
Pi-Hole – A black hole for Internet advertisements - tosh
https://github.com/pi-hole/pi-hole
======
ignoramous
I absolutely love the DNS based solution for ad-blocking and preventing
tracking. I use AdGuard DNS on my PC (DNSCrypt) [0] and phone (DoTLS) [1], and
it has improved performance of apps (not just websites), 'cause I guess
there's a lot less going on under the hood now (trackers like new-relic and
segment might be consuming a good percentage of resources which they wouldn't
now since their domains are NX'ing?).

What am I worried about is DNS based black-holing is trivial to workaround
against (as an ad-provider, one could simply force use a custom DNS client and
pin to a DNS resolver of choice) [2][3][4]. What's next for pi-hole and
solutions like AdGuard DNS short of re-writing packets going through UDP/53?
Not sure how one would intercept the DoTLS / DoHTTPS connections, to rewrite
those.

I'd like to hear if anyone has some thoughts on this, or if this has been
discussed elsewhere.

[0] [https://simplednscrypt.org/](https://simplednscrypt.org/)

[1]
[https://news.ycombinator.com/item?id=18788410](https://news.ycombinator.com/item?id=18788410)

[2]
[https://news.ycombinator.com/item?id=19170671](https://news.ycombinator.com/item?id=19170671)

[3]
[https://news.ycombinator.com/item?id=19106023](https://news.ycombinator.com/item?id=19106023)

[4] Firefox 64 for PC, by default, was configured to ignore OS/Network
Interface provided DNS resolver and used CloudFlare's over HTTPS.

~~~
1over137
Re #4: really?! I missed that news. Sounds horrible. So instead of using my
ISP, that I chose and trust, all my DNS queries now go to some foreign
megacorp?!

~~~
meowface
This is also the first time I heard about it, but my immediate reaction was
"sounds amazing".

\- Removes all DNS leak privacy issues, for all Firefox users, automatically

\- Removes all possibility for a MitM to view or corrupt DNS queries or
responses, for all Firefox users, automatically

And Cloudflare claims to delete all DNS-related logs of Firefox users within
24 hours: [https://developers.cloudflare.com/1.1.1.1/commitment-to-
priv...](https://developers.cloudflare.com/1.1.1.1/commitment-to-
privacy/privacy-policy/firefox/)

Even if you distrust Cloudflare or think they're not secure against breaches,
it's still a massive security and privacy upgrade over using your ISP's DNS
servers, which will pretty much always leak sensitive information about your
connection (potentially leading to deanonymization while using an anonymizing
service) _and_ send/receive everything in unauthenticated plaintext.

And in addition, your ISP likely is less trustworthy and less secure against
breaches (even if you aren't using Comcast, Verizon, or AT&T) than Cloudflare.
But again, even if you don't trust them, this would still be the best move for
security.

Plus it's a big latency decrease and performance boost for most or all users.

~~~
1over137
Sure it has some advantages, but it has disadvantages too. It really erodes my
trust in Mozilla that they did this without notification upon upgrade, and as
opt-out instead of opt-in.

My ISP is trustworthy and is in my own city/country. Today I've discovered
that all my DNS queries now go to a foreign company that I know nothing about,
and did not consent to communicate with.

I'm all for encrypted DNS, but I'm not for my DNS server choice being silently
overridden.

~~~
philliphaydon
How do you feel that even with your isp your data still passes through servers
in multiple countries before it gets to you? When you request to view a site
it’s not a single hope from you to the server the site is hosted on.

~~~
gdfasfklshg4
Is that not the point of SSL?

~~~
bobwaycott
DNS is in the clear by default.

~~~
gdfasfklshg4
I thought that once DNS is resolved the DNS request doesn't go any further and
the actual request is sent to the IP address...

