Want to have a better online experience without advertisements and sneaky tracking codes that invade your privacy and monitor your activities?
This is exactly what a Pi Hole Ad blocker can do for you. Follow this Pi Hole setup guide to block ads and improve privacy and security for all your network devices. No more web browser addons, jailbreaking or rooting just block advertisements.
For this reason, Pi Hole is an essential piece of software in my smart home setup.
What is Pi Hole?
Pi Hole is a network-wide ad blocker. In a typical home environment, this can cut out almost all ads to all devices in your home, without having to install an ad blocker on every single device.
Table of Contents
- How does Pi Hole work?
- Pi Hole Setup Guide
- Configuring Devices to Use PiHole
- Pi Hole Configuration and Customization
- PiHole Tweaks
- PiHole Tutorial – Closing Thoughts
- Other Good Reads
In this Pi-Hole setup guide, I will cover everything from PiHole introduction to installation and configuration. I will also share some basic maintenance steps, as well as, information on some advanced setups.
I debated a lot before writing this guide. Ad blockers are detrimental to content creators. By using an adblocker, you will essentially be wiping out any income that sites as this one can generate from your visit. Even the ads that you do not click on can generate income. But there are several malicious sites that PiHole can protect you from.
Therefore, if you decide to install PiHole for Ad Blocking, I request you to whitelist the sites/domains you visit. PiHole is free and entirely dependent on donations. So if it helps you please consider donating.
How does Pi Hole work?
In simple terms, a DNS server is an internet address registry that helps locate the server using the domain name. When you visit any site, a query is made to the DNS server to locate the IP Address (location) of the server to connect to. Pi-Hole puts itself between your device and an upstream DNS server and blocks out any requests to known ad and tracking servers. Pi Hole can accept DNS queries but it relies on upstream server for resolving the queries.
Here are some of Pi Hole's awesome features/advantages:
- Free!!! All you need is a device to run Pi-Hole on – Raspberry Pi, Linux Machine, or Docker.
- No client-side ad block software required.
- Over 100,000 ad-serving domains blocked with the default blocklists. There are a number of publicly available blocklists to taylor your blocking.
- Blocks ads on any device, including those Smart TVs and other devices that do not allow you to make any modifications. Exception is devices with hardcoded DNS (explained below).
- Reduces bandwidth and improves overall network performance. As you can see from the above picture. Over 50% of the ad requests were blocked before they are downloaded.
- Provides an awesome dashboard to monitor various stats on ad blocking. Pi-Hole has a built-in web server that provides an easy to use Web UI for administration.
Pi Hole Setup Guide
How to install Pi Hole?
Pi Hole can be installed on any Linux compatible system or Raspberry Pi. Pi Hole can also be run as a docker container, which allows it to be run from devices such as a Network Attached Storage (eg. Synology NAS). But the most common and recommended way is to run a dedicated Raspberry Pi PiHole server.
In this guide, I am going to show you how to install Pi Hole on Raspberry Pi 3. These instructions should also work on any other model of Raspberry Pi, including the Zero. In the future, I will update this Pi Hole tutorial to include setup instructions for Linux.
Raspberry Pi Pi-Hole Installation
Setting up Pi Hole on Raspberry Pi is one of the easiest ways to get started on whole-home adblocking. On a Raspberry Pi, Pi Hole will function as a self-contained unit. Therefore, no messing with web servers etc. on a Linux system.
PiHole needs ports 53, 80, among others. So if you have other services running on the same system, there could be conflicts. So having a separate Raspberry Pi for this purpose is more efficient and hassle-free. Plus, it is only going to cost you $2 to $5 in electricity cost for the whole year to keep the Pi running 24/7.
So let's get started with the Raspberry Pi PiHole tutorial. If you do not want to go through the installation steps then you may be interested in the following Raspberry Pi Pi-Hole kit, which comes one-click Pi-Hole installer.
Step 1: What is needed to run a Pi Hole server?
