
Pi-hole 5.0 - Iolaum
https://pi-hole.net/2020/05/10/pi-hole-v5-0-is-here/#page-content
======
fulafel
PSA: A RPi running Pi-hole is not a fire-and-forget item. The networked
software on it, including pi-hole, sometimes has security holes discovered and
exploited, and has to be kept up to date. See eg
[https://natedotred.wordpress.com/2020/03/28/cve-2020-8816-pi...](https://natedotred.wordpress.com/2020/03/28/cve-2020-8816-pi-
hole-remote-code-execution/) &
[https://www.reddit.com/r/pihole/comments/73tvdq/cve201714491...](https://www.reddit.com/r/pihole/comments/73tvdq/cve201714491_dnsmasq_vulnerability_and_pihole/)
& [https://www.cvedetails.com/vulnerability-
list.php?vendor_id=...](https://www.cvedetails.com/vulnerability-
list.php?vendor_id=8351&product_id=14557&version_id=0&page=1&hasexp=0&opdos=0&opec=0&opov=0&opcsrf=0&opgpriv=0&opsqli=0&opxss=0&opdirt=0&opmemc=0&ophttprs=0&opbyp=0&opfileinc=0&opginf=0&cvssscoremin=0&cvssscoremax=0&year=0&cweid=0&order=1&trc=16&sha=c1974d4b960eaac58e9ed44d9ad3a1136cbe3411)
(afaik Pi-hole is built on dnsmasq)

~~~
Doxin
Setting up automatic updates is probably a good idea.

~~~
willyyr
Can you recommend a good way to make sure the Pi and Pi-hole are always up to
date? I imagine a simple cron with pihole -up is not sufficient?

~~~
leonroy
I run this on a cron to auto update PiHole:

    
    
        #!/bin/sh
    
        LOG_FILE=/var/log/update_pihole.log
    
        echo "Starting upate" >> $LOG_FILE
        date >> $LOG_FILE
        pihole -up >> $LOG_FILE
        pihole -g >> $LOG_FILE
    
        exit 0

------
surround
Pi-hole is very easy to set up, and it works so well you can basically forget
about it from that point on. Blocking ads is nice, but it’s also a huge boon
for privacy. I run uBlock origin on all my browsers, but Pi-hole still blocks
30-50% of requests on my network. It’s also really nice to be able to glance
at the logs and get an idea of what’s going on on your network, or if there’s
any unusual activity.

I’m especially excited to see CNAME inspection. I was tired of trying to
figure out what domains like “xuenl4v1szy8g.cloudfront.net” were doing.

~~~
ciarannolan
>I’m especially excited to see CNAME inspection. I was tired of trying to
figure out what domains like “xuenl4v1szy8g.cloudfront.net” were doing.

Is there a good explainer for CNAME inspection? I'm not finding anything good
with my Google Fu.

~~~
dastx
Some ad agencies starting asking hosters to add a CNAME record to one of their
domains.

Let's say I have your own blog running on dastx.me, and I wanted some ads from
adgiant.com.

As an adblocker you've added `* .adgiant.com` to your blacklist and I'm an
asshole and try to circumvent such adblocking measure. Them young millennials
and their tech. Stealing me out of my money!

So I go to adgiant.com and ask them if there is something i can do.
adgiant.com asks me to add a new DNS record of `CNAME definitely-not-an-ad-
subdomain.dastx.me -> terribleads.adgiant.com`. This way, whenever I wanna
call terrible-ads.adgiant.com, I instead use `definitely-not-an-ad-
subdomain.dastx.me`.

When it comes to adblocking this is an issue because adblocking lists are
usually based on a blacklist. They'll have `*.adgiant.com` on the list but not
`definitely-not-an-ad-subdomain.dastx.me`, thus my ads will start working. We
could of course ad every subdomain we come across to the blacklist, but
suddenly our adblock list doubles, triples, quadruples or more.

What adblocking software do now, is they do a dns lookup for every domain, and
consider all domains in the result as the same. So if either of previous
domains are in the block list, both domains are considered blocked.

This CNAME method is also a huge security issue, but I'm not gonna go into
that.