~~~
bobwaycott
Yes, but the parent comment you replied to was, I believe, referring to data
leakage via DNS, not data leakage over HTTP requests. Two different things.
What they were getting at is your ISP's DNS servers--and every DNS server hit
along the path of resolution--know something about every request made by one
of your devices when your devices route DNS through them. Assuming every
request to _domain.com_ is encrypted, your ISP may not know _what you 're
sending to domain.com_, but they do know _you are sending data to domain.com_
because DNS is in the clear by default. This has led a number of ISPs to
capture this information and use it for purposes a customer often does not
know about, understand, or may object to--such as selling that information,
using it for injecting advertising or hijacking requests, and other actions.
What's worse is that many ISPs (in the US, at least) ensure this behavior can
occur by requiring customers to use gateways/routers that are locked down to
ISP DNS servers, and many of these devices _prevent_ users from modifying the
DNS servers used.

Encrypted DNS and devices like the Pi-hole provide end users a means of
bypassing this behavior by avoiding ISP DNS servers entirely so even _where
you 're trying to go_ isn't known by them.

~~~
meowface
This is one of the many concerns, yes.

Another big concern is privacy from the other side: if you're using Tor or an
anonymizing VPN while visiting a website looking to deanonymize users, and the
website owners see a DNS query to their nameserver from a Comcast DNS server
somewhere in a midwestern state timed perfectly before your HTTP request
coming from a Tor exit node or anonymizing VPN, they can potentially infer
your broad location and ISP, and potentially narrow your identity down from
there (especially if you ever visited that site, or an affiliated site or site
that shares data with them, in the past without using an anonymizer), negating
the purpose of the anonymizer.

If all they see is a query from 1.1.1.1 or 8.8.8.8, you could be anywhere in
the world, using any ISP.

And your ISP can do this in an even more precise way. Customer makes DNS query
for siteispsdontlike.com and then immediately sends a lot of traffic to a
server registered to an anonymizing VPN company. That tells the ISP "this
customer is visiting this 'suspicious' website, and also covering it up by
using this specific anonymizer".

------
muppetman
If you want to test pihole you can just run it in a docker container to see
what it's like. You don't need to buy a Raspberry Pi!

[https://hub.docker.com/r/pihole/pihole/](https://hub.docker.com/r/pihole/pihole/)

~~~
kissgyorgy
I'm running the Docker image for my home network, it is really convenient.

------
jedberg
Right now I use AdBlock plus. Occasionally, to get a webpage to work, I have
to disable it.

How does Pi-hole mitigate this issue for non-expert users? My main concern is
that if I set this up at home, my wife will get annoyed when her web pages
don't work and won't have the patience to learn how to add to the whitelist.

~~~
nonamechicken
I am using pfsense with pfblockerng for ad/tracking protection. My wife spents
a good amount of time on a mobile fashion game. In addition to the forced in
app purchases once a month, it makes her watch plenty of video ads every day.
She has to watch those ads to get virtual currency that can be used to
purchase things that is a must for playing the game. With the protection
enabled, the ads won't show and she can't play. So I had to whiteliste her
mobile in pfblockerng. She still complains that it doesn't work. So she uses
mobile data to play the game. I am not sure what else in pfsense is breaking
it for her, I haven't looked further into it. One good thing is it helps me
save bandwidth. My home internet has 500gb limit after which it drops to
1/10th of the speed. She seems to be using up close to her 1.5gb daily limit
almost always, just from this game and facebook. So I get more bandwidth to
download stuff!

~~~
blablablerg
Jesus that game sounds like a big trap

~~~
nonamechicken
It is. I have been trying to get her to stop playing it by introducing to
other games. But no. She spents a good chunk of her free time on this. Since
she is a teacher, she gets a lot of free time at work too. It hasn't affected
either of us negatively that I know off, so I sometimes think let her do what
she enjoys. I hope it is not indicative of her being unsatisfied with
something in our life.

The game's name is Covet Fashion. They have a huge following in Facebook. The
main theme of the game is to dress up models and others vote on it. Whoever
gets the "top look" wins (winner gets virtual currency to buy more dress I
think). I think they even form teams through Facebook. Sometimes people get
kicked out for not helping the team and so on, so I guess there is some drama
like reality TV.

------
schappim
There are some good discussions on Pi-Hole over on this thread:
[https://news.ycombinator.com/item?id=18075159](https://news.ycombinator.com/item?id=18075159)

~~~
tosh
sorry, didn’t realize it was already on 5 months ago

~~~
lucb1e
No problem, since people upvote it you're apparently not the only one who
thought the content is useful to the site. Reposts are fine (heck, posts that
are decades old come up from time to time), though it's somewhat customary to
link previous discussions.

------
realPubkey
I wonder why there is no public official dns-server with the pi-hole blockings
included. This would allow me to just insert the dns-ip into my fritzbox
without having to setup and run a raspberry.