Here is what you will need to follow this Pi Hole tutorial successfully:
- Raspberry Pi 3B+ – Although any version of Raspberry Pi should work quite well for Pi Hole purposes. I recommend this Raspberry Pi 3B+ kit which comes with power adapter, case, and heat sinks. A kit is cheaper than getting the items separately.
- SD Card – I use Sandisk Ultra 32GB Micro SDHC UHS-I Card 98 MB/s.
- Power Adapter – This is already included in the kit listed above. Don't skimp on a power adapter. A bad one can ruin SD cards, among causing other problems.
- Ethernet Cable – Although you can use Wifi, I strongly recommend a wired connection for reliability since all your network DNS requests will depend on this.
In addition, you will access to a keyboard and monitor to connect your Raspberry Pi temporarily for setup (or your can use SSH for remote setup) and may be 1 to 2 hours to complete the setup depending on your proficiency. [Read: 15 most used SSH commands for Raspberry Pi – SSH for Raspberry Pi]
Step 2: Install Base OS – Raspbian Stretch Lite
Once you have Raspberry Pi and accessories, move on to setup the base operating system for Pi Hole. There are several that you can use, but I recommend Raspbian Stretch Lite, which is headless and uses very little resource. Don't worry, although the OS is headless (no GUI desktop environment) you can still manage Pi-Hole using its web interface.
Another good option for Pi Hole operating system is DietPi, which a customized and lightweight OS for Raspberry Pi. During DietPi setup, you will have the option to install Pi Hole (among several other apps). In this guide though, I will proceed with Raspbian Stretch Lite.
Head over to Raspbian download page and download the latest version (Buster at the time of writing this guide) of Stretch Lite OS. Either method (ZIP or Torrent) will work.
Once downloaded, insert your SD card into the computer, write the downloaded Raspbian Stretch lite image to the SD card. Note that this is NOT as simple as copying the zip file. You will have to use a utility such as Etcher to write the downloaded ZIP file to the SD card, as shown below.
Note that Etcher will format your SD card while copying the Raspbian image.
Step 3: Configure Raspbian Lite OS
Step 3a: Enable SSH Access (optional but highly recommended)
I strongly suggest enabling SSH access on Raspbian Lite as this allow you to remotely manage your PiHole server.
For this, insert the SD card with Raspbian Lite OS into your computer and create an empty file called ssh in the root/base folder of your SD card. [Read: Best SSH clients for Android: 10 free SSH Apps for remote admin]
On Windows, you can right-click and create a text file called ssh.txt (make sure Windows file extensions are turned on). Then, rename the file and delete the file extension.
On Linux and Mac, you can use touch ssh command to create the file.
Step 3b: Start Raspbian Lite OS
To start Raspbian Lite OS, insert the SD card into RPi, connect the ethernet cable, and power up it up.
If you did not enable SSH, then connect the Pi to a monitor and keyboard and continue with this PiHole tutorial. When the login prompt appears, use username pi and password raspberry to login. Once setup, you will rarely have to mess with your Pi Hole setup again.
If you do not have a monitor or keyboard attached to Raspberry Pi, you can connect to your Pi Hole through SSH. But for this, you will need your Raspberry Pi's network IP address.
Step 3c: Raspberry Pi's Network IP
Login to your Wifi router administration page, look through your list of connected clients and note down the IP address of your Raspberry Pi. In my case, it is 192.168.1.26.
While you are there, setup a static IP for your Pi Hole Raspberry Pi (this is required). Most modern routers rarely change the IP addresses of connected clients. However, when it does happen your Pi Hole instance will not be available and there is a good chance you may not have internet access as well.
The procedure to set static / fixed IP for clients vary by router. Check this page for some examples of how to do this. The screenshot below shows how to do this on UniFi controller.
Step 3d: Connect to PiHole Through SSH
Once you have the PiHole's IP address, use a SSH Client such as MobaXterm and connect to your Raspberry Pi through SSH using:
- IP Address / Host, which in this PiHole guide is 192.168.1.26
- Port 22
Use username pi and password raspberry to login.
Step 3e: Change Default Password
Raspbian Lite's default password, as stated above, is raspberry. For security, you must change this. One your logged into your Raspberry Pi command prompt (either through SSH or locally using monitor and keyboard), use the following command to set a new password:
That is it. You have now prepped your base OS for PiHole setup.
Step 4: Pi Hole Installation
To setup Pi Hole, from the command prompt (locally or remotely through SSH) use the following commands in sequence:
wget -O basic-install.sh https://install.pi-hole.net sudo bash basic-install.sh
There is also a one-line installation code. Although PiHole is trustworthy, piping in bash is risky. So I recommend the above method. Then, follow the PiHole installer prompts as shown below. Read through the introduction and press Enter to continue.
Next, you will see a donation screen. If PiHole ends up saving you bandwidth and improving network performance then I strongly recommend donating.
As stated before, a static IP is needed for Pi Hole to function properly. We already took care of this before so click “OK” and proceed.
Note that here, your router is acting as the DHCP server and giving our IP addresses to your devices (including PiHole). PiHole has DHCP capabilities as well, which means it can act as your DHCP server and assign IP addresses to your clients. Check the FAQs later in this guide for Pi Hole vs Router as DHCP server.
Next, you will have to choose which Raspberry Pi network interface to use. Recent models of Raspberry Pi have both wired (ethernet) and Wifi interfaces. As stated before, for reliability, we are going to use ethernet (eth0).
PiHole puts itself between your upstream DNS resolving server and clients. An upstream DNS resolving server is usually your ISP (many of them are notorius for hijacking searches etc.) although you may use other custom DNS servers such as Google's public DNS.
Recently, Cloudflare introduced its own privacy focussed DNS server. Unlike other DNS services that usually sell your DNS lookups data to ad companies, Cloudflare maintains no logs beyond 24h and does not sell your data. Therefore, we are going to use that one for our upstream DNS server. We will choose Cloudflare as shown below.
You may refer to this discussion and choose any other DNS provider you please.
PiHole blocks ads using blocklists which contain known ad serving domain names. PiHole has no domains listed in blocklists, to begin with. So you won't be blocking ads until you enable a few third-party blocklists. The installer offers you a list of suggested third-party blocklists. I suggest leaving the defaults enabled as shown below and continuing with PiHole installation. This will get you started with blocking over 100,000 ad/tracking domains, including google ads.
For protocol, select IPV4 (will work for most people). But you can leave the defaults as-is (we just won't use the IPV6 address)..
Finally, confirm the network and static IP details. Gateway IP shown here is the router's IP address, which PiHole installer should pull automatically.
Next, you will see a warning on IP conflict in case Pi Hole receives the same IP address as another device on your network. With modern routers, this should be a rare occurrence.
Then, you will an option to enable PiHole web interface, which I strongly recommend.
PiHole web interface needs a web server to be available over the web browser. PiHole comes with a lightweight webserver option using Lighttpd. For Pi Hole on Raspberry Pi, I suggest turning on the Lighttpd web server option, as shown below.
If you are installing PiHole on other platforms (eg. Linux home server, docker, etc.) and have separate web servers running, then you may want to consider disabling Lighttpd and making PiHole available through existing web server. Showing how to do this is beyond the scope of this PiHole tutorial. So we will keep moving with the Lighttpd option.
Next, you will see an option to enable or disable query logging. Querry logging gives you all the cool statistics about how many requests were blocked, etc. This is also important to troubleshoot if a legitimate website that you visit is not working properly. I have had troubles while signing up credit cards, online shopping through affiliate links, etc.
But leaving query logging on will increase writes to your SD card and reduce its life. I strongly recommend implementing ways to extend your SD card's life (described later in this guide). Choose On and proceed.
The final installer screen should show your password to use for the web interface. Note it down. If you forgot to note this down or would like to change the password, see the commands listed later in this guide.
What is the default Pi Hole Password?
Pi Hole does not come with a default password. It generates a unique password at the end of the installation, which has to be noted down. If you lost this password, SSH into your Pi Hole server and use the command pihole -a -p to reset Pi Hole web interface password.
All steps to setup PiHole are now done. You should see a Pi Hole installation confirmation message as shown below.
Note down your PiHole server's IP address, which in my case is 192.168.1.26.
Next, I will walk you through Pi Hole configuration.
Configuring Devices to Use PiHole
There is not a lot of configuring to do on Pi-Hole. You can actually start using it right away. But some basic PiHole configuration can make it even better. So let's get on with it. In short, you will have to provide your Pi-Hole server's IP address in place of DNS server IPs in your router/devices.
Note: Most devices provide options two list at least two DNS name servers. Unless you have two PiHole instances running at home, you will provide one DNS IP address and leave the other (rest) blank as shown below. If you specify a second DNS IP that is not a PiHole server, then ad blocking won't work on some devices. Having two PiHole instances is recommended if you are worried about one device failing and cutting off your internet temporarily.
Method 1: Configuring Your Router – Whole Home Ad Blocking (recommended)
To block ads on a network level, meaning all devices connected to your home network won't see ads, you will have to manually change or add your DNS server IPs on your router. Most routers allow manually setting DNS servers, but some do not make this advanced option available.
Custom router firmware such as DD-WRT, OpenWRT, and Tomato, open up this option among several others. So if you do not see an option to change DNS name servers, consider switching to one of the supported free alternate router firmware.
The advantage here is that there is only one place you will need to update your DNS server IP instead of each and every device (some devices do not even offer the option to change DNS). However, there are some disadvantages to letting your router handle DHCP while specifying preferred DNS:
- Per-host tracking will be unavailable – all requests to PiHole will appear as if they are coming from your router. My personal opinion is that this is not a big deal for a typical home user. I do not use it.
- You will not be able to connect to devices with their hostnames as PiHole cannot resolve hostnames. Again, not a big deal for a typical home user in my opinion.
If the above two disadvantages are deal breakers for you, then you partially overcome those by using PiHole Hosts file or fully by advertising PiHole's IP address via dnsmasq in a router (if supported). You will have to renew the DHCP leases provided by the router. The easiest way to do this is to restart the devices.
Alternatively, you may let your PiHole Server handle DHCP instead of your router, which would eliminate the disadvantages.
Method 2: Configuring Your Devices (not recommended)
The procedure to manually set DNS servers will depend on the device and the operating system. This process is tedious and not recommended. In addition, if your device leaves home (eg. mobile phones), you may not be able to connect to your PiHole server IP and therefore your internet won't work.
Typically, you will have to open the network connection and find the place to put in DNS server IP manually. Covering this beyond the scope of this guide. But here are some external references:
In the above references, in place of public DNS IPs (sometimes IP fields may be blank), use your PiHole IP address.
Pi Hole Configuration and Customization
To configure PiHole, you will have to access the web interface/dashboard.
How do I access Pi-hole Admin Dashboard?
Pi Hole Admin dashboard or web interface can be accessed using a web browser with the URLs http://IP-ADDRESS/admin/ or http://pi.hole/admin. IP-ADDRESS is the Pi Hole server's local IP address (eg. 192.168.1.26 in this guide). Login using the password provided by the PiHole installer.
How to configure Pi Hole? Well, in most cases, there is not much to configure on Pi Hole. But one good customization to know is expanding or editing your blocklists.
PiHole with third-party blocklists block over 100,000 domains. These blocklists are trusted and you would rarely have any false positives.
But most PiHole users may want to expand that (eg. for known malware/ransomware hosts). The PiHole community is excellent and several users have created and continue to maintain custom expanded blocklists. Wally's list is a notable one.
Once you have the list finalized, add it to PiHole blocklist by going to Settings->Blocklists, as shown below. If you went with one of the expanded blocklist, you may want to consider whitelisting some
Click Save and Update.
How to Test Pi Hole?
