Pi-Hole - Network wide Ad blocking

  • Neat. But what about flmaxey's pi-hole docker tutorial that says this:


    ** If upgrading to the latest image, it is recommended that the previous container is stopped/deleted, delete the previous image, delete the macvlan driver in the networks tab and delete the file contents of /dockerparms/pihole . [/b]Then proceed with the installation of the new image as follows.**


    Sounds a lot more involved than what you describe. Sounds like starting over every time.

    The How-To was written to cover as many cases as possible. From PM's and threads, in a couple cases, problems were experienced in upgrading the image and container to the latest version, when the older volumes and bind points were retained. In one case, the macvlan interface refused to be reused. In these cases, if the older bind volumes and points and the macvlan interface are deleted, the new Pi-hole container works as intended. Since there's no way to determine how many are affected, it made sense to edit the How-To to take these issues into account.


    When I upgrade, I've had no problem with reusing the macvlan interface and the older volumes and bind points merged seamlessly into the new version. (Which retains custom black and white lists and other settings.)
    Thinking about it, perhaps an update is order, so that those without the fringe issues (the majority) can merge their settings into a new container.

  • So I don't believe that my ISP is manipulating DNS traffic as they are a smaller local company rather than a large bunch of assholes like AT&T, etc.
    But I could trial a public DNS server to see how that compares. I just feel like Google provides the servers for the sole purpose of collecting data on people.

  • So I don't believe that my ISP is manipulating DNS traffic as they are a smaller local company rather than a large bunch of assholes like AT&T, etc.
    But I could trial a public DNS server to see how that compares. I just feel like Google provides the servers for the sole purpose of collecting data on people.

    Google probably does collect on those who use them, but there's literally no way to prevent a service provider from logging your internet activity. On the other hand, one of my ISP's is Comcast who is a known DNS manipulator. I refuse to use their DNS. ((Microsoft's telemetry servers are another matter altogether. Pi-hole is effective in limiting M$'s data collection from your workstations.))


    Since you have one of the smaller IPS's, take a look at this free utility for testing DNS servers. (Depending on how you're configured, test results might be more accurate if Pi-hole is off-line.)

  • Google probably does collect on those who use them, but there's literally no way to prevent a service provider from logging your internet activity. On the other hand, one of my ISP's is Comcast who is a known DNS manipulator. I refuse to use their DNS. ((Microsoft's telemetry servers are another matter altogether. Pi-hole is effective in limiting M$'s data collection from your workstations.))
    Since you have one of the smaller IPS's, take a look at this free utility for testing DNS servers. (Depending on how you're configured, test results might be more accurate if Pi-hole is off-line.)

    I'll test that out. Thanks.

  • Didn't know Gibson did that one, got some interesting results, which included 2 dns servers from own isp which I was not aware of, and cloudflare didn't make the top 50!

    It's a great utility that will customize results, based on location.


    Your results are interesting because your Net connection is probably on an access node, very close to the WEN loop (Western European fiber Network). The WEN has low latency to most major communications nodes (and cloudflare) world wide. While ISP traffic shaping may be part of it, your results are an indication that no one size fits all. If users don't want to test DNS latency, public servers that support ANYCAST would be the way to go. And, as previously stated, servers that support DNSSEC are always a good idea. (Just my opinion.)

  • I installed unbound on my OMV server, and referenced it in my Pihole/Docker install by OMV's IP address.


    Cached entries are blazingly fast and the entire DNS function is much more secure. For those who may be inclined to set up unbound it's a real improvement over ISP and public resolvers.
    _____________________________________________________________


    The differences between the How-To and getting Unbound to work on OMV, with Pi-hole running in a Docker.
    - Install unbound on your OMV server
    -The unbound config file, as shown in the How-To must be created/copied to
    /etc/unbound/unbound.conf.d/pickaname.conf (Also, in the config file, replace 5353 with 53.)
    - In the Pi-hole Docker, Settings, DNS, use your OMV servers IP address and the port that's in the unbound config file
    in this format 192.168.1.15#53 (Use a pound sign, not a colon)(
    - To test unbound with dig, it may be necessary to install dnsutils - apt-get install dnsutils
    _____________________________________________________________


    In tests, after hitting a remote server the first time (120ms), the second name request for the same server was 0ms. After the first hit, it's local. :)


    Thanks for sharing this.

  • I doubt you need to automate this task. That list is the 13 root dns servers. I think they have only changed a couple of times in the last couple of decades.

    omv 5.5.2 usul | 64 bit | 5.4 proxmox kernel | omvextrasorg 5.3.3
    omv-extras.org plugins source code and issue tracker - github


    Please read this before posting a question.
    Please don't PM for support... Too many PMs!

  • Thanx, crashtest, for your perfect Pihole/Docker HowTo pdf. Nearly everything seems to work fine. Only Firefox/Fennec won`t reach its addon domain. Query log shows "addons.cdn.mozilla.net" unblocked...


    Maybe 3 hints for newbies like me:
    # In docker pihole/pihole tag for arm architectures isn´t "v4.2.2-1_armhf" but "4.2.2-1_armhf"
    # OMV`s Firewall rules have to accept TCP/udp on port 53, target is not piholes IP but OMV IP itself
    # AVM fritzbox router needs to have pihole IP in DNS alternative settings (both best) AND in network settings "DNS-Rebind-Schutz" (prevent)

    OMV 4.1.22-1 | RPi 2 Mod.B V1.1 | Sandisk Extreme Pro microSD 32 GB | 3x WD7500BEKT

    Edited 2 times, last by KlausR ().

  • First, thanks for the feedback.
    ____________________________________________

    Only Firefox/Fennec won`t reach its addon domain. Query log shows "addons.cdn.mozilla.net" unblocked...

    Try whitelisting the domain. The actual function of Pi-hole, RE features, the block lists, etc., is supported here.

    # In docker pihole/pihole tag for arm architectures isn´t "v4.2.2-1_armhf" but "4.2.2-1_armhf"

    Noted, will fix this soon.

    # OMV`s Firewall rules have to accept TCP/udp on port 53, target is not piholes IP but OMV IP itself

    I didn't take into account that users might configure OMV's firewall to block common ports (like 53). It's worth a note.

    # AVM fritzbox router needs to have pihole IP in DNS alternative settings (both best) AND in network settings "DNS-Rebind-Schutz" (prevent)

    Configuring add-on's and devices are on the user - there are way too many.
    ________________________________________________________________



    I think you'll enjoy Pi-hole. (After using it for awhile, my wife now "requires" it. :) ) Removing all the banners, flashing Ad's and popup videos completely changes the browsing experience.

  • Configuring add-on's and devices are on the user - there are way too many.

    Have to agree with that one, on mine I have to disable the ISP's DNS settings then in a sub menu add pi-hole's ip address then enable it on the main DNS page. Initially doesn't appear to make sense but it works!

  • Configuring add-on's and devices are on the user - there are way too many.

    Sure. Just a hint for fritzbox users here.


    Firefox problem seems to be just coincidence with Mozillas certificate problem today. Wii be fixed in next 24 hours, i guess...
    https://borncity.com/win/2019/…sables-addons-may-4-2019/

    OMV 4.1.22-1 | RPi 2 Mod.B V1.1 | Sandisk Extreme Pro microSD 32 GB | 3x WD7500BEKT

    Edited 2 times, last by KlausR ().

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!