~~~
clarkmoody
You're probably going to want to whitelist a domain here and there relative to
the default blacklist. And the pi-hole has a few blacklists that aren't
enabled by default, since they are much more strict.

So pi-hole-as-a-service doesn't make too much sense.

~~~
realPubkey
Ok thats a good argument. But the few pihole-users i know do not have a single
whitelisted domain and likely will never have one. Also I could still
whitelist most domains by adding the ip to my etc/hosts

~~~
xythian
I'm a long time pi-hole user and follow the subreddit and discourse regularly.
You'll find many a pi-hole user with whitelists. The following are pretty
common.

* [https://discourse.pi-hole.net/t/commonly-whitelisted-domains...](https://discourse.pi-hole.net/t/commonly-whitelisted-domains/212)

* [https://github.com/anudeepND/whitelist](https://github.com/anudeepND/whitelist)

I have ~2.2M domains blocked. There's just no way that I wouldn't have false
positives in that big of a list.

~~~
lostlogin
1 million here - nothing whitelisted or knowingly broken.

------
snazz
Should the URL be [https://pi-hole.net](https://pi-hole.net) instead of one of
their GitHub repos?

~~~
tosh
I find the Github readme easier to parse (often the case with open source
projects actually)

------
dsissitka
If you're interested in Pi-hole you might want to check out AdGuard Home:

[https://github.com/AdguardTeam/AdGuardHome](https://github.com/AdguardTeam/AdGuardHome)

Pi-hole isn't difficult to setup but AdGuard Home is much easier. Just
download the binary and run it. If you want it to start on boot run it with
the `--install` flag. Works on Linux, Mac, and Windows.

~~~
Moru
Pi-hole replaces your DNS on the local network so one device is protecting all
your other devices without you having to do anthing else. Yes, even that Wii
or whatever :-)

~~~
dsissitka
Same with AdGuard Home. :)

~~~
Moru
Except it stops running the second I turn off my computer :-)

~~~
dsissitka
Then don't install it on your computer? :P

You can install it on a Pi just like Pi-hole.

------
xd1936
I've been running an instance of this on a DigitalOcean VM for a couple of
years now. Keeping my instance external is nice so I can use it from home,
work, and for friends and family, with all of my devices. Fantastic project,
highly recommended.

~~~
muppetman
How do you stop the general public from finding it and using it? Strict
firewall rules?

I have a pihole at home (not a Rasperry Pi, gosh I wish they'd ditch the
marrying of the two) but to access it I establish a VPN.

~~~
obituary_latte
I set up a simple python server that listens on a specific (highly unlikely to
be guessed) url and when visited runs a shell script to add the visiting ip to
iptables dns whitelist. So I can visit a relatives house, go to that page then
add my dns ip to their router (if they want me to). Also helps for when
traveling or when isp renews dhcp lease.

~~~
muppetman
This is a beautiful solution. I love it, bravo!

------
Down_n_Out
I recently talked about Pi-Hole in another thread[0]: I'm using Wireguard in
combination with Pi-Hole on a cheap VPS as a VPN on my iPhone, it's blazingly
fast and super stable. Will be trying this on my Mac as well now. I only allow
access to the console from a fixed IP-address to add whitelists when needed.
Everything loads much faster, websites, even apps I feel, though it might just
be wishful thinking that last one.

[0]
[https://news.ycombinator.com/item?id=19186795](https://news.ycombinator.com/item?id=19186795)