~~~
xwdv
> This CNAME method is also a huge security issue, but I'm not gonna go into
> that.

I will. The CNAME method could potentially allow a malicious actor to harvest
user cookies, gain access to their accounts, and utterly destroy them.

~~~
lonelappde
That's how Microsoft Teams accidentally gave away their customers' credentials
to hackers, right?

~~~
breakingcups
Yep, that combined with an orphaned DNS record

------
aetherspawn
I just realised that if your router runs OpenWrt, you can install PiHole (an
equivalent of, rather) directly onto your router by installing the following
packages [1]

    
    
        dnsmasq
        adblock
        luci-app-adblock
    

You may also need

    
    
        libustream-mbedtls
    

Just tried it, works great. With a few small lists, the amount of blocked DNS
requests is floating at around 30%.

[1]: [https://openwrt.org/docs/guide-user/services/ad-
blocking](https://openwrt.org/docs/guide-user/services/ad-blocking)

~~~
netsec1337
[https://command.honestsec.com](https://command.honestsec.com) sounds
promising... looks like the system includes a secure router with secured
double layer dns filtering (local at source and upstream resolver).

------
iou
Alternatively for MAX_lazyness and convenience I've been using
[https://nextdns.io](https://nextdns.io), does all the same stuff and is the
alternative to cloudflare in Firefox for DNS-over-Https (DOH)

~~~
ciarannolan
Is there an advantage in sending all of your DNS queries to a for-profit
company vs. setting up your own Pi-hole?

Their privacy policy seems legit[0] but why trust them at all when Pi-hole is
an option?

[0] [https://nextdns.io/privacy](https://nextdns.io/privacy)

~~~
dogma1138
No additional hardware required, you can use it to provide some protection to
your family without having to worry about remote access to the Pi-Hole to
configure things, works for your devices on the go, cheaper than running pi-
hole in the cloud yourself unless.

Pricing wise it’s over 2 years worth of service for the price of an original
Pi, a good SD card and a case.

The only circumstances where Pi Hole is unquestionably superior is if you are
on a network that redirects all DNS requests there are still some ISPs that do
that however if you are on such network you probably want to either get off it
ASAP or use a VPN.

~~~
thecureforzits
FWIW, pihole is not tied to any particular hardware. For example:

[https://github.com/pi-hole/docker-pi-hole](https://github.com/pi-hole/docker-
pi-hole)

~~~
GekkePrutser
Yeah that docker is great! Though it lags behind a bit, it's still on 4.2.2.

~~~
promofaux
v5.0 image was released minutes after the main v5.0 release. I've personally
not tried :latest, but I am told that works. I prefer to use named tags

~~~
GekkePrutser
I don't think it's live on latest. I just did a fresh pull again (I did it a
couple hours ago too) but I don't see the new bar graphs nor the local DNS
option.

Edit: Oops I didn't wipe the container. Works now!

------
tryptophan
My pihole blocks about 20% of queries. I have noticed literally 0 changes in
my internet or computer using experience since installing it.

It's baffling how much useless telemetry and other crap there is, slowing
internet down and wasting cpu cycles.

~~~
Tepix
There's one thing i noticed: When I click on a twitter link, the first request
goes via twitter analytics and gets blocked. I have to click it again, the
second time it doesn't go to twitter analytics and the request goes through.

------
ryankrage77
> Much more efficient memory use.

This is more impressive than it sounds. My pihole currently uses about 25MB of
RAM with over half a million blocked domains and around 20 clients.

~~~
swaits
I'm curious what lists you're using that gets you to 500k blocked domains?

~~~
escuier
[https://dbl.oisd.nl](https://dbl.oisd.nl) has about a million. Using it with
minimal whitelisting for about a year, works fine

------
jftuga
Pi-hole on Apple Watch - just ran up a quick proof of concept. Would there be
any use/interest in this?

