Local DNS server with built-in ad-block.

[The Infidel]

I had a Raspberry Pi to spare and decided to put it to use as a local, network wide DNS cache/server with build in ad block at DNS level. This stops ads from being displayed on all devices on your network, not only computers with ad block plugins in the browser.

A DNS server is like a phone book (for those of you old enough to remember those) for the internet. When you write "bbs.stardestroyer.net" in your browser, it gives little meaning to the devices on the net, as they require IP addresses, so your device does a quick check with a DNS server. This will then reply with the IP address, here 206.210.100.38 (write it in your browser and see what happens.).

To have a good, reliable and quick responding DNS server is important, as a site easy can do 20 lookups, most of them commercials and trackers, so I've used Steve Gibsons DNS Benchmark to find the servers best for me (it needs a bit of tweaking). Every ISP usually have their own DNS servers and there's plenty more, but still, having my own network wide cache speeds things up a little bit, specially if many people are on my network surfing at the same time.

OK, won't be too technical here, but being able to block lots of commercials at DNS level will not only stop ads from showing, but will also speed up the experience a bit, as ads won't be loaded. They won't even be queried.

As mentioned, I'm using an old Raspberry Pi running Pi-hole on it. This Pi-hole is the ad blocking DNS server running on Raspbian.

During installation, I had to set a static IP-address for the Pi. Make sure your DHCP doesn't use that space for assigned addresses. I've set my DHCP to assign 192.168.0.10-192.168.0.254 and am running Pi-hole on 192.168.0.3 (192.168.0.1 being the gateway and 192.168.0.2 my wifi. I also set the primary DNS server on the gateway to be that of my Pi, secondary something external, and voila, it works. The reason for changing DNS server on the gateway, is that most devices have DNS server assigned automatically to the local gateway, so nothing needs to be done with any devices on your network.

I am in no way a Linux guru, but does know a tiny bit of networking. If everything written above makes perfect sense to you, and you have a Pi to spare, it's a nice thing to play with. There won't be any miracles compared to a computer running ad block, but it's a nerdy thing I kinda like and my phone has way less ads showing now than before. (Some of the ad servers have a TTL of only 60 or less, so having a DNS cache on those wont help much, but getting rid of them is fun.)

A link to an automated install is here, but you need Raspbian first.

(Yeah, I know that ads keeps the net alive and I should be supportive of it and so on, but sometimes, it's simply too much.)

[Prannon]

Nice man! I'm gonna have to check this out. I use my raspberry pi to run a Web cam myself, and this looks like a good reason to get another.

Thanks for the info!

[The Infidel]

Nice man! I'm gonna have to check this out. I use my raspberry pi to run a Web cam myself, and this looks like a good reason to get another.

Thanks for the info!

Pi-hole is running as a service, so if you have a static IP-address on your current Pi, not a very high load on the CPU and a suitable OS on it, maybe you could run it on the same Pi? I'm running it on a first gen Pi with 256Mb memory and a slow CPU, but still runs well.

But hey, a new Pi is also cool.

[TheFeniX]

This thread makes me feel dumb. I've got this old Dual-core Xeon in the closet I use to run Teamspeak and the odd server for whatever games we currently want to host. I'm so tired of the ads on my TV and phone because they could just be "BUY PRODUCT X," but instead they drag out for 15-30 seconds when I want to watch a quick 2 minute video.

It's on Server 2008, but DNS installation is easy and push comes to shove, I can just 0 out popular add site IPs from someone's host file. Importing should be fairly painless. Good man.

[The Infidel]

Oh, it has a nice web interface as well. This image was something I found on the net. Here, you can also whitelist or blacklist sites, but that's not visible on this image.


Don't feel dumb, Fenix, 'cause you're not. Editing your own host file can work wonders, but can be a bit tiresome. I did that a few years back. Fucking up your hosts file is also something malware often does to prevent you from visiting antivirus pages, so it is good to have some knowledge about it.

I have no idea if a pi-hole thingy for Windows exists, but DNS queries take up little bandwith and cpu power, so you don't need much processing power, only something that doesn't go down all the time.

I have to admit this is a rather nerdy thing to do, and most people have no idea what DNS is. That's why, when some countries bans access to torrent sites, they are only blocked on DNS level, and changing your DNS server might give you access again. If you want to test a DNS that isn't censored, try the OpenNIC ones: https://www.opennicproject.org/nearest-servers/. One of the ones I'm using, is that of the Norwegian Pirate Party, 87.238.35.136 and 185.56.187.149, but they are mostly intended for Norwegian users, but are open for all to use. They also gives you access to the following top domains, that often can be blocked from regular DNS servers (maybe for a reason): .bbs, .dyn, .free, .fur, .geek, .gopher, .indy, .micro, .null, .oss, .oz, .parody, .pirate, .ko, .ku, .te, .ti, .uu, .bit, .coin, .emc, .lib and .bazar

[Ace Pace]

I have no idea if a pi-hole thingy for Windows exists, but DNS queries take up little bandwith and cpu power, so you don't need much processing power, only something that doesn't go down all the time.

I'm pretty sure it doesn't but it's actually not hard to write one. I might do it over the summer if I don't find one (my home is mostly Windows boxes), since all pi-hole does is set up a DNS server with a giant list of domains hardcoded to refer to a local HTTP server that gives back trivial files.

[The Infidel]

I have no idea if a pi-hole thingy for Windows exists, but DNS queries take up little bandwith and cpu power, so you don't need much processing power, only something that doesn't go down all the time.

I'm pretty sure it doesn't but it's actually not hard to write one. I might do it over the summer if I don't find one (my home is mostly Windows boxes), since all pi-hole does is set up a DNS server with a giant list of domains hardcoded to refer to a local HTTP server that gives back trivial files.

That should be possible. Code is on github.

[Ace Pace]

I have no idea if a pi-hole thingy for Windows exists, but DNS queries take up little bandwith and cpu power, so you don't need much processing power, only something that doesn't go down all the time.

I'm pretty sure it doesn't but it's actually not hard to write one. I might do it over the summer if I don't find one (my home is mostly Windows boxes), since all pi-hole does is set up a DNS server with a giant list of domains hardcoded to refer to a local HTTP server that gives back trivial files.

That should be possible. Code is on github.

Project relies on dnsmasq so it's not just a shell port. The basic idea is portable but will require a complete rewrite to either work on a standalone Windows DNS server or to use the built in Windows Server box (won't work if I want people to actually use it).

[The Infidel]

Sounds cool, Ace. I'm not able to code such a thing.

I would like to find out how much of my DNS traffic that is cache hit or cache miss. The "query types" seems to care about "A" and "AAAA", and some googling told me this was for IPv4 and IPv6. Strange, I thought IPv6 would need a DNS server with an IPv6-address, and my gateway won't let me configure that for IPv6. (It seems its firmware is from 2011, and I can't find a way to upgrade it. Brand is Hitron.)

EDIT: Removed some silly stuff.

[Ace Pace]

Sounds cool, Ace. I'm not able to code such a thing.

I would like to find out how much of my DNS traffic that is cache hit or cache miss. The "query types" seems to care about "A" and "AAAA", and some googling told me this was for IPv4 and IPv6. Strange, I thought IPv6 would need a DNS server with an IPv6-address, and my gateway won't let me configure that for IPv6. (It seems its firmware is from 2011, and I can't find a way to upgrade it. Brand is Hitron.)

EDIT: Removed some silly stuff.

Amusingly enough, no, a DNS server can return AAAA queries without being IPv6 aware by itself. This allows legacy DNS servers to help route new traffic.

I have no idea how to query your pi-hole on that....