~~~
Jemm
What VPS and how much is it costing you?

~~~
Down_n_Out
About 3 Euro per month using a CX11 over at Hetzner[0]

[0][https://www.hetzner.com/cloud](https://www.hetzner.com/cloud)

------
kang
How pi-hole works and what is FTLDNS, if anyone is interested: [https://pi-
hole.net/2018/06/09/ftldns-and-unbound-combined-f...](https://pi-
hole.net/2018/06/09/ftldns-and-unbound-combined-for-your-own-all-around-dns-
solution/)

------
tbronchain
I came across this article last month: [https://ifelse.io/2019/01/12/secure-
ad-free-internet-anywher...](https://ifelse.io/2019/01/12/secure-ad-free-
internet-anywhere-with-streisand-and-pi-hole/)

It was surprisingly very easy and straightforward to setup, and working very
well! It's most useful on Android/iOS.

One small change I've done is to set the Pi-hole DNS server only on a specific
set of VPN connections (using specific ports) in order to have a full,
unfiltered VPN if necessary.

------
scoutt
Forgive my ignorance on the matter, but:

1) Are the DNS request sent to oblivion or a fake address is returned instead?
If the former, wouldn't a failed DNS request generate some sort of timeout?

2) Would a failed DNS request generate multiple retries to load a resource
that is not available? (I can imagine this for application other than
browsers).

3) How long until pages with ads will start solving addresses through some
sort of script? Like in the section of the page responsible for showing an ad,
manually crafting and sending a DNS request to 8.8.8.8 or whatever.

edit: for clarity

~~~
ownagefool
It runs a local DNS server and a local http host.

You make a DNS query to badsite.com, your local DNS responds with your local
http host and you load a pixel image instead of whatever it should have been.

~~~
vSanjo
So in that regard, what does a page look like with Pi-Hole running? As
'aesthetic' as uBlock? Or does it still show the ad's dimensions - just not
the ad?

~~~
dwater
In my experience I don't notice things being different when I'm using the Pi-
Hole. It just seems like regular functional internet. When I'm not connected
is when I'm surprised by how many ads there are and where and when they
appear.

------
LVDOVICVS
I run it at home and have use the dhcp server, too. All the numerous family
PCs, Kindles, phone, etc, use it and it works great. For a family of four with
two teen-age kids, it blocks about 20% of the DNS traffic we create.

Love it.

------
forinti
As much as I like the Pi, I think a better solution would be to use OpenWRT on
a regular router.

~~~
muppetman
Well, I disagree. OpenWRT is great at being a router, let it be that. pihole
is great at being an adblocker, let it be that.

I think you're better off to fire up a Docker instance!

[https://hub.docker.com/r/pihole/pihole/](https://hub.docker.com/r/pihole/pihole/)

But why do you think OpenWRT is better? Because it has a (somewhat clunky and
not as feature rich) adblock solution built it?

So does pfSense with pfBlocker-NG which is also another common adblock
solution people use.

But for a basic user to just augment their home network with ad-filtering, way
better off to just have add a pihole, than to totally replace their router.

~~~
forinti
Yes, OpenWRT does have an adblock solution. It might not be as shiny as the
PiHole but it works. Also, you can buy a decent router for less than you would
pay for Pi+Cables+Case+Power Source.

I use a tp-link wr842nd. I even have a Telegram bot on it to interact with it.
A Pi would be more powerful, sure, but the router serves my needs.

~~~
muppetman
Right, I was more curious why you thought OpenWRT was a better solution.

------
veb
A friend and I just launched an MVP a couple of weeks ago so people in New
Zealand (and kiwis abroad) could have a VPN with PiHole hosted here in NZ:
[https://expatvpn.co.nz](https://expatvpn.co.nz) \- however from the early
users it seems everyone's just been using it for their phone mainly. I'm
thinking I might rebrand it to be more for secure mobile browsing or
something...

~~~
Down_n_Out
I use it also on my iPhone with WireGuard VPN, it's super easy with the app
from WireGuard and it's blazingly fast, so I can definitely recommend this.
Would be interested to know how you'd approach this and provide some insights
if needed.

------
m0zg
If any contributors are reading this: please consider adding separate
blocklists per IP range. The use case is very simple: adults in the house get
to see things kids don't get to see (and get their Youtube and games shut off
if homework is not done), yet ads and tracking are still blocked for
everybody.

~~~
xythian
This will almost certainly never get implemented because the community has a
more or less accepted workaround. Run more than 1 pi-hole.

It's a common-ish practice in the community to have a restrictive pi-hole
running in your guest/kids network and a more permissive pi-hole running in
the trusted/adults network. Pi-holes require so few resources and maintenance
that it's not much burden to run more than one.

It would be a pretty large feature to support separate blocklists per IP
range.

