[HN Gopher] Setting up a Pi Hole made my home network faster ___________________________________________________________________ Setting up a Pi Hole made my home network faster Author : pmoriarty Score : 204 points Date : 2022-05-29 14:08 UTC (8 hours ago) (HTM) web link (brianchristner.io) (TXT) w3m dump (brianchristner.io) | fareesh wrote: | I use OpenWRT and Ad blocking on my router - is the pi hole | solution superior? | walrus01 wrote: | for those who want something effective outside of their home | network... | | ublock origin works fine as a plugin in firefox on android, and | blocks ads just as effectively on firefox on desktop. | | the ability to install arbitrarily chosen firefox compatible | plugins on firefox on android is a huge deal for me. it makes it | almost as powerful and useful as firefox desktop. | | the only time I need to touch chrome anymore is when using some | rare 1% of online shopping website that seems to think a firefox | useragent is a bot. | ggping wrote: | > I can now block all unwanted Ads and Metrics network wide. | | I love pihole - but this is still slightly exaggerated. DNS-based | sinkholin does have its limitations. | kayson wrote: | While the interface may not be as pretty, you can do the same | thing if you're running pfsense using the pfblocker-ng package: | https://docs.netgate.com/pfsense/en/latest/packages/pfblocke... | You can also so geo-based IP blocking | | Combined with pfsense's recursive resolved (unbound), it makes | for a pretty great home dns setup. | lousken wrote: | i am considering pfsense for my homelab setup - can you easily | troubleshoot issues and whitelist addresses if you need to? | zeroflow wrote: | Yeah. You have a live logging tab and can either put the URL | into a whitelist rule by clicking on the plus icon or | manually input it into a whitelist setting. | slickdork wrote: | I recommend opnsense [0] over pfsense. I ran pfsense for 5 | years and it is great, but there was some bad blood [1] | between the two projects and the community. | | [0] https://opnsense.org/ | | [1] https://teklager.se/en/pfsense-vs-opnsense/ | lousken wrote: | I am aware of opensense, and while e.g. the GUI looks | cleaner and seems to have more plugins, when I started | checking it more in depth I think that pfsense has more | thorough documentation and things like traffic shaping | which i plan to implement seems to be way easier on pfsense | | also have you done migration between the two? if so, how | hard was it? | technothrasher wrote: | > have you done migration between the two? if so, how | hard was it? | | I tried the auto-migration in OPNsense (backup from | PFsense, restore to OPNsense) a couple times. Both times | it got it mostly right, but whatever it got wrong blocked | pretty much all traffic and was difficult to figure out | why because everything looked right. I gave up and stayed | with PFsense, but figured if I ever really did want to | switch I would start from scratch. | zeroflow wrote: | I've also had to decide if I want to use pfsense or | opnsense, but for me, the pfblockerNG plugin was what | tipped the scales in favor of pfsense. | harmon wrote: | 867-5309 wrote: | this is not for the faint-hearted! | | Pi-hole is to pfBlocker as a Raspberry Pi is to a custom-built | router | pdimitar wrote: | I know some of these words. [cries in not being network-admin | educated] | | Jokes aside, I'd love a blog post on this. Seriously. Very | likely to apply the knowledge as well. | monkellipse wrote: | Can confirm, pihole is great. I put in two for redundancy, helps | make sure nothing gets through. No negative impact on network | perf, as it only touches DNS and plenty fast for that. | albert_e wrote: | you have them as primary and secondary for failover? | 0daystock wrote: | Won't be long now until IoT and other crap-ware devices catch on | to this trend and start hard-coding DNS servers in code, or | worse, using DNS encryption to avoid this sort of routine | blocking by end-users. I wonder how people are thinking about | solving this problem. | DistractionRect wrote: | I solve this with a DNS based firewall. | | Essentially it's just DNS filtering on steriods. You start with | an empty (or preseeded) ipset, and a firewall rule that says to | reject/drop all outbound traffic if the destination isn't in | the ipset. Dnsmasq is setup as the default dns provider in | DHCP, and it's setup to add all resolved IPs to the ipset (with | an expiration so stale entries get removed). | | Then it's just DNS filtering per the usual. DoH, DoQUIC, DoT, | etc don't work as their hardcoded IPs are blocked by default, | and DNS filtering knocks out domain resolution of the | endpoints. Even if an alternate resolver is allowed through the | firewall, none of it's responses get into the ipset, so it's | still broken (and is a sign I need to update the DNS filter). | | Works a treat on my IoT devices | BLKNSLVR wrote: | I really like the concept of this approach, I'd say it's | worth writing a blog post / article describing the process | and details so others can duplicate it. | timbit42 wrote: | Have your gateway/firewall block all traffic from the LAN IP of | the device from exiting the LAN. | | If it's running on Win/Mac/Linux/Android/iOS, block the app | from talking to the gateway, or even the entire LAN. | Group_B wrote: | One of many reasons why I don't even bother with IoT devices. | Don't need all this crap to be connected to wifi. There was | nothing wrong with it before. | Deritiod wrote: | It's not crap just because you don't see a benefit. | | In my opinion, additional being a curios software engineer I | find it quite interesting. | | Necessary? Perhaps not but helpful. | | Heating valves for example. | aksss wrote: | Not that I'm terribly experienced with it, but a lot of | home automation can be done without "IoT" -- specifically | without the crapware Trojan controllers that come with | consumer solutions from Best Buy. ISY994 for example. Easy | solutions for remote access via apps (vpn to home) and | notifications as well. It's not as easy to set up as a plug | and play controller from Google, but it's far more private. | Deritiod wrote: | I include your example. | | The definition of iot from Wikipedia also does it. | | But honestly why I hate my iot window blinds device it's | the perfect excuse to use vlan at home. | dylan604 wrote: | Can you not just block the specific addresses? Sure, you'll | probably have to do some log digging to find out which ones, | but I'm guessing someone else on the internet has already done | it. | Gigachad wrote: | Sure, then the devices throw up an error and refuse to | function. I noticed that most smart TV streaming apps refused | to run if they failed to connect to their ad servers. | zeroflow wrote: | There is a workaround by enabling NAT and forcing all traffic | to piHole / pfblockerNG | | https://docs.netgate.com/pfsense/en/latest/recipes/dns-redir... | rsync wrote: | How does this help with DoH? | | If the dns request is over 443 _and_ the DoH server is the | same host as the served resource, what can be done ? | jamiek88 wrote: | Could you MITM and inspect for dns request packets? | rsync wrote: | Yes - I postulated this elsewhere in this thread. | | The next step in the arms race would then be to implement | DoHoH. | | Sigh. | lapser wrote: | This is already happening. The likes of Google Home et al | already hardcode their own servers. I noticed that no DNS | requests were being made through my Pi Hole, so when I looked, | it turned out their DNS servers were hardcoded. | | However, I'm more worried about when they start hardcoding DoH | servers. | doubled112 wrote: | Same on DoH. | | I can't filter it or redirect it like I can with plain old | DNS. | lapser wrote: | Yes, really the only way would be to set up a MITM proxy on | your network and enforce all traffic goes through that. | Also means accepting a CA. | 1vuio0pswjnm7 wrote: | Been using this solution myself for a number of years. | Works remarkably well. I do not even use DNS recursion or | any remote DNS requests because I can load bulk DNS data | into the proxy's memory. There is only ever one | nonrecursive request to a localhost authoritative DNS | server and the answer is always the same: the address of | the proxy. Ironically perhaps, DoH outside the browser | can be used to gather the bulk DNS data, thanks to | HTTP/1.1 pipelining. | | Many years ago I anticipated that "developers" would no | longer allow end users to choose DNS servers. The | developers' work, i.e., software, was dropping in market | value and they began to adopt a Trojan Horse "business | model". End users could use the software for free with | the expectation that few would notice/complain about | increased surveillance and data collection, or injected | advertising. | | The so-called "MITM proxy" is neither a new nor radical | idea. Corporations routinely "MITM" TLS traffic from | their networks. Enterprise hardware/software companies | have provided turnkey solutions. | | The issue is not limited to addresses for DNS servers. | For example, WhatsApp hardcodes IP addresses in their | mobile app. For that problem I use an application | firewall. | | The PiHole is essentially a slightly modified version of | dnsmasq running on a RPi. It is funny that no one has | tried using other DNS software. Given a choice of DNS | software, I would not choose dnsmasq. It also still seems | that no one has presented a "PiHole" that uses a forward | proxy instead of a DHCP/DNS server. Similar to | corporations, home users need a turnkey solution for | monitoring their home networks. | ClumsyPilot wrote: | " Similar to corporations, home users need a turnkey | solution for monitoring their home networks." | | You'd think thats thr job of the router companies - they | sell you hex-core routers for $390 or whatecer, but no | usefull functionality | willis936 wrote: | On my router I redirect all outbound port 53 traffic not | coming from my local recursive DNS server to my local | recursive DNS server. | | The next step in the arms race is DoH. Afaik no one has a | generic answer to that beyond "treat devices behaving | hostilely as hostile". | chollida1 wrote: | What is a DoH server? | thinkmassive wrote: | DNS over HTTPS | [deleted] | guerrilla wrote: | DNS over HTTP | vladvasiliu wrote: | In the case of just using a PiHole, a hard-coded server would | easily get around it. | | But if the network outright blocks random DNS requests, that | only leaves DoH, which would require fixed IPs, which should | be able to be detected and blocked, right? | | Sure, the setup becomes a bit more involved... | mnd999 wrote: | Surely you can have firewall redirect rule that bounces all | outgoing dns to your Pi hole? | | This doesn't work with DNS over https of course. | jamiek88 wrote: | I can see people MITM their own https traffic in the near | future! | asix66 wrote: | Actually no. By blocking 53 at your router to anything | except your pihole, even a hard-coded IP like 8888 is | blocked. | cgriswald wrote: | You'd have to do packet inspection. Otherwise a hostile | hardware manufacturer could just run their DNS on a non- | standard port. | rsync wrote: | Remember- there is no reason you can't serve DoH from the | www host (the web server). | | So you won't necessarily even get to play this cat and | mouse game - the dns requests are indistinguishable from | your web requests. | | I _guess_ you could mitm your own ssl traffic and strip out | dns answers there? | | But then ... how soon until we see DoHoH? | ignoramous wrote: | > _how soon until we see DoHoH?_ | | _DoH over Tor_ already exists, but more importantly, | _Oblivious DoH_ (kind of like DoHoH) is being | standardized by the IETF: | https://datatracker.ietf.org/doc/draft-pauly-dprive- | obliviou... | cgriswald wrote: | Unless I understand incorrectly, this doesn't seem to | make the problem any worse. You'd just have to block the | proxy rather than the DNS server. Like DoH, only a | problem if that's also the web server. | 1vuio0pswjnm7 wrote: | I believe there was a proposal for something like this a | while back, before the DoH we see now. IIRC, the idea was | that DNS information could be contained inside the web | page, maybe enclosed in a tag. Addresses for ad servers | perhaps. | | Few of these ideas can be expected to work unless Evil, | LLC controls the program the end user chooses to read the | web. When an advertsing services company is also the | majority share "web browser" vendor, then ideas like this | become feasible. Whereas if web users can choose any | client to access the web,[FN1] then these ideas would be | non-starters. The open source text-only browser I am | using is not going to read the IP address of an ad server | embedded in a web page and connect to it automatically. | Even if it did, I would simply edit the source code to | disable that behaviour and re-compile. | | 1. In theory they can but in practice they generally | don't. | jacquesm wrote: | Have you tried blocking them explicitly? That might cause | them to fall back through the advertised ones. | mmcnl wrote: | It's already happening, but hardcoding also causes other | issues. You have to be really big before you can depend on a | hardcoded DNS server. | asix66 wrote: | I couple PiHole with a pfsense router. In pfsense all DNS | queries are blocked except to