[https://www.reddit.com/r/pihole/comments/gathus/pihole_on_ap...](https://www.reddit.com/r/pihole/comments/gathus/pihole_on_apple_watch_just_ran_up_a_quick_proof/)

~~~
surround
That’s pretty neat! Do you plan on open sourcing it? I’m hesitant to trust an
application with my pi-hole api token (and with it, all of my browsing/network
data).

~~~
jftuga
It's not my project. I am using it from within Test Flight. It is great for
non-technical people who just need to temporarily disable Pi-Hole in order to
get some sort of functionality to work that wouldn't otherwise.

One idea that I want to explore is to create an Alexa Skill to temporarily
disable Pi-Hole. This has probably been done already.

~~~
jlgaddis
I don't have a link handy but someone mentioned in an HN comment a few days
ago that they created a "shortcut" on iOS that simply hits the Pi-hole URL to
temporarily disable blocking.

Seemed like a great way to handle that problem -- especially for the non-
technical people on your network.

------
fomine3
I prefer blocking ads by browser extension for PC/iOS and device local MiTM
solution (like AdGuard) for Android because these solutions can block more
precisely and easier to unblock things permanently or temporary, compared to
DNS server solution like Pi-hole or NextDNS. Why choose DNS solution? I
suspect the reasons are maybe like for lower resource usage (especially for
smartphones), works for smart device like TV.

~~~
matt-attack
Content Blockers only work in Safari. There are a host of other apps that I
use that are susceptible to ads and tracking. (e.g. Apple News, Apollo (reddit
app), hacker news apps, etc. )

~~~
jereees
MiTM solutions work for other apps too.

------
syphilis2
I like Pi-hole, but

pi@pihole:~ $ pihole -up

    
    
      [i] Checking for updates...
      [i] Pi-hole Core:     up to date
      [i] Web Interface:    up to date
      [i] FTL:              up to date
      [] Everything is up to date!
    

pi@pihole:~ $ pihole -v

    
    
      Pi-hole version is v4.4 (Latest: v5.0)
      AdminLTE version is v4.3.3 (Latest: v5.0)
      FTL version is v5.0 (Latest: v5.0)

~~~
technovader
Were you on the beta?

Try this pihole checkout master

~~~
syphilis2
Thanks for the suggestion, it's neat that pihole maintains a git repo like
this. I didn't get a chance to try it out though, I just installed from
scratch.

------
xref
Is there a way to quickly disable/re-enable pihole for the network?

With AdGuard DNS or uBlock Origin I still get into situations where
occasionally they break a site completely and I have to temporarily disable
the plugin (or switch to cell tower dns) to get the site working, so I’d want
a quick way out of pi-holing traffic as well

~~~
arthurfm
> Is there a way to quickly disable/re-enable pihole for the network?

Bookmark the following URL

    
    
      http://pi.hole/admin/api.php?disable=120&auth=PWHASH
    

Replace PWHASH with the value of your WEBPASSWORD in setupVars.conf

    
    
      cat /etc/pihole/setupVars.conf | grep 'WEBPASSWORD=' | cut -c13-
    

and '120' with the number of seconds you want to disable the Pi-hole filtering
for.

~~~
andrei_says_
Thank you, I’ve been needing to do this frequently.

~~~
theshrike79
What kind of sites, if you don't mind sharing?

I've been using pi-hole for 4 years now and I can remember two situations when
I had to disable it - and one of those was cloudflare's fault (PS4 cloud saves
don't work with 1.1.1.1 DNS)

~~~
Tepix
If you download minecraft mods they are often hosted behind some forced ad-
showing website (ad-fly or something). That can be a problem with pi-hole.

------
jonahx
I get a "This connection is not private warning" when trying to read this.

~~~
surround
[https://web.archive.org/web/20200510233013/https://pi-
hole.n...](https://web.archive.org/web/20200510233013/https://pi-
hole.net/2020/05/10/pi-hole-v5-0-is-here/)

------
A4ET8a8uTh0
Per client blocking is clearly the biggest change. I am excited about this.

~~~
barney54
What is the use case of per client blocking?

~~~
beervirus
Blocking Facebook stuff on every device except my wife’s phone.

~~~
Spivak
Why not just tell your DHCP server to give her the regular DNS servers? Is
this situation where she wants ad blocking but still wants to use FB?

~~~
slau
Not OP, but in my case, most of my VLANs can’t perform DNS requests to WAN.
Only the pi.hole server is able to do that (and other devices in the DMZ).

Reasoning: appliances like Chromecast/Apple TV/whatever will often ignore DHCP
DNS settings if it doesn’t resolve, and they’ll reach out to 8.8.8.8/8.8.4.4
directly.

------
gclawes
Is the cert on pi-hole.net broken for anyone else? It's returning a cert for
CN = *.sucuri.net

~~~
Havoc
Yeah

~~~
gclawes
HN hug of death maybe.

------
notkaiho
Pi-Hole has made my home browsing experience so much better since setting it
up. Minimal resource overhead, maximum results - and if you care about stats
those are available too but I just turned all logging off.

Now if it could just filter out YouTube ads...

~~~
xienze
> Now if it could just filter out YouTube ads...

Ive heard that the problem is that the native YT apps come with a big list of
IP addresses for the ad servers, instead of doing lookups.

~~~
dahfizz
If true, it would be pretty easy to grab those ip addresses from the binary
and add them to a firewall.

A firewall is a little more than what I would trust to a raspberry pie,
though...

------
lonelappde
I set up pihole on docker on Windows and it worked great until I rebooted and
then the pihoke server (both ports 53 and 80) was unreachable from outside
docker even though docker claimed to be forwarding the ports.

So I switched to AdGuard DNS on my devices.

~~~
aembleton
Had the container started up?

------
Tepix
Looks good! Is anyone else getting this during the update?

    
    
        [i] Target: https://hosts-file.net/ad_servers.txt
        [] Status: Connection Refused
        [] List download failed: no cached list available
    

Looking at the query log, I see a fairly large amount of requests 24/7 by my
Xiaomi robot vacuum and my Xiaomi desk LED Desk Lamp. I've blocked both of
them. Is there any way of disabling the wifi on the desk light completely?
Right now i've connected the lamp to my Wifi and blocked it at the router to
prevent it from starting its own WiFi network.

~~~
surround
I’m not familiar with the desk lamp, but take a look at Valetudo for your
vacuum.

[https://github.com/Hypfer/Valetudo](https://github.com/Hypfer/Valetudo)

------
senectus1
haha, just got around to setting up my pi-hole again this weekend... I was
wondering why it didn't install 5.0

Just jumped onto it and kicked off a "pihole -up" and off it goes upgrading
beautifully.

pihole is a massively underrated project.

------
disiplus
does anybody know how to properly secure the the DNS server from replay
attacks with iptables.

i have a pihone running on a cheap vps on internet, but i connect to it with a
vpn and that's draining my smartphone battery. i want to be able to change
only the dns settings and point to my pi-hole. but at that time the
recommendation was to not run the dns part on the internet because it could be
used for dns replay attacks. i found some iptables rules on the net at time
but was not sure are they ok. i did not want the ip address blacklisted
because i was running some other services on that server.

~~~
surround
The official documentation includes a tutorial on how to use pi-hole with
OpenVPN. This section describes how to use the VPN for only DNS requests:

[https://docs.pi-hole.net/guides/vpn/only-dns-via-vpn/](https://docs.pi-
hole.net/guides/vpn/only-dns-via-vpn/)

A Wireguard setup would probably be even less resource intensive if you know
how to set it up (there’s no official tutorial for Wireguard).

Do not open your pi to the internet, I doubt the iptables rules would be
sufficient to protect it.

~~~
ignoramous
> _...there’s no official tutorial for Wireguard_

To run a split wireguard-tunnel to a DNS server, add its IP to the _allowed-
IPs_ list:
[https://www.reddit.com/r/WireGuard/comments/bqccdz/split_tun...](https://www.reddit.com/r/WireGuard/comments/bqccdz/split_tunnel_for_only_dns_possible/)

If you're on an Android phone, apps like Blokada (plain old DNS), Nebulo (DoH
and DoT), Intra (DoH) can split tunnel traffic to a DNS server of your choice.
Note that, Android 9+ supports DoT, out of the box. Look for the _Private DNS_
setting.

------
ThePowerOfFuet
I have no connection to NextDNS other than as a very satisfied user, but my
Pi-hole got decommissioned a few weeks ago as a result of my discovery of
NextDNS.

I also run their DNS53-to-DoH proxy on a small VM and that VM's IP is the
first DNS server in the DNS server list included with DHCP leases (with
NextDNS's public IPs as the second and third, losing host-level
granularity/logging if the VM is down for whatever reason).

------
windex
Donated once to this fantastic project. I have it running on a
VPS+wireguard+firewall and all devices configured to use it even when I am out
and about and using the mobile. It performs well enough that all of my family
is on it now as well. It's chugging along fine on a 3$ a month VPS and
accessible only when logged in via wireguard.

Wireguard is working so well, that I am now thinking of starting up additional
services for the family to use. Voip/Filestore, pic library etc etc... all
firewalled of course.

------
8589934591
Can someone please explain how exactly does this work? So I have an ubuntu
system. Is it ok to just install it in my local system alone and use it? Or
should I be doing something to connect to a modem or something? I currently
use my phone as the hotspot for my computer.

If I install it say in a remote server in digital ocean, how can I use my
phone/computer to use pi hole?

Still a noob when it comes to networking so any help is appreciated thanks :)

~~~
jve
Not an expert with PiHole other than having set-up one myself not so long ago.

It is a DNS server. Basically whatever you put into DNS Server list on your
device (some host on local network, some host with public IP) - your device
will send DNS queries to THAT host.

More often than not, you will configure your router to hand out your local
devices these DNS servers via DHCP.

So that answers the question: you can host it on local network or use remote
server (given you have public IP and can open port 53/UDP). If you don't have
firewall there, you will probably be configuring host local firewall to allow
using DNS from hosts@home. It may get complicated if you have a dynamic
address for your home router.

------
j1elo
Server is down, right? Not for this case (which I assume is caused by the HN
effect) but one downside of this kind of blockers (I also use uBlock in the
browser) is that when something doesn't work well in a website, I'm never
confident that it's because the site is broken and not because my blockers are
breaking it :-)

I know, you can just disable the blocker and try again, but doing so from my
phone is not very convenient...

------
hendry
Docker image broke for sometime back and its one of the projects that doesn't
fix bugs before implementing new features: [https://github.com/pi-hole/docker-
pi-hole/issues/559](https://github.com/pi-hole/docker-pi-hole/issues/559)

Good luck guys!

------
foob4r
Woohoo been waiting for this for months.

I host pihole on a home server in a docker container and spend 5 mins a month
just updating it. No other administration. Definitely use it to get rid of
trackers and ads.

(I should add that I also pay for about dozen publications/newspapers that I
read frequently in lieu of not seeing ads)

~~~
asadhaider
Look at Watchtower [0] to keep your containers up to date automatically.

[0]
[https://containrrr.github.io/watchtower/](https://containrrr.github.io/watchtower/)

------
whalesalad
Just did a `pihole -up` from 4.x and it went off without a hitch. Love the UX
of the entire Pihole stack!

------
bni
Does it support blocking YouTube ads yet? I mean the short video ads that
interrupt the videos

~~~
aembleton
No they come from the same domain as the video that you are trying to watch.
If you want to block YouTube ads, then use uBlockOrigin.