~~~
m0zg
That's what I do, but it's a maintenance burden to run several instances. I
run three PiHole VMs: one for parents (banning ads only), one for little kids
(banning ads and mature content), and one for teenagers (banning ads and
temporarily banning "time drain" sites until homework is done). I'd like to
further customize the one for teenagers based on whether or not they have
missing homework in school, but not quite to the level of spinning up (and
maintaining) yet another instance.

------
IanSanders
My concern is that this kind of solutions, while neat, may push advertisers to
start requiring content owners to host the advertisement content and/or
directly communicate with advertiser api. In other words, Pi-Hole will only
work while not terribly popular.

~~~
darkarmani
> may push advertisers to start requiring content owners to host the
> advertisement content

Good luck with that. There is a reason they want you to load directly from
their ad-network. It's the surest way they have to accurately track valid
clicks.

------
tjpnz
I tried this out over a weekend but decided to abandon it due to some of the
sites I frequent being blocked. Whitelisting isn't a viable solution here as I
would then need to teach my girlfriend how to do it and any family members who
decide to visit.

~~~
KeepFlying
PiHole has the option to have blackholed domains show a "This was blocked by
PiHole, click here to whitelist this domain". It doesnt work perfectly (ex.
Hulu just craps out for me with PiHole because of some domain under the hood
being blocked), but it is something.

And for guests you can disable PiHole for any time period with a click of the
button on its web page.

Or kick your guests/roomates/gf onto a different subnet.

That said though, it is clearly not perfect and could use some work and TLC to
take care of. But in case you (or the nest person reading this) wanted some
ideas, I thought I'd offer.

------
buro9
I am starting to be concerned that the ability to use DNS to block tracking,
malware, and advertisements is only going to prove temporary.

There appears to be more effort generally to secure and encrypt the entire DNS
system. This is really good and should be applauded and supported. But it will
come with a downside... once we reach a future in which DNS records are
encrypted end to end, and DNS records are only valid when signed by certain
keys, and authenticated NXDOMAIN records... then things like Pi-Hole start to
become more difficult as for security of DNS we'll have lost the convenience
of changing the answers.

~~~
TheLilHipster
There would be a market for a DNS provider to provide a PKEY setup for the
user to blacklist ad domains or whatnot similar to what the pi-hole does.

There is always a technical solution, that's the beauty of it :)

------
waltwalther
I have been running a pi-hole server in my home for almost a year now, and I
love it. We usually have around 30 devices (including IoT devices), and have
never had any issues. Adding/removing sites, disabling (when necessary),
updating...its all there and very easy to operate. The logs are just ok, and
the blacklist/whitelist is handy.

It was quick and easy to setup on an existing Ubuntu server install.

~~~
nvr219
All the issues I've had were related to the DHCP server that ships with
pihole. Once I replaced that with a different DHCP server - smooth sailing.

~~~
waltwalther
ahhhhhh...ok. I have never used pi-hole for DHCP. I already had some static
routes and firewall rules setup when I added the pi-hole. So I left the
builtin DHCP server disabled.

------
whalesalad
Can any of the DNS wizards here explain the potential performance implications
of using this? I have been meaning to install this and begin using it but the
latency of a Cloudflare DNS request is so low (and reliable) that I don't know
if I want to risk introducing this into my network stack.

I have an R720 and a few old RPi's... so either major overkill hardware or
major weaksauce hardware.

