I’ve been playing around with Pi-Hole for about a week. It works well, but I’m starting to question the design. The happy path use case is that you stick a Pi-Hole server on your LAN and fiddle with your router settings to designate it as the DNS server for your whole network. Now anyone who connects to your LAN gets automatic ad blocking. But there are some obvious drawbacks of this design:
ISP provided routers often don’t let you set a custom DNS (or custom DHCP server, which Pi-Hole also supports), so you have to fall back on manually typing the IP address into each computer’s network settings.
Doesn’t work when you aren’t at home unless you take additional steps (VPN/Tailscale) that create additional security considerations.
Given this, I feel like Pi-Hole would be much more effective as a system service that runs locally on the client device. You could kinda build this already by running Pi-Hole in a virtual machine on your laptop, forwarding the right ports, and setting your DNS server to localhost on every network. Advantages:
Ad-blocking now works regardless of the network you are connected to.
More responsive DNS queries (especially compared to Tailscale/VPN if you are far from home).
Don’t need to buy a new router or hardware to run Pi-Hole.
The virtual machine approach is probably overkill though, and if Pi-Hole had been designed from the start to work as a system service, they could have come up with something less resource intensive, right? What am I missing?
pi hole already uses very little reasources it can run on machine as weak as 512MiB ram and 1 CPU core.
pihole is MEANT to be a standalone device or a VM in your home network. you’re not supposed to use it outside. it was never meant to be routed through a VPN or tailscale, although it is possible.
pihole is designed to provide DNS resolution for your entire network, this is by design. if it was a system service, it would be tied to one machine only. the point of pihole is that you can plug your own DNS (example 10.0.0.44) for devices that dont allow conventional adblockers, think TVs or gaming consoles, unrouted phones, etc.
you’re missing the very idea pihole is built around. as i said above, its meant to be a seperate device (or a VM) to provide DNS for the devices inside your home networks. you do not need a new router or anything, most routers allow you to change DNS resolver in the router settings, and with this, every device conected to your wifi or via ethernet to the router, will use your pihole as the DNS (well yeah some ISPs ARE assholes and block this, and setting DNS separetely on each device IS annoying)
its a hassle but if you want to carry a “pihole box” with you, i think its possible to install it on an android phone too with termux or other terminal emulators, but you would have to test this yourself. im not sure how networking works through it.
pihole could’ve been a system service, if it was designed as one, but that wasn’t the dev’s intentions
I guess it’s just not meant for me then… I put all those sketchy devices like TVs on my guest network, which can’t reach the Pi-Hole anyway (even if I set up a separate Pi-Hole for the guest network, I have set my router to not allow intranet communication on the guest network anyway). So the minimum investment to realize Pi-Hole nirvana in my case would be basically a standalone router that I can use to come up with a more granular set of firewall rules for main vs. guest network, and the time to set all that up. Maybe one day…!
Pi-Hole has proven pretty ineffective on my phone despite following all the guides and forum posts. For example, I still see ads in the Tumblr app and get ads in podcasts. In both cases, I think the ads are inserted on the server side and there’s nothing DNS can do about it, and more and more apps seem to be adopting this practice as ad-blocking commercial VPN services gain popularity.
On the other hand, on my computer I don’t see many ads, but I already wasn’t seeing them thanks to U-Block origin.
yeah pi hole isnt ideal. and it was more effective a few years ago. if you only care about DNS, rather than adblocking features, what you can run locally as a system service is full fledged DNS server, although it may be difficult to configure/use.
pi hole can only block ad servers and cant block ads that come from same server or banner adds, meanwhile u block can.
also adguard might be slightly more effective than pihole
its a service run by a company rather than an opensource project, but you can selfhost an instance yourself. maybe try that too and see how it works for you.
On my network I run dnscrypt-proxy where I use its cloaking feature to serve local IPs for my dyndns. I don’t run lots of apps so I don’t bother with any blacklists.
Good point about hosts files… Are there any tools that automatically sync your hosts file with a blocklist similar to how Pi-Hole syncs with upstream blocklists maintained by someone else?