Introduction to PiHole

Date

Tags
#homelab #selfhosting

#100DaysToOffload >> 2020-05-10 >> 016/100

PiHole is almost ubiquitously present on every list of services people could/should selfhost. And rightfully so, it is easy to set up and extremely useful on a daily basis. It blocks ads on almost all websites on all the devices in your home without the necessity of installing anything on them. It will also stop some devices from communicating with their parent companies behind your back.

How it works

To understand how PiHole does its thing, we need a quick introduction into how DNS works, the system that makes sure we can visit websites even if they are located on the other side of the world. The problem DNS solves is that the URL you use to visit a website doesn't tell your device anything about the physical location or IP address of the server that hosts the website.

If you wish to visit a website, say yarmo.eu, you enter that address in the top bar and hit enter. Your browser will then ask your router to get this website for you. If this is the first time you visit this website, your router doesn't know yet where the server is located, so it asks a DNS server in geographical proximity, usually the DNS server of your ISP.

If this DNS server knows the IP address of the server, it will be relayed back to your device which will now ask that server directly for the content of the website. If the DNS server doesn't have this information, it will ask another and so forth until the IP address of the host server is found.

As we established above, your router contains a DNS router. However, this can almost always be delegated to another DNS server in your home. That's where PiHole comes in. Instead of your router trying to figure out where the website server is located, it will ask PiHole to do so.

But PiHole has a trick up its sleeve: it has a built-in database of hundreds of thousands of URLs that are associated with ads and when they are requested, PiHole simply ignores them.

So you want to visit coolsite.com? Fine, PiHole will get you that website. Now, coolsite.com suddenly wants to load an ad from ads.gafam.com? The computer asks the router, the router asks PiHole, PiHole knows this URL is used to serve ads and will block that request, giving you a website without ads. Awesome!

Something you want to say?

Meanwhile, you are listening to music using a wireless speaker in your living room from a made-up brand "NOSON". What you don't know is that this device is continuously sending messages to the company containing information about the music you play and more. PiHole knows this and as soon as the speaker requests to send a message to metrics.noson.com, PiHole says no.

That's how PiHole blocks ads AND protects your privacy.

Dedicated hardware

Dedicating hardware to PiHole is advised but the hardware can be as simple as a Raspberry Pi Zero. The reason it is advised to use dedicated hardware is because if your PiHole crashes, there's no more internet in the home until you get the PiHole working again. It way to prevent this situation from happening is to always have two PiHoles running on separate hardware and telling the router about both PiHoles.

Second DNS server?

Oh, and while we're on the subject: do not put any "fallback" DNS servers like Google's or Cloudflare's in the second DNS server field on your router. Unfortunately, it doesn't work like a fallback, all routers will simply divide the workload over the two DNS servers. This means that if an outside DNS server is put in second place, it will receive DNS calls even if the PiHole is fully functional.

Having a proper DNS fallback server is difficult to set up, so best would be to use two different PiHole instances. Unless, of course, you don't mind a small period of internet loss and you are always nearby to fix the situation.

Caveats

Unfortunately, ads on video platforms like YouTube will not be blocked. This is because they serve the ads on the same domains as they serve the main content, meaning that they don't have a ads.youtube.com or something similar. Therefore, PiHole cannot block the ads. As there are a few of these edge cases, it is always recommended to use PiHole in conjunction with on-device ad blockers like uBlock Origin.

Final words

Really, there are few reasons to not get PiHole into your home and the benefits vastly outweigh the challenges (IMHO). It is also a great start on a journey of selfhosting more services and realising that one can be independent of major corporations to some degree.