Researching pressure cookers? Prepare to be bombarded by Instant Pot ads for days. Got a paid subscription for your online newspaper? Thanks for supporting journalism, but it will still serve lots of ads to you. I’ve seen in my home that 15 to 20 percent of internet traffic is for ads – and chances are it’s similar for you. It’s inconvenient – the more ads are being loaded, the slower and more jumpy the web pages you’re looking for appear. It’s disturbing – many people feel uneasy at the idea of trackers following them everywhere online. It’s confusing – on some sites, it’s hard to spot the difference between ads and content anymore.
Online ads and trackers have grown out of control, and browser-based blocking of online ads has limits:
- It only works on one device at a time – between tablets, laptops, etc many people have many devices to manage in their home
- It only works one browser at a time – if you use Chrome and Safari and Firefox etc, you have to manage all of this too
- It does not work on any mobile applications – if you’re on your phone at home, as many of are, no ad blocker can stop the ads in mobile apps
If you’re frustrated by this situation, and you want to do something about it, we’re going to show you what you can do! In this blog post, we will do a step-by-step set up of a Pi-Hole.
A What?
The “Pi” in Pi-hole refers to Raspberry Pi, the pocket-size computer popular with hobbyists and used for many projects ranging from home automation to retro-arcade consoles. A Raspberry Pi is what most of these people use to run a Pi-hole in their home — and even if you think you’re not ‘tech-y’ enough, we will show you how to do it too.
The “hole” part refers to the role the Pi-hole plays in blocking ads, called DNS sinkholing. DNS sinkholing routes requests for ads into a black hole where you never see them… but lets all the other content you want to see come right on in.
How does this work? When we enter a URL like “https://www.google.com” the first step that happens is a translation into an IP address, e.g. 172.217.7.164. It’s like the people in your Contacts – you think of them as names, not 10-digit phone numbers, but you need those phone numbers to actually reach them. Anyway, this translation step is done by what is called a DNS Server, short for Domain Name Server. Everyone with Internet is assigned a DNS Server – when you sign up for internet service, your Internet Service Provider (or ISP for short) automatically assigns a DNS Server to you, and most people keep what their ISP gives them as their default.
What a Pi-hole does is sit in front of that DNS Server as a gatekeeper for every piece of Internet traffic – ‘requests’ – that comes from your home network. Anything you type into your browser sends out a stream of requests, to assemble the content you want – some are requests for logos, some for pictures, some for videos, some for content… and some are for ads. Any requests that link to known tracking and ad domains, go into the sinkhole. All other requests are processed like normal.
How does a Pi-hole fit in my home network?
Your Pi-hole will have a local IP address, just within your network. This means that no one else outside your network can see it or connect to it.
When you enter the IP address of your Pi-hole into your router’s DNS settings, instead of the IP address assigned by your ISP, this lets your Pi-hole work as a gatekeeper. The Pi-hole keeps a database of known ad and tracker domains (this database is automatically updated every Sunday morning). Each DNS request that now goes through the Pi-hole is checked against this database. If the destination is part of the domain of a known ad or tracking server, it goes into the DNS sinkhole, and you are not served that ad. It does this in a clever way that keeps web pages readable, limiting ‘blank spots’ in web pages as much as possible, depending on the content. If the ad was an image for example, the Pi-hole will return an invisible blank 1×1 pixel image. If the ad was in Java-script, the Pi-hole will return an empty Java-script, etc.
Downsides?
- The Pi-hole solution will not work if your router’s customization options are limited. This only happens if your router has been rented from your ISP, *and* your ISP has locked down these customization options. Please check beforehand to make sure that
- you have administrator access to your router’s settings
- you can enter a DNS Server manually, i.e. that the DNS Server entry is user editable and not grayed out. If you’ve never accessed your router’s setup page before, skip ahead to this step and come back here if confirmed it will work.
- Cost. A browser-based solution is free, though limited in 3 major ways, as mentioned above; to make a Pi-hole you will need to buy a Raspberry Pi for less than $100 and no subscriptions.
- Some websites don’t allow ad blocking. Occasionally you will get a warning that a webpage refuses to let you access its content unless you disable your ad blocker. Luckily, Pi-holes also have a white list, which we will look at later.
- Some content will still feature ads. Youtube video ads cannot be blocked at the moment as they are embedded in the stream and of course a Pi-hole doesn’t block things like TV ads either.
- Speed tradeoff. This isn’t really a downside, more a point of awareness. A Pi-hole takes a fraction of a second to do its magic… but in practice, not having to load ads almost always results in webpages loading quicker. A Pi-hole also has a caching function, which actually speeds up some requests.
Okay you convinced me! Now what?
Unless you have a Raspberry Pi lying around somewhere, the first step is to get one. The easiest is to get a kit that includes everything you need. That’s because a Raspberry Pi also needs a micro SD card; SD card reader/writer; a power supply; preferably a case; optionally heatsinks and a fan. The first two links below are some great kit options that include everything you need.
The Raspberry Pi also needs an ethernet cable; you can use the last of the above links if you don’t have one of those in a drawer somewhere. Why not just connect wirelessly? The best way (fastest speed & lowest latency) to use a Pi-hole is to plug it directly into your router, rather than use Wi-Fi.
