Saewyc Home

Pi-Hole

Pi-Hole is a tool we have added to our network to improve security and control online.

Our home network is not something we can share with family except when they are visiting. But, when they do, we have the cutest, tiniest, little device making their internet experience just a little bit nicer, a little bit faster.

Pi-Hole is a surprisingly sophisticated software project which operates as a DNS sinkhole to preventively redirect internet requests to itself, and serve up minimal content in response. This is both a security and control measure - adwares delivered by internet publishers are infamous for exploiting vulnerabilities to infect and harm users, spy on them, or even simply steal their resources (such as cpu cycles or bandwidth) for their own purposes (e.g. mining cryptocurrency or p2p media streaming.)

The system is easy to install and use on many single-board computers such as the eponymous Raspberry Pi, where it all started. Even though it is 'easy', it does still require a bit of knowledge about how to interact with remote computers via SSH, enough to be comfortable using the command line interface. From there it is just copy/paste a series of commands, answer a few questions to customize the installation for your network, and then modify a setting on your router so it will use the Pi-Hole for DNS.

The system also installs an api and a web server which gives you the dashboard to control and monitor the software. From here I can see the most-common domains served (such as our cloud, a couple mail servers, one device's operating system updates repository, a news source and its content delivery network…) and the most-commonly blocked domains (the top three are all Google, and account for more than half of all blocked queries.)

The dashboard gives considerable access to the power of Pi-Hole, including custom white-/black-listing of domains, and how private to make the traffic - because maybe the sysadmin (me) should not know what sites people on the network are going to visit (10k hits to icanhas.cheezburger.com?) Because Pi-Hole also includes a DHCP server, you also use it to manage lan device IP leases.

While we have not yet implemented this feature yet, the Pi-Hole project has carefully documented how to set up a VPN server to allow using your home network installation even when you are not at home via either Wireguard or OpenVPN. It is definitely in our future plans.

We are currently running this on an insanely twee Raspberry Pi Zero WH, which is a bit larger than, say, two USB sticks. It has a postage-stamp-sized screen reporting a few Pi-Hole stats at a glance; the whole thing was purchased as a kit.