~~~
ekko911
I though they had multiple domains instead for most ads? As seen here (however
this is 4 years ago) - [https://discourse.pi-hole.net/t/how-do-i-block-ads-on-
youtub...](https://discourse.pi-hole.net/t/how-do-i-block-ads-on-youtube/253)

If this is still true, this pi hole update might solve those ads at least?

------
IntelMiner
Cross-posting from my comment on Reddit's /r/Linux

I'm a little disappointed that they seem to be very uninterested on how to get
it working on "unsupported" configurations

My x86 gateway currently runs on Gentoo (PFsense kept having random crashing
issues) and it's something I'd love to add to it

as far as I can tell all Pi-Hole needs is

\- Lighttpd + PHP (web management portal)

\- DNSMASq (DNS)

\- DHCPD (DHCP)

\- git (blocklist updates?)

There was a single github issue tracker where someone got it working fairly
easily (essentially saying "please install package X/Y/Z" during setup) which
was closed by the developer as "only two people have asked about Gentoo"

I know Gentoo is fairly niche as far as distributions go, but seeing popular
software moving away from "here's how to compile/install it" to "here's a
docker container/here's what "we" support" is very disheartening

~~~
encom
I've made this exact argument before, but it was unpopular. I maintain that if
your software distrubution model is writing ISO files to SD cards, it's about
as retarded as piping `curl` into `bash`.

I too run a Gentoo server at home (fist bump), and I'm running `dnsmasq` for
filtering and caching, and `stubby` for DNS-over-TLS, and I run this beauty of
a cron job every morning:

    
    
        curl -s --compressed -o /var/lib/dnsmasq/hostnames.txt https://raw.githubusercontent.com/notracking/hosts-blocklists/master/{hostnames.txt,domains.txt} | sed -e '/::/d' -e 's/0.0.0.0//g' -e '/thepiratebay/d' > /var/lib/dnsmasq/domains.txt && rc-service dnsmasq restart

~~~
StreamBright
The result of this looks a bit mixed up. Are you sure that sedding 0.0.0.0
works? There are some spammers who include 0.0.0.0 in the domain name for
example. I used positional splitting with awk to do the same. That worked very
well.

~~~
encom
The `sed` turns this

    
    
        address=/example.com/0.0.0.0
    

into

    
    
        address=/example.com/
    

...which makes dnsmasq return NXDOMAIN instead of 0.0.0.0. I think that's more
correct.

~~~
StreamBright
What about 0.0.0.0.nastydonain.com?

~~~
encom
Yes, I should fix `sed` to only match end-of-line.

------
liotier
Is there any value in Pi-hole for people already running Unbound with a bunch
of adblock blacklists ? With OPNsense, it is a three-click setup.

Found one feature: per-client blocking. Anything else ?

~~~
surround
I run Unbound alongside Pi-Hole. I’m not familiar with all the features of
OPNsense, but pi-hole is convenient because it

\- automatically updates the block lists each week

\- supports regex filters

\- has a admin web interface which makes it easy to view statistics and
filtering log, edit the whitelist/blacklist, etc.

~~~
liotier
Integration of Unbound in OPNsense has the basics - the web interface lets one
edit access lists, blacklists etc. but no statistics dashboard or
sophisticated log processing. It supports lists with regex though.

Updating automatically requires a cron job, which has to be added by the
administrator using the GUI - adding it automatically is a future feature.

------
baicunko
I've always planned on building a free DNS using pi-hole. Any comments on
this? Will you use it? (I understand privacy is an issue, how to better
address this?)

------
jojo14
Dear Pi-hole devs & maintainers: thank you very much !

------
Max_aaa
I run my pihole within LXD on my home server, found it much easier than to
maintain another device. Also much more responsive.

------
drukenemo
Literally 1/3 of my traffic is blocked by Pi-Hole as it's tracking/ad crap.
That's impressive stuff!

------
akerro
Which docker image do I use on raspberry pi 1 B? None of them seems to work,
all crash on step `[20] pihole exited 267.`

------
formalsystem
I had setup Pi-hole and it was blocking something like 66% of my internet
traffic which amounted to ads and spyware.

A couple of days later, it just mysteriously stopped working and I couldn't
for the life of me figure out why. My theory is that AT&T detected my blocking
and blocked my internet as a result. Is that too much of a tin foil hat
theory? How can I know for sure?

I don't know too much about computer networking, only the basics.

------
Havoc
Per client blocking looking fab.

...I've got some sketchy IOTs that I've been meaning to lock down a little
more.

------
yalogin
I have never used this but how does it block ads on https pages? Or am I
misunderstanding pi-hole?