And that’s it. We will set up the Raspberry Pi entirely from your current computer, so there is no need for any additional screens or keyboards for your Raspberry Pi. Once all your gear has arrived or if you’re all set already, let’s get to step 1!
Step 1: Getting the Raspberry Pi up and running
After sticking the heatsinks onto the chips (see picture) and dropping the Pi into its case, it’s time to prepare the SD card with the Pi’s operating system. Let’s go ahead and download the official Raspberry Pi Imager onto our Mac or Windows computer. Next, plug the micro SD Card into the card reader correctly and plug the reader into a USB port of the same computer. Install and start the Raspberry Pi Imager, click “Choose OS”, then select “Raspberry Pi OS (other)”. In the next menu select “Raspberry Pi OS Lite (32-bit)”. Now, select the SD Card plugged into your card reader from the “SD Card” menu. Be careful not to inadvertently select one of your hard drives; as a sanity check the size of the selected SD Card should normally be somewhere in between 2GB to 64GB. Our selection should now look like similar to this:
Go ahead and hit “Write”, and let the whole process finish. At the end it should say something like “You can now remove the SD card from the reader”. Hit “Continue” and exit the Raspberry Pi Imager. Next, unplug the reader or SD Card for a couple of seconds, and then plug it right back into the same computer again. This is the quickest way to remount the volume that was ejected. A volume named “boot” should be visible in Finder (macOS) or Explorer (Windows) at this point. The next step is to create an empty text file on this volume with the name “SSH” and no extension.
On macOS, go to “Applications” and start “TextEdit”. Click “New Document”, then go to “Format” and select “Make Plain Text”. Next, go to “File” and hit “Save”. Enter “SSH” (without the quotes and without .txt) as filename. Select the “boot” volume as location and uncheck the option “if no extension is provided, use .txt.”. Hit “Save” and eject the boot volume.
On Windows, open notepad (type “notepad” in the search box to find it). Save the empty text document that was automatically created by going to “File”, then “Save As…”. Now type ” “SSH” ” in the box, to be clear the text should be within single quotes just like in the image here. This instructs Windows to not add the extension “.txt” to the filename. Go ahead and save to the volume (disk) called “boot”, then exit notepad and eject the SD Card.
We are now ready to insert the SD Card into the Raspberry Pi and start it up for the first time!
Step 2: Configuring the Raspberry Pi
After inserting our prepared SD Card into the Pi, connect the Pi to your router (or Google Wifi if you’re using that) with the network cable. Then plug the power supply into a socket and into the Pi to boot it up. Now let’s leave the Pi and get back to our computer:
On macOS, go to Applications (click the magnifying glass icon on the top bar and type “terminal” in the Spotlight search window, then double click).
On Windows, type “cmd” in the search bar (or Cortana) and press enter.
Next, type in (or copy/paste) the following command:
macOS:
ping raspberrypi.local
Windows:
ping -4 raspberrypi.local
Inside the response to this ping, you’ll find the IP address of the Raspberry Pi. In the below example, it’s inside the parentheses:
“PING raspberrypi.local (192.168.1.33): 56 data bytes”
So in this example the Pi’s IP address is 192.168.1.33. Whatever your Pi’s actual IP address is, write it down or copy it somewhere, because you will need it a few times. This tutorial will continue to use the 192.168.1.33 as example, but obviously use the IP address your own Pi’s “ping” command returned.
If for some reason the ping command returned a “could not find” error message (e.g. work laptop), you’ll have to look up the IP Address of the Raspberry Pi in your router. Go to the router changes part for instructions how to access the router’s settings. Once you’re in the router, look for the list of devices connected to the router. This is usually right on the front page. There should be “raspberrypi” somewhere in there, followed by an IP Address. This is the address you want. Write it down.
Go ahead and hit CTRL+C to stop the pinging if it’s still going. To make sure there are no issues with old authentication keys, enter the following command, using your Pi’s IP address:
ssh-keygen -R 192.168.1.33
The next step on both Windows and macOS is to enter the following command, using your PI’s IP address:
ssh pi@192.168.1.33
Enter “yes”, then enter “raspberry” as the password. You should now be securely connected to your Raspberry Pi. Next we will make a few changes to the settings. Go ahead and enter the following command:
sudo raspi-config
You should be seeing this screen:
Click enter to go into the System Options. Use your keyboard’s arrow keys to scroll down to “S3 Password”. Go ahead and change the default password (“raspberry”) to something else. When finished, press tab to go to <Ok> end press enter. If your Raspberry Pi kit came with a fan and you connected this fan (which is optional ), go to “4 Performance Options”, and select <Yes> to enable fan temperature control. If not, you may skip this step. Finally, scroll down to “6 Advanced Options”, then select “A1 Expand Filesystem” and hit enter. We are now done. You may hit Tab on your keyboard twice to select <Finish>. When prompted to reboot, select <No>. Next, enter the following command:
sudo apt-get update
Then, enter:
sudo apt-get upgrade
Enter “Y” and press enter. This step will take a while.
