working again and the web interface to be accessible
sudo service pihole-FTL stop
sudo mv /etc/pihole/pihole-FTL.db /etc/pihole/pihole-FTL-old.db
sudo service pihole-FTL start
Reddit - The heart of the internet
www.reddit.com
Also for me, after updating pihole, i needed to rename the FTL database in order for pihole to start working again and the web interface to be accessible
sudo service pihole-FTL stop
sudo mv /etc/pihole/pihole-FTL.db /etc/pihole/pihole-FTL-old.db
sudo service pihole-FTL start
So Pihole has had an update, but also i have noticed the Hagezi github addresses have stopped working for the moment, the alternative links do work
Reddit - The heart of the internet
Also for me, after updating pihole, i needed to rename the FTL database in order for pihole to start working again and the web interface to be accessible
sudo service pihole-FTL stop
sudo mv /etc/pihole/pihole-FTL.db /etc/pihole/pihole-FTL-old.db
sudo service pihole-FTL start
This is why I don't jump on updates straight away.
Just done a test update on a spare box and it hung at updating local cache of available packages.
Glad I didn’t just push this lol
**Edit - Seems this is a more Ubuntu widespread thing. LXC runs on Ubuntu 22.04 template. Simple apt update isn't pulling headers down so will leave it a while as it's a bit intermittent. It gets a few then stops and WSL on my laptop is doing the same.
Sorry Pihole. Not you this time
***Edit It's always DNS
Glad I didn’t just push this lol
**Edit - Seems this is a more Ubuntu widespread thing. LXC runs on Ubuntu 22.04 template. Simple apt update isn't pulling headers down so will leave it a while as it's a bit intermittent. It gets a few then stops and WSL on my laptop is doing the same.
Sorry Pihole. Not you this time
***Edit It's always DNS
Last edited:
Soldato
- Joined
- 24 Mar 2018
- Posts
- 3,252
- Location
- Brighton
Have they added DoH/DoT capability yet like most of the other providers ?
Soldato
- Joined
- 24 Mar 2018
- Posts
- 3,252
- Location
- Brighton
I see this!
github.com
GitHub - devzwf/pihole-dot-doh: Official pihole docker both DoT (DNS over TLS) and DoH (DNS over HTTPS).
Official pihole docker both DoT (DNS over TLS) and DoH (DNS over HTTPS). - GitHub - devzwf/pihole-dot-doh: Official pihole docker both DoT (DNS over TLS) and DoH (DNS over HTTPS).
github.com
There's a method described earlier in this thread, it's how I've got mine set up for that.
Soldato
- Joined
- 24 Mar 2018
- Posts
- 3,252
- Location
- Brighton
I was leaning towards an answer if pihole has added the Functionality yet or not, there seems to be a lot of hack jobs to get DoH to work. I tried the one above for a giggle which works by just pasting the compose example into portainer. I think you used the old trusty way here>> https://pimylifeup.com/rapberry-pi-dns-over-https/comment-page-1/
I use Mikrotik with add blocking for my DoH but Quad9 is moving away from http/1 DoH support which isn't great 'cus it just leaves cloudflare as an option.
I'm still testing some new options like the above to see which combo fares better with dnsperf etc. Seems like I'm going round in circles!
Looking for some help please? Just setup up Pi Hole it seems to be working or doing something but i'm confused on the DHCP bit?
I have a VM 5X modem/router thing and have disabled DHCP. I have enabled a static IP address on the Pi and on the router, I think (it seems to be working anyway). I have turned on DHCP server on the Pi Hole settings and set the Gateway address to the address I use to log into my router but am confused with the RANGE of addresses hand out part? I have set this to 192.168.0.10 to 192.168.0.254 but literally have no idea? Then because I can't setup up DNS on my router I have changed the DNS settings on my PC and other things to the IP of the Pi Hole server? Thanks.
I have a VM 5X modem/router thing and have disabled DHCP. I have enabled a static IP address on the Pi and on the router, I think (it seems to be working anyway). I have turned on DHCP server on the Pi Hole settings and set the Gateway address to the address I use to log into my router but am confused with the RANGE of addresses hand out part? I have set this to 192.168.0.10 to 192.168.0.254 but literally have no idea? Then because I can't setup up DNS on my router I have changed the DNS settings on my PC and other things to the IP of the Pi Hole server? Thanks.
Sounds about right.
I'd cut your DHCP range down a bit, usually I go from .51 to .199 to give yourself some static room before and after the DHCP clients.
If it's working though....you're done.
VoIP (specifically SIP for signalling and RTP for media) highly relies on a solid firewall setup and NAT traversal. UPnP takes care of this on most occasions, but the NAT translations can sometimes stop updating and a reboot is usually the only way to clear it. Double check that SIP ALG is disabled on your router as the endpoint is always much better at rewriting SIP headers than the firewall ever is.
When the remote party didn't believe you'd answer, this is because the ACK returned by your side probably has incorrect IPs in the contact header and this screws up the rest of the call flow. You think you've answered (your device generated a 200 OK) but you get no media, and the remote party keeps hearing ringback. Eventually, the ACK response timeout kicks in and, 30 seconds after you answered the call, it will terminate.
DNS is rarely used for media establishment - mostly for directing signalling and load balancing. Media is always established using IP connectivity. Either via direct media, direct media using STUN for traversal of NAT, or TURN relaying the media. It's always IP-based.
I do VoIP for a living, by the way.
That's all really interesting, thanks. It does make me wonder if it's adding a scheduled monthly reboot to the Draytek.
Yup, none of the ALG stuff is enabled.
Nothing wrong with a regular reboot to keep things fresh. If it's something that occurs infrequently and a reboot always fixes it, a regular reboot schedule sounds like a good workaround. Getting Draytek to patch the firmware may be a harder task!That's all really interesting, thanks. It does make me wonder if it's adding a scheduled monthly reboot to the Draytek.
Yup, none of the ALG stuff is enabled.
Okay, thanks. Well one of the websites I don't use very often is reporting I'm using an ad blocker so it must be doing something.
I am using a Pi 2W via Wifi, is there any point in getting a network port dongle? I do have one that has a USB-C connecter but it doesn't work with the Pi using a USB-C to micro sd converter, no power passing through.
I also don't suppose there's any point in adding the PS5 to Pi Hole, just things like computers, phones and tablets?
If I game on my PC will it add latency?
Last edited: