Pi-hole

How I setup a Raspberry Pi 2 Model B as a dedicated DNS, DHCP, and Ad Blocking Server.

What is Pi-hole?

Pi-hole is a drop in replacement for your existing DNS server. It filters our know advertising websites so they don't show up in your browser (fewer ads). 

Pi-hole is software that you install typically on a raspberry pi. The software sets up a dns server, an ad filter, a DHCP server, and a nice web based interface.

My Setup

I started with a Raspberry Pi 2 Model B Rev 1.1pi (32bit) 

I put the pi in a case so it looked nicer under my TV cabinet, which is where it will live after I set it up.

Image the microSD 

To get the Raspberry Pi up and running I chose to start with a freshly imaged microSD, which will serve as the base operating system for the Raspberry Pi.

Using the Raspberry Pi imager

I Clicked on "CHOOSE OS"

Then I selected "Raspberry Pi OS (other)"

Then I chose "Raspberry Pi OS Lite (32-bit)" because my pi was only 32 bit and I chose the "Lite" OS because I didn't want to waste any resources on a desktop. This is basically just going to be a server.

Then I selected my microSD and wrote the image. I made sure to configure the OS to use SSH and my public key. I also chose the hostname of "pihole".

Initial Configuration

Once the microSD is imaged, I installed it in the Raspberry Pi, plugged it into my home network and booted it up.

Identify the Pi

Once the Pi is booted up I was able to login to my router and see that the Pi was assigned an IP address. And that the hostname was recognized. I noted the IP address, and also was able to ping the domain name using pihole.local.

Login and Setup

Since my public ssh key was installed on the Raspberry Pi I am able to ssh into "pihole.local" without using a password.

Update and Upgrade

Once connected, I issued the following commands to update the package manager and then upgrade the server with the most updated software.

Set a Static IP

Set a static IP for pihole. Modify /etc/dhcpcd.conf. Point to the Uverse router but take an ip at the end of he range of IPs distributed by the Uverse DHCP. Set the static domain_name_servers to the Uverse router and 8.8.8.8 (the google dns).

Create User

Best practices is to not use the user "pi" (ideally I should remove the pi user if possible, but I'm not sure if some software still requires it). So, I will be creating a new user for my day to day logins and administration.

Create user alex

I used these commands to create a user named Alex and added this user to the same user groups that the "pi" user belonged to:

Config sudo

By default adding the user alex to the sudo group will just give that user permission to use sudo, but by default, user alex will need to enter a password each time the sudo command is used.

To make the new user alex more like the pi user so that a password is not required to use the sudo command, copy the 010_pi-nopasswd file to 010_alex-nopasswd.

I then edited the new 010_alex-nopasswd file to change all references from pi to alex.

Install pi-hole

Connect to pihole.local via ssh and use the curl command to install the pi-hole software.

This pulls down a bash script and runs it. The script executes the necessary sudo commands, so the curl command doesn't need to be run using sudo.

Once the installation is complete, the dashboard is now accessible using http://pihole.local/admin

DHCP

So the only way for pi-hole to work is for each computer or device in my home network to be configured to use the IP address of pihole.local as the DNS server.

Manually modifying all devices is error prone and problematic. A better approach would be to modify my current DHCP server to automatically tell all the clients to use pi-hole as the DNS. But I have AT&T UVerse, and they require me to use their router, which has a DHCP server that does not allow me to configure.

Pi-hole also has a DHCP server that I can enable, but I can't have two DHCP servers. My solution is to configure the Uverse DHCP to just have one IP address in the address range that it has permission to distribute. But I don't want it to actually distribute that IP address, so I had to trick Uverse to reserve that one IP for a machine that will never use it.

Step one, set my iPhone to use a fake MAC address.

Step two, tell Uverse to reserve it's only IP address for the fake MAC address.

Step three, enable DHCP on pi-hole.

Now as the network client devices re-establish connections with the new pi-hole DHCP server, new ip addresses will be assigned along with a definition of which DNS server to use.

Unbound DNS

Read the unbound documentation https://docs.pi-hole.net/guides/dns/unbound/ and carefully follow the directions there to setup the pi-hole DNS server.