Now, we will install the Pi-hole. Enter the following command:
curl -sSL https://install.pi-hole.net | bash
Press <Ok> when prompted to start the auto-installer, and again until a screen asks to select an Upstream DNS Server. Google, Cloudflare, … is fine. Hit enter. In the next step, leave the two options selected and press tab to go to <ok>, then hit enter. Do the same in the next steps i.e. not making changes, just hitting <Ok>. Let the install process finish. Press <Ok> again at the last step, no need to write that auto-generated password down. The installation should now have exited. Enter the following command:
pihole -a -p
Enter a password of your choice. This will be the password for the Pi-hole’s web interface. Now, type the following command:
ifconfig
In the eth0 paragraph, the IP Address right after “inet” should be the IP Address we’ve been using so far (192.168.1.33 in the example). Write down the address right after where it says “netmask” on the second line. It should look similar to, or probably exactly be “255.255.255.0”.
Next, look for the Pi’s ethernet port’s MAC address which should be on the 4th line, right after where it says “ether” and which has the format xx:xx:xx:xx:xx:xx”. Write this address down precisely too, we will use the two pieces of information later. Finally, enter:
sudo reboot
After rebooting, our Pi-hole is up and running!
Router changes
The final step is to change the settings of our router. This will be different for every router brand, so we will explain what to look for. There are basically two changes we will make:
- Our router’s DNS Server is changed to our Pi’s IP address
- Our router has to assign the same IP address to our Pi every time
If you’ve never logged into your router, follow these instructions (the step to check compatibility of your router starts here too):
On macOS, go to Applications (click the magnifying glass icon on the top bar and type “terminal” in the Spotlight search window, then double click).
On Windows, type “cmd” in the search bar or Cortana window and press enter.
Now type the following command in the window that just opened, or copy paste it in:
netstat -r
You’ll see some columns of text. look for “Gateway”. Right under where it says “Gateway” is the IP address of your router. Typically this is something like 192.168.0.1 or 192.168.1.1. Open an Internet browser and enter that IP address. It should open the configuration page of your router. For Google Wi-Fi instructions, scroll down.
If you don’t know the login and password of your router, look on the bottom of the router, if there’s no info there google “default password for <your router model here>” or try some common combinations like user “admin”, password “admin”, user “admin”, password “password”, user “admin”, and password just blank.
Once you’re in, browse through the various screens (it’s often in advanced options) until you see something similar to this:
Primary DNS Server: xx.xx.xx.xx
Secondary DNS Server: xx.xx.xx.xx
If you can manually enter an address there, your router is compatible with a Pi-hole (which means if you came here to check as instructed in the beginning of this tutorial to check this, you may go back to the top now and continue reading there). On the other hand if you’re renting your modem from your Internet Service Provider and these settings are not editable, a Pi-hole won’t work for you. There are ways around this, but it would take us too far off for this article.
If you’re using Google Wi-Fi, entering your router’s IP address will give you a message to use the Google-Wi-Fi App. Go to the Google Wi-Fi App on your phone and tap on the third tab/icon, then Network & General, Advanced Networking, lastly DNS.
As Primary Server, enter the IP Address of your Pi-hole (this was the 192.168.1.33 in the example). As Secondary Server, enter “1.1.1.1” (which is Cloudflare’s DNS Server) or “8.8.8.8” (Google). This will make sure our Internet works as normal if our Pi-hole for some reason is down.
The last step is making sure our Pi always receives the same IP Address from our router. Most routers do this automatically so don’t worry about it if you can’t figure out how to complete this step, but it’s still best practice to configure this manually. What you’re looking for could be called “DHCP IP reservations”, or “Static DHCP Addresses”, or “Static Leases”, …
Adding a Static Lease requires two pieces of information: a MAC Address and an IP Address. Enter the MAC Address you wrote down before (the “ifconfig” step), and the IP Address of your Pi (192.168.1.33 in the example). In case there’s a “subnet” to fill out, use the subnet address you wrote down earlier too (usually 255.255.255.0) If there’s also a lease expiry time to enter, just enter “1200”.
After the information is entered precisely, look for the “Save” Button on the bottom and hit “Apply” if available.
Here is a link for how to do this step on a typical Verizon modem.
If you’re using Google Wi-Fi, open the App on your phone and go to the third tab (Settings symbol), then “Network & General”, then “Advanced Networking”, then “DHCP IP Reservations”, then scroll to find your Pi, select and click next and type the IP Address of your Pi (192.168.1.33). Done!
Testing the Pi-hole
Now, let’s take a look at the Pi-hole configuration page. Type in the IP address of your Pi into an Internet browser window, followed by “/admin”, in our example that would look like:
192.168.1.33/admin
You can go to this page at any time to check on how many ads were sinkholed. Now, click on login, using the password you specified (the “pihole -a -p” step earlier). You will see a “whitelist” feature appear that you can use for websites that are giving you grief for having an adblocker in place. Finally, please also use the “Donate” link on the left bottom of the Pi-hole configuration page to give the Pi-hole team some love!
That’s it! No more annoying ads 🙂