~~~
lucb1e
DNS wizard checking in. This stuff was designed in the 80s and I ran BIND on
the kind of potato that has a quarter of the RAM that a raspberry pi has,
together with apache, mysql, php, vnc, utorrent, and some other stuff, and it
still performed great. I don't know by heart which dns server pihole uses, but
no, the latency added by a server on your LAN is negligible. Case in point,
most (all?) routers do dns forwarding by default (is that not common in the
USA? Since you mention cloudflare, which got to be slower than the default
option unless you have some really cheapo isp).

~~~
gerdesj
"and I ran BIND on the kind of potato that has a quarter of the RAM that a
raspberry pi has"

256MB RAM? - bloody luxury!

A very quick and a bit rubbish experiment:

    
    
      $ ping 9.9.9.9
       5 packets transmitted, 5 received, 0% packet loss, time 10ms
      rtt min/avg/max/mdev = 9.982/10.838/12.531/0.888 ms
    
      $ dig @9.9.9.9 www.google.com A
       ;; Query time: 13 msec
    

DNS is pretty quick. Note how I mistakenly use ICMP and a UDP service response
time to imply _something_. If I'd tried to claim that DNS adds about 5ms
overhead, I would have been first to put the boot in. The basic result stands
though - DNS is quick. The above results are from: my laptop -> wifi -> switch
-> switch -> APU2c based pfSense box with quite a lot going on -> modem (FTTC
in UK - PPPoE/A) -> ISP .... etc.

~~~
lucb1e
> 256MB RAM?

Oh, an eighth then, I didn't know the raspi had that much RAM.

And this was on a ~2002 laptop in 2011 or so, I'm not old enough to have run
it in the 80s on a real potato :(

~~~
abrugsch
only the first revision (and the A/A+ until the 3A+ came out) had 256Mb. It
was soon upgraded to 512 as one of the first design changes (before moving to
the "plus" form factor with 40 pin GPIO header) the early A's even had 128Mb
but they are a rare thing as the original A was not promoted much before the
first upgrade cycle.

------
undersuit
I have a Pi-hole running on a Raspberry Pi Zero. The Pi is connected to my
home router using the USB Ethernet gadget features. The home router handles
local DNS requests from those forwarded by Pi-hole, but the rest of my DNS
just flows through the Pi.

It's pretty nice. Never had an issue with the router's DNS, but OpenWRT also
doesn't have the ease of Pi-hole.

------
mawaldne
I love this project. I also donated to it. I've been using it now for about 6
months and it blocks about 15% of my traffic.

~~~
luckylittle
Me too, i've been using it in combination with CloudFlareD (DNS over HTTPS
daemon) and it works like a charm. Except when my ISP changes my public IP and
CloudFlareD hangs so i have to restart the service. There is a bug for it, but
the Pi-Hole itself works really well.

------
zelon88
I setup a Pi hole about 6 months ago and I love it. It has never caused me
grief and it has never gone down.

One of my favorite parts is being able to show people who come over to visit
all the queries their cell phones make to ad networks while we're just
carrying on a typical conversation.

------
dandare
Is there an option to buy a raspberry pi with this pre-installed? Asking for a
non-technical friend.

~~~
sabas_ge
A user linked in this thread the shop [https://pi-hole.net/shop/](https://pi-
hole.net/shop/)

------
kgwxd
I bought a Raspberry Pi specifically for this, then I realized the obvious,
it's useless outside of the house :) It was good for the old Wi-Fi-only iPad
the little one was using, but pointless for my needs. I like having the Pi to
play with though.

~~~
xythian
Setup a VPN tunnel for your DNS traffic and benefit from your Pi-hole wherever
you go. I use Tasker on Android to automatically detect when I'm not on home
wifi and then trigger OpenVPN to connect to my home VPN for Pihole and local
network access.

~~~
kgwxd
On my phone I use Firefox and uBlock Origin and I don't install ad funded
apps, or any closed source apps I'm not forced to have, so I haven't really
felt the need to go that route. The only ad supported app my kids use on their
devices is YouTube but, last I checked, Pi-Hole isn't able to block those ads.

------
gyrgtyn
Does anyone know any alternative projects (that are still dns based)? I don't
need all the web interface parts. I think I just want a good, recent dnsmasq
config. If it does new crypto dns stuff, that'd be cool too. I'm not up to
date.

~~~
BFLpL0QNek
I use Unbound[1] for DNS caching and local DNS. I have Unbound configured to
forward queries to a local Stubby[2] instance that does DNS over TLS to
CloudFlare.

Stubby does keep-alives and not restricted to a single thread and opening a
new connection per query like Unbound which is why I used it as a forwarder as
a few more features than Unbound.

