Raspberry Pi – PiHole DNS Server


NOTE: I had to disable the systemd-resolve service so that DNS requests where resolved by PiHole and not the default system service.

$ sudo systemctl disable systemd-resolved.service

$ sudo service systemd-resolved stop

Running your own network wide DNS server can have its benefits. The reason for me setting this up is that I finally got fed up seeing large, in your face, adverts on my phone at home. I decided that this would also be a good time to test out HypriotOS, a container orientated operating system for the Raspberry Pi.

Setup

Creating the SDCard image is no different to the usual method. Grab the latest download form Hypriot here. I use etcher.io to flash my SDCards but use whatever tool works for you. Now that we have a functional Pi, the first thing to do is change your password from the default ‘hypriot’ to something more secure than this.

Note: This is also a great time to set up your SSH keys if you want them

PiHole

Setting up PiHole is super easy now that we have docker-compose at our disposal. Create a new file called ‘docker-compose.yml’ and enter the following:

version: "3"

services:
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    restart: unless-stopped
    ports:
      - "53:53"
      - "67:67"
      - "80:80"
      - "443:443"
    environment:
      TZ: "Europe/London"
      WEBPASSWORD: "my_secret_password"
    dns:
      - 127.0.0.1
      - 1.1.1.1
    volumes:
      - ./pihole/etc/:/etc/pihole/
      - ./pihole/dnsmasq.d/:/etc/dnsmasq.d/
      - ./pihole/pihole.log:/var/log/pihole.log
    cap_add:
      - NET_ADMIN

Some brief explanation. The ports required are for DNS requests and the web front end. The DNS sections specifies teh default DNS servers to use. By default we want to use the PiHole dns at localhost but if not we will be using Cloudfares DNS (1.1.1.1). The NET_ADMIN section allows for the docker container to modify the network stack without running in the full privileged mode.

That’s basically it! Run the following command to start the PiHole server and you are ready to start blocking ADs:

mkdir pihole
touch pihole/pihole.log
docker-compose up -d

Now that your server is up you can log into the web interface found at http://{pi-ip-address}/admin/index.php?login and login with the password you specified in the docker compose file. Once logged in, head over to the settings page and click on the “Blocklists” section. Here you need to add the lists that you wish to block. To find links for block lists I suggest a quick Google for “pihole block lists” and then reading some of the posts from https://discourse.pi-hole.net.

Now we have the server up and running with all our blocklists setup we need to tell our devices to use this DNS server instead of the network provided one (usually specified by your router). All these processes will be different for your devices so do a Google for whatever operating system you have e.g. windows, iOS, android etc. and tack on the end “change dns server”.

Note: You could also change the default DNS server in your router settings so that every device on the network automatically uses this server