~~~
snazz
Browsing sites served over HTTPS still requires querying a DNS server to
figure out what IP address to connect to. Pi-hole acts as a DNS server and
returns invalid results when asked for the IP of a blocked site. Ads are
served from a separate domain from content, so they can be blocked without
affecting the content.

~~~
yalogin
Oh great point. Thanks for the explanation.

------
ycombonator
I host pihole on Digital Ocean. Updated DNS on all my home clients. Smooth and
adfree

~~~
nobodyshere
I do it on a PoE powered raspberry pi. Minimal effort, zero maintenance, no
fees other than the initial purchase.

~~~
hbcondo714
Do you use a PoE switch for this?

~~~
nobodyshere
I use a ubiquiti switch. I've decided to build my network with PoE in mind and
one central location to power it all, backed up by a UPS.

------
cgranier
So, what's the easiest way to install this on a Comcast household network?

~~~
muzakthings
I have Comcast. I did it with this guide: [https://willdrevo.com/blocking-ads-
with-pihole-mac-os-x-ipho...](https://willdrevo.com/blocking-ads-with-pihole-
mac-os-x-iphone-raspberry-pi/)

~~~
cgranier
Thanks. I'll take a look at it.

------
rubidium
Good place to ask: in addition to setting up pi-hole or
[https://nextdns.io/](https://nextdns.io/), what browser or device based
blockers should be used?

Anyone have the run down on Adblock plus Privacy badger UBlock origin Etc??

------
pizza
Does anyone know if pi-hole lets you see per-client bandwidth usage?

~~~
dtparr
It can't. There pihole only sees your DNS requests, not any other traffic, so
it can't tell if you pulled 100 KB or 100 GB from that domain you just looked
up.

It does show you DNS requests counts and such per device, but that's a poor
proxy for bandwidth.

------
jacobush
But don't new browsers and Android use their own DNS servers?!

~~~
aembleton
Yes, but you can change them.

------
iRobbery
Neat app, not using it though due to lack of quality control in the
blocklists. Are there any changes yet to the quality control of the blocklists
used, or is the author still copying lists from the internet without scrutiny?

------
pragmatic
Ok, I give, what is a "gravity database"?

~~~
asadhaider
Pi-Hole maintains a gravity list (list of domains to block), which is
constructed from all the block lists to which you subscribe (public lists),
along with your whitelist. [0]

[0] [https://discourse.pi-hole.net/t/does-pi-hole-keep-the-
lists-...](https://discourse.pi-hole.net/t/does-pi-hole-keep-the-lists-
updated/13224/2)

------
popotamonga
When i uninstalled it broke my linux dns, keeps getting changed to localhost
automatically. And om not expert enough on linux to fix it.

------
x3blah
"Javascript is required. Please enable javascript before you are allowed to
see this page."

Required to read the text of the announcement. No. Required to make donations
via Stripe. Yes.

RSS does not require Javascript. Looks like the full text announcement.

[https://pi-hole.net/feed/](https://pi-hole.net/feed/)

Alternatively:

    
    
       echo 159.203.180.3 pi-hole.net >> /etc/hosts

~~~
x3blah
Looks like they fixed the issue.

The above is no longer needed to avoid the Sucuri interstitial page.

