posts/2020/05/17/what-i-learned-after-using-pihole-for-a-week #28
Comments
|
One note - you wrote that something is either blocked, or it isn't, regardless of context. That's not exactly true. You can define groups of clients that get pi-hole protection, or don't. Now, this may not be enough flexibility for some people (and it sure would be nice to be able to define group access at the list level, rather than globally), but it does give some flex. For instance, my work PC does not get any of the blocklists, as I don't want the pihole to compromise any of the software testing I'm doing. Overall though this is a great overview of the tool. |
|
@iamamish by context, I meant more along the lines of specific use. For an instance, I want to blanket block all ads, but as an Ecosia user, I some times want ads to work properly. uBlock has a feature that lets you disable stuff temporarily, for an instance, so if you want to get past a blocked site once, you can. It's tricker with pi-hole -- it doesn't have context-based blocks or rules in the same way as uBlock. You're still right, but that type of change is a device-based whitelist. Device-based blocks does little for per-site needs, which is what I was referring to in the post. That being unclear is my bad though ^^" |
|
What about PiHole performance compared to regular DNS through router? Did you use an rpi3 and how would that compare to a rpi2? |
|
@finite9 No clue. Haven't noticed any loss of performance, but I don't have any numbers to verify it. Won't be getting any either, because benchmarking other programs is kinda boring. I used a Pi 3B+, and I have no idea how that performs compared to an RPi 2, but considering Pihole isn't the biggest resource hog in the first place, I imagine there isn't that big a difference. Can't verify because I don't have an RPi 2 to compare to, and for the reason mentioned about general benchmarking |
|
I have a (ahem) busy lan at my house and do not wish to have any any network downtime. So I run 4 different piholes, two of them on Pi3B+ squeakers and two of them in dockers in separate app development servers. They are all configured with more than a dozen blocklists and I've been running this configuration for several years. You covered many of the same pros and cons that I've experienced in your article. But I feel that you've left out some very key benefits, some of which are:
|
|
@boydbadten your third point is actually a really interesting use-case. I don't have a lot of those, unfortunately, because most of the tracking on the sites and whatnot I use tends to be a part of their public API, and not as a separate server. I didn't list local DNS entries, because I only use it for my pihole dashboard (using As for your first point, someone also confirmed that RPi 2 didn't result in any performance issues. They didn't comment here, and I forgot to follow up with a comment here, but it doesn't particularly come as a surprise. Unless it's, for some reason, horribly optimized, the generation difference isn't really enough to cause a severe slowdown for most typical traffic. How do you manage four instances of pihole though? Do all of them have separate dashboards and config, or are they synced? |
|
Ha! ---I thought you would like that third one. Setting up the piholes....hmmm. The most time consuming thing is populating the local DNS entries---I have about 26 of them. I head the IT crew for a small NPO which depends ( a lot) on testing/developing in sandbox environments. To save money I host them as VM's and dockers in basement servers and proxy them through a really slick app called SWAG that tacks on a cert and serves everything via https: https://docs.linuxserver.io/general/swag So most of the custom DNS entries in the piholes point to that one SWAG proxy IP which makes setup pretty easy. But---there is a feature in Pihole that lets you propagate any of the following configs between Piholes---it's called "Teleporter" and is found under "Settings". It let's you backup/restore any of these settings between pihole instances: Whitelist (exact) I just noticed your blog entry about adding a certificate for an internal app. It's something that a lot of developers have to find a way to do since their apps probably won't behave well without it. I've messed with a number of solutions over the years, but this app called SWAG running in a docker is the bomb. I run that in a RPi also, under docker. All of my piholes are accessed via different tabs/dashboards, yes. Does not bother me. I set up different servers and humans in the house to mostly use one or two of the piholes. It's interesting that way to see who is attracting the most crap with their browsing and other behavior. And yes, cell phones are just atrocious, noisy little beasts when it comes to telemetry and spying. |
|
In case I missed it in your posting or comments: But do you have any insights of your network, regarding any device/software using it's own DNS rather your pi-hole? I read sometimes Google/Android uses e.g. 8.8.8.8 no matter what your DHCP server announced. |
|
I can't say absolutely one way or another. I haven't done any definitive tests on that----but I have heard that they do that. Actually, I do have some anecdotal observation about this. My wife and I keep our wifi turned on in our Android phones most of the time. And when I made a manual entry in the Pihole Local DNS routing to send their telemetry to a local IP ( a linux machine that will simply refuse the connection) I began to see thousands of these telemetry dns lookups being piholed in the logs. So yes, I have some evidence that Android phones do pay some attention to a wifi designated dns server. If you're only working on 4G or 5G then not gonna happen---of course. The only devices on my lan that I've programmed to get lookups outside the lan are the piholes themselves and the main router. |
|
Youtube ads can be removed by the Brave browser. using PiHole and Brave browsers "Shields Up" is very effective. |
|
@boydbadten "Local DNS entries" - can you expand on this point a bit. How? |
|
I mean, how do you map a DHCP assigned IP address? You can't right? They need to be fixed IP's. |
https://discourse.pi-hole.net/t/howto-using-pi-hole-as-lan-dns-server/533
Generally. Pi-hole can be used as a DHCP server though, so it might be possible if you use that. I'm not sure though, I've never tried, and I'm not entirely clear on what it can be used for outside the IP assignment. You can configure static IPs in your router's DHCP server though, which is really convenient for local webservices. |
|
If you would like to resolve addresses for lan devices, I have to assume
they are servers or have server-like services-----why would you NOT use
static IP addresses? But yes, you can allow Pihole to manage dhcp also if
you don't want to manage static ip addresses--that's part of the reason
they added that feature.
…On Thu, Mar 9, 2023 at 3:36 AM Olivia (Zoe) ***@***.***> wrote:
@edgegit <https://github.com/edgegit>
"Local DNS entries" - can you expand on this point a bit. How?
https://discourse.pi-hole.net/t/howto-using-pi-hole-as-lan-dns-server/533
I mean, how do you map a DHCP assigned IP address? You can't right? They
need to be fixed IP's.
Generally. Pi-hole can allegedly be used as a DHCP server though, so it
might be possible if you use that. I'm not sure though, I've never tried.
You can configure static IPs in your router's DHCP server though, which is
really convenient for local webservices.
—
Reply to this email directly, view it on GitHub
<#28 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AB66ALTQIDU5PLR4NZ3P57DW3GXEJANCNFSM4WT3DOQA>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
|
Thanks @LunarWatcher & @boydbadten Of course, I have my devices with "server-like services" with static IP addresses, that's the easy bit for me to understand. The bit I don't follow, is how to manage DHCP devices when there's no (obvious) link to the MAC address or something. From what I can see you create a list of local DNS entries where a name is assigned to an IP Perhaps I should stop reading and just implement it to see how (if) it works. |
What I learned after using pihole for a week | LunarWatcher
https://lunarwatcher.github.io/posts/2020/05/17/what-i-learned-after-using-pihole-for-a-week.html
The text was updated successfully, but these errors were encountered: