Pi-Hole - Network wide Ad blocking

  • So I don't believe that my ISP is manipulating DNS traffic as they are a smaller local company rather than a large bunch of assholes like AT&T, etc.
    But I could trial a public DNS server to see how that compares. I just feel like Google provides the servers for the sole purpose of collecting data on people.

    • Offizieller Beitrag

    So I don't believe that my ISP is manipulating DNS traffic as they are a smaller local company rather than a large bunch of assholes like AT&T, etc.
    But I could trial a public DNS server to see how that compares. I just feel like Google provides the servers for the sole purpose of collecting data on people.

    Google probably does collect on those who use them, but there's literally no way to prevent a service provider from logging your internet activity. On the other hand, one of my ISP's is Comcast who is a known DNS manipulator. I refuse to use their DNS. ((Microsoft's telemetry servers are another matter altogether. Pi-hole is effective in limiting M$'s data collection from your workstations.))


    Since you have one of the smaller IPS's, take a look at this free utility for testing DNS servers. (Depending on how you're configured, test results might be more accurate if Pi-hole is off-line.)

    • Offizieller Beitrag

    take a look at this free utility for testing DNS servers.

    Didn't know Gibson did that one, got some interesting results, which included 2 dns servers from own isp which I was not aware of, and cloudflare didn't make the top 50!

  • Google probably does collect on those who use them, but there's literally no way to prevent a service provider from logging your internet activity. On the other hand, one of my ISP's is Comcast who is a known DNS manipulator. I refuse to use their DNS. ((Microsoft's telemetry servers are another matter altogether. Pi-hole is effective in limiting M$'s data collection from your workstations.))
    Since you have one of the smaller IPS's, take a look at this free utility for testing DNS servers. (Depending on how you're configured, test results might be more accurate if Pi-hole is off-line.)

    I'll test that out. Thanks.

    • Offizieller Beitrag

    Didn't know Gibson did that one, got some interesting results, which included 2 dns servers from own isp which I was not aware of, and cloudflare didn't make the top 50!

    It's a great utility that will customize results, based on location.


    Your results are interesting because your Net connection is probably on an access node, very close to the WEN loop (Western European fiber Network). The WEN has low latency to most major communications nodes (and cloudflare) world wide. While ISP traffic shaping may be part of it, your results are an indication that no one size fits all. If users don't want to test DNS latency, public servers that support ANYCAST would be the way to go. And, as previously stated, servers that support DNSSEC are always a good idea. (Just my opinion.)

  • After checking my pi-hole configuration, I was actually using Google DNS. I ran the GRC test, and my ISP DNS tested the fastest, with cloudfare #2 and google #3. I have changed pi-hole to use my ISP DNS and enabled DNSSEC since my ISP DNS supports it :thumbup:

    • Offizieller Beitrag

    That's useful. Given the DNS shenanigans going on with ISP's and others, that's worth giving it a try.
    (And I think waiting 1 whole second, for a first time resolve process, is well worth the wait.)

    • Offizieller Beitrag

    I installed unbound on my OMV server, and referenced it in my Pihole/Docker install by OMV's IP address.


    Cached entries are blazingly fast and the entire DNS function is much more secure. For those who may be inclined to set up unbound it's a real improvement over ISP and public resolvers.
    _____________________________________________________________


    The differences between the How-To and getting Unbound to work on OMV, with Pi-hole running in a Docker.
    - Install unbound on your OMV server
    -The unbound config file, as shown in the How-To must be created/copied to
    /etc/unbound/unbound.conf.d/pickaname.conf (Also, in the config file, replace 5353 with 53.)
    - In the Pi-hole Docker, Settings, DNS, use your OMV servers IP address and the port that's in the unbound config file
    in this format 192.168.1.15#53 (Use a pound sign, not a colon)(
    - To test unbound with dig, it may be necessary to install dnsutils - apt-get install dnsutils
    _____________________________________________________________


    In tests, after hitting a remote server the first time (120ms), the second name request for the same server was 0ms. After the first hit, it's local. :)


    Thanks for sharing this.

    • Offizieller Beitrag

    While I don't know if there's a Docker for unbound; I'm sure it would work that way (Docker to Docker). Unbound and pi-hole connect by IP address and port.


    I choose a direct install, into OMV's Debian OS, because unbound is really light and the semi-annual update can be automated (in scheduled tasks.)

    • Offizieller Beitrag

    I doubt you need to automate this task. That list is the 13 root dns servers. I think they have only changed a couple of times in the last couple of decades.

    omv 7.0-32 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.9 | compose 7.0.9 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

  • Thanx, crashtest, for your perfect Pihole/Docker HowTo pdf. Nearly everything seems to work fine. Only Firefox/Fennec won`t reach its addon domain. Query log shows "addons.cdn.mozilla.net" unblocked...


    Maybe 3 hints for newbies like me:
    # In docker pihole/pihole tag for arm architectures isn´t "v4.2.2-1_armhf" but "4.2.2-1_armhf"
    # OMV`s Firewall rules have to accept TCP/udp on port 53, target is not piholes IP but OMV IP itself
    # AVM fritzbox router needs to have pihole IP in DNS alternative settings (both best) AND in network settings "DNS-Rebind-Schutz" (prevent)

    OMV 6.5.0-3 | RPi 2 Mod.B V1.1 | Sandisk Extreme Pro microSD 32 GB | 3x WD7500BEKT
    OMV 6.5.0-3 | RPi 3 Mod.B | Sandisk Extreme Pro microSD 32 GB 4 | SSD 320gb

    2 Mal editiert, zuletzt von KlausR ()

    • Offizieller Beitrag

    First, thanks for the feedback.
    ____________________________________________

    Only Firefox/Fennec won`t reach its addon domain. Query log shows "addons.cdn.mozilla.net" unblocked...

    Try whitelisting the domain. The actual function of Pi-hole, RE features, the block lists, etc., is supported here.

    # In docker pihole/pihole tag for arm architectures isn´t "v4.2.2-1_armhf" but "4.2.2-1_armhf"

    Noted, will fix this soon.

    # OMV`s Firewall rules have to accept TCP/udp on port 53, target is not piholes IP but OMV IP itself

    I didn't take into account that users might configure OMV's firewall to block common ports (like 53). It's worth a note.

    # AVM fritzbox router needs to have pihole IP in DNS alternative settings (both best) AND in network settings "DNS-Rebind-Schutz" (prevent)

    Configuring add-on's and devices are on the user - there are way too many.
    ________________________________________________________________



    I think you'll enjoy Pi-hole. (After using it for awhile, my wife now "requires" it. :) ) Removing all the banners, flashing Ad's and popup videos completely changes the browsing experience.

    • Offizieller Beitrag

    Configuring add-on's and devices are on the user - there are way too many.

    Have to agree with that one, on mine I have to disable the ISP's DNS settings then in a sub menu add pi-hole's ip address then enable it on the main DNS page. Initially doesn't appear to make sense but it works!

  • Configuring add-on's and devices are on the user - there are way too many.

    Sure. Just a hint for fritzbox users here.


    Firefox problem seems to be just coincidence with Mozillas certificate problem today. Wii be fixed in next 24 hours, i guess...
    https://borncity.com/win/2019/…sables-addons-may-4-2019/

    OMV 6.5.0-3 | RPi 2 Mod.B V1.1 | Sandisk Extreme Pro microSD 32 GB | 3x WD7500BEKT
    OMV 6.5.0-3 | RPi 3 Mod.B | Sandisk Extreme Pro microSD 32 GB 4 | SSD 320gb

    2 Mal editiert, zuletzt von KlausR ()

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!