There are no specific ways to test if Pi Hole Ad blocker is working. Just visit a page that you know has ads (eg. News website) to check if the ads still show up. You may have to clear your web browser cache or use incognito mode. Here is an example Pi Hole test page you can visit.
Basic Pi Hole Commands
Almost all admin work to keep your Pi Hole setup running can be done through the web interface. But with commandline, you can do those and more (eg. changing web UI password). I am providing some useful examples below.
A lot more are documented here.
- man pihole – Latest documentation for PiHole
Change PiHole Admin Password
- pihole -a -p – Change WebUI password
Status, Realtime log and Statistics
- pihole status – Pihole Status
- pihole -t tail log – realtime log
- pihole -c – pihole statistics
Whitelist and Blacklist
- pihole -w -l – List Whitelisted domains
- pihole -w example.com – Add example.com to whitelist
- pihole -w -d example.com – Remove example.com from whitelist
- pihole -b -l – List blacklisted domains
- pihole -b example.com – Add example.com to blacklist
- pihole -b -d example.com – Remove example.com from blacklist
- pihole -up – Udpate PiHole
- pihole -l off – Query logging off
- pihole -l on – Query logging on
Enable Disable PiHole
- pihole enable – Enable PiHole
- pihole disable – Disable PiHole permanently
- pihole disable 10m – Disable PiHole for 10 minutes
- pihole disable 60s – Disable PiHole for 1 min
- pihole uninstall – Uninstall PiHole
Here are some Pi Hole tweaks that can make your Pi Hole setup even better.
Move Query Logging to RAM – Protects SD Card
Query logging provides a lot of useful information as shown below. In addition, you get a lot of statistics.
Extensive writing can damage the SD card. For this reason, I suggested turning off query logging. Note that this only affects the PiHole log and not the database that long-term database.
But what if you want to leave it on for all the useful information it provides? A good option, in this case, is to move your logs to RAM instead of SD card. So all your logs on Raspbian Lite operating system will be written to RAM instead of SD card, thereby prolonging the life of SD card.
For this, I use and recommend Log2ram. The GitHub page has all the information for you to get started and customize, which only takes about 5 min or less total. So I am not going to go into the details of setting it up in this PiHole guide.
DNS Over HTTPS
Pi Hole ad blocker is great for what it does, blocking ads. But your DNS servers (eg. your ISP, Google, etc.) can and do sniff to find out what websites you are visiting (even the HTTPS sites). This is because DNS name resolutions (eg. google.com is this internet IP) are done as plain texts. In addition, this also poses some level of security risk.
The solution here is to send even your DNS lookup through HTTPS protocol (encrypted). Not all DNS providers offer this (because they won't be able to track your activity). Cloudflare does provide DNS over HTTPS.
Setting up DNS over HTTPS with Pi Hole on Raspberry Pi, is quite easy. It requires commandline work but it is quite easy if you follow Pi Hole documentation for DNS over HTTPS.
How can I test if DNS over HTTPS is working?
Cloudflare has a test page that will provide information on your connection. Visit this page and it will tell you where you are connecting from, which DNS resolvers you are using, and whether the connection is secure or not.
Combine Pi Hole with Unbound
I have Pi Hole and DNS Over HTTPS, can I improve my privacy even more?
Definitely. Take a look at configuring Unbound with PiHole. Instead of trusting your upstream DNS (eg. Cloudflare's 220.127.116.11 or 18.104.22.168), Unbound, a recursive DNS resolver which will run locally, will connect to the responsible server directly. This will avoid the exact path you are visiting to be logged anywhere.
If you decide to setup Unbound, then make sure to disable caching and DNSSEC validation. Due to some existing DNSSEC bugs in dnsmasq, the developers recommend not using Pi-Hole DNSSEC with unbound or Cloudflared. You can disable DNSSEC using the Pi Hole admin dashboard (Settings -> DNS). Disabling Pi Hole caching requires setting the cache size to 0 in /etc/dnsmasq.d/01-pihole.conf, as described here.
If you see ads on some devices and not on some then try rebooting your router first to renew DHCP leases. If you still continue to see ads, then the DNS server IP may be hardcoded on the device (eg. Chromecast). Some allow you to change it and some do not. Look through your device's network or DNS settings to check if can change your DNS IP to your PiHole's IP or even better your internet gateway's (since you have already configured this to run through PiHole).
This happened when my SD cards failed. If you no internet, make sure PiHole is up and running by trying to SSH into it or opening the PiHole admin dashboard. If not try restarting Raspberry Pi by pulling the power. Another option is to restore your DNS server IPs on router/device back to upstream DNS IP (22.214.171.124 and 126.96.36.199 for Cloudflare or leave them blank to use your ISPs DNS). If the internet works, then the problem is with PiHole setup. You may try to reconfigure using pihole -r command.
Is Pi Hole legal?
Yes, blocking advertisements is perfectly legal and so are stopping malicious scripts and tracking codes. Blocking advertisements, however, is detrimental to content creators (especially those serve ads responsibly without ruining user experience). An unintended consequence of blocking ads is an increased number of ads for other users, so creators can continue to generate revenue.
Does Pi Hole slow down network?
No. In fact, Pi Hole can speed up your internet by saving bandwidth consumed by ads. This increases page load speeds significantly. In addition, it can reduce the number DNS lookup sent to the upstream DNS server (this is usually only a few milliseconds and barely noticeable).
Can Pi Hole block Youtube ads?
Pi Hole can block youtube ads. But this is a hit or a miss as the ad servers can change constantly. Furthermore, Google is known to serve both videos and ads from the same server. This means sometimes your videos may be blocked out as ads. I ran into this a lot.
But this has not stopped some users from creating and maintaining Youtube ad blocklist for PiHole. I have had good success with the following list:
How often are blocklists updated?
PiHole blocklists and whitelists are constantly updated and maintained by the maintainers. PiHole automatically updates your lists on a weekly basis (Sunday). Updating the lists more frequently is possible but typically unnecessary and increases server load.
Is there a good whitelist available for known resources?
If you expanded your blocklist, the chances there may be many false positives. You can manually whitelist them or use one of the user-maintained whitelists. Here is one that I have used in the past.
How can block cryptominers?
How can I whitelist referral/cashback sites?
Whitelisting domains used by sites like SlickDeals, Rakuten, etc. will allow you to earn your cashback and the site to get their referral fee from the advertiser. The whitelist linked above also has a list of referral sites.
Are there other similar alternatives to Pi Hole?
Sure. There are browser-based adblockers, which have existed for a long time.
Specifically, for network-wide / whole home ad blocking there is pfSense with pfBlockerNG plugin. But pfSense is too big and complex to use just for ad blocking.
Another Pi Hole alternative is AdGuard, which is gaining in popularity. AdGuard is easier to setup but getting all features requires you to pay. Pi Hole + Unbound gives you complete privacy while with AdGuard you will be trusting them with the URLs/domains you visit.
PiHole Tutorial – Closing Thoughts
I tried to cover almost all the basic instructions in this Pi Hole setup guide. There are several other advanced tweaks such as PiHole host file, dnsmasq in the router, etc. that were left out of this guide. But the information in this PiHole tutorial is more than enough to get you rolling with whole-home Ad blocking.
Once again, I want to reiterate that by blocking ads, you are essentially hindering content creativity. So if you visit legitimate sites that depend on ad revenue, then please consider whitelisting those. In addition, please consider donating to PiHole development.
I hope you enjoyed this Pi Hole ad blocker setup and configuration guide.
Other Good Reads
IPVanish VPN Exclusive Offer - only $4.12 per month:
Windows, Android, Ubuntu
OSMC on RPi
♦ Hide your browsing (no logs), Anonymize Streaming and Downloads
♦ Circumvent Geo/Country Restrictions and access worldwide content
♦ Works on Windows, Mac, Linux, Android, iOS, Router, and more
♦ Money back guarantee - Sign Up Now