In my Unbound config I have an include to a blocklist generated from
[https://github.com/StevenBlack/hosts](https://github.com/StevenBlack/hosts),
essentially I pipe the data from that repo through awk [3]

I have an Android TV box so also have a firewall rule to redirect all queries
to 8.8.8.8 and 8.8.4.4 port 53 to my local DNS server.

No GUI's, solid and stable. Only thing missing is I need to write a cron job
to fetch the latest block list, validate, convert to Unbound format and reload
the daemon. It's only a 10 minutes job just something I haven't got round to
yet.

OpenBSD is really good for running this stuff.

[1]
[https://www.nlnetlabs.nl/projects/unbound/about/](https://www.nlnetlabs.nl/projects/unbound/about/)
[2]
[https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Daemon+-+...](https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Daemon+-+Stubby)
[3] [https://deadc0de.re/articles/unbound-blocking-
ads.html](https://deadc0de.re/articles/unbound-blocking-ads.html)

------
dbg31415
[https://raw.githubusercontent.com/StevenBlack/hosts/master/h...](https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts)
works well too.

------
hartator
Does it make sense to make it run on a small virtual server box?

~~~
OJFord
If you're already running one, absolutely.

RPis are popular and the namesake because they're relatively cheap, low power
consumption, but powerful enough - so a good choice for people that don't
already have some always-on hardware to run it.

------
moltar
Great project, but unfortunately doesn’t block YouTube ads.

------
systemtest
I use Windscribe VPN. In the online settings menu you can alter the DNS to
block Malware & Phishing, Ads & Trackers and even Social Networks.

------
fastbmk
Are there any technologies that can reinforce ads on a site?

I know a site owner can track visitors with ad-blockers and show them
warnings, but that is not it.

------
tehlike
How many of you would pay for a paid adblocker? Where the funds go to content
owners?

~~~
laputan_machine
Like Brave? [https://brave.com/](https://brave.com/)

~~~
tehlike
Ish. Not exactly.

------
vlg
How is it any better or more efficient than host blocking à la [1], if at all?
I'm a brainlet, use baby language if you're going to explain.

[1]:
[http://winhelp2002.mvps.org/hosts.htm](http://winhelp2002.mvps.org/hosts.htm)

~~~
muppetman
It's network wide. Anyone joining your network and being given the PiHole as
its DNS server means it gets the ad blocking benefits.

It also updates the hosts files itself on a regular basis, you don't have to
remember to do it as a manual task.

It gives you a nice webgui to show you what devices are accessing what hosts,
how often they try to access them (at least, how often they request their DNS
name) and has different modes of blocking (vs a hosts file has to return
127.0.0.1)

------
Havoc
Also comes in docker form for those so inclined. Useful for home servers

------
vasili111
What is the advantages of using pi-hole vs uBlock origin?

~~~
LocalPCGuy
pi-hole covers all of the machines on your network, not just the browser. That
said, I didn't uninstall uBlock Origin. They can be complimentary.

------
otter-in-a-suit
pi-hole is amazing. It blocks ~20% of my network traffic, based on ~1M
domains.

I'm still amazed that they recommend piping curl to bash though...

------
a_imho
Also consider obfuscation like AdNauseam.

------
RyanShook
What makes this better than Adguard DNS?

------
fastbmk
What if it is a scam to get the free content of the site without watching its
ads?

------
nfRfqX5n
does it work on a gigabit network yet?

~~~
tombrossman
Yes, easily. What problem did you have using it on a gigabit network?

I'm using it for two years now on my gigabit FTTH connection, running in a LXC
container on my router. No problems to report.

------
fastbmk
Here is a Unicorn idea for a successful startup!

Develop a technology that protects ad-supported web sites from ad-blocking
scammers ;)

~~~
tomcatfish
There are a lot of people, myself included, who just want to be able to use
websites. I am trying to avoid two major things when I block advertisements
online:

1\. Dangerous ads - Cryptominers, viruses/whatever, and the like.

2\. Wasteful resource usage - I also block most scripts and unneeded fonts
because the value to me of downloading all these add-ons is very low compared
to the cost to me through network congestion and possible vulnerabilities.

I pay to support content creators I get value from, and if more creators
followed a reasonable, proportional, fee I would support more.