my pihole. This thwarts an IoT | device or streaming devices, etc., from bypassing pihole. Then | I block known DoH servers on both pfsense and pihole---which is | not perfect, since it's really a game of whack-a-mole, but | better than not. | n4bz0r wrote: | > I wonder how people are thinking about solving this problem. | | Not sure what potential issues are are being mentioned here, | but I'd say a separate VLAN for IoT devices + QoS [0] should | rule out most of the concerns. | | [0] https://en.m.wikipedia.org/wiki/Quality_of_service | phillipseamore wrote: | I already translate all port 53 traffic to my local resolver | and block known DoH addresses. | gruez wrote: | If they're really evil, they'd proxy all traffic through a | single host (eg. d2v3i0u0qtn52v.cloudfront.net), so you have | to choose between no IOT features, or getting subjected to | all the ads/telemetry. | rsync wrote: | No - as I've said upthread, the real evil is running DoH on | the www host. | | Now what ? | everdrive wrote: | >so you have to choose between no IOT features I'll bring | out the fainting couch. These devices are enough of a | poison pill that you're better off without them. You can | problem block them with Pihole, but you're one update away | from either circumventing the Pihole, or breaking your IoT | device because something got changed on the manufacturer's | end. | gruez wrote: | At that point you're better off not connecting the device | to the internet at all. | bee_rider wrote: | I think we might be at that point currently. | teeray wrote: | DNAT ftw | anthropodie wrote: | You solve that by not buying such crap-ware. You buy open | hardware systems. | ghostpepper wrote: | I would love if there was an open 4K HDR TV but I think only | a very niche audience actually cares about this so most | manufacturers will not see a market opportunity | ctur wrote: | For those not wanting the overhead of running a service on your | network, NextDNS sells what is basically managed pihole. I've | used it for about a year and have been very happy. It also lets | you use it on mobile devices for when you aren't on your home | network. | jen729w wrote: | Very slick try-before-you-buy experience. And excellent, | realistic pricing. I'll be giving this a go. | notRobot wrote: | +1. Been using it for a year too, highly recommend! | nukemandan wrote: | you can configure to use a self hosted DNS. I do this coupled | with a VPN that was very easy to install and configure: | https://dietpi.com . this VPN I access with ddns for free. | | only fixed cost was the pi to run in (pi version 1 ram if by | far enough for just pihole +unbound) | sphars wrote: | I moved to NextDNS after my SD card died on my Pi. One of the | biggest features is that I can enable this on my phone using | Android's Private DNS feature, which means it works for mobile | data without having to run a VPN. Covers all networks with no | extra configuration. Highly recommend. | quyleanh wrote: | I would like to use Adguard Home instead of Pi Hole for better up | stream DNS query. | 2OEH8eoCRo0 wrote: | I prefer Adguard as well. | NelsonMinar wrote: | I use the free level of NextDNS. Not self-hosted, for better | and worse. | vladvasiliu wrote: | What do you mean? What's wrong with PiHole's upstream queries? | beebmam wrote: | If only it were possible to buy a Raspberry Pi at MSRP! | prometheus1909 wrote: | I keep seeing posts about Pi Holes and it looks good, but I have | previously dealt with ads by appending their delivering sites to | my /etc/hosts, i.e. | | 0.0.0.0 trashsite1.com | | 0.0.0.0 trashsite2.com | | The only downside I see is that my approach is not network-wide. | Any other reasons I should reconsider? | mFixman wrote: | Similarly, why is PiHole better than using a browser ad- | blocker? | majkinetor wrote: | You should have both. One is for network wide effects, so | anything on your network will have ads blocked (smart TV, | projector, phones etc.), another is for youtube and friends. | makeitdouble wrote: | If you're willing to add and maintain an ad-blocker in every | single of your browsers (and potentially your family's) and | don't care about non browser apps it's virtually the same. | eyluo wrote: | My understanding is that PiHole stops the ads from being | downloaded in the first place, hence the increased network | performance. | dserodio wrote: | uBlock prevents then from being downloaded too | aulin wrote: | ublock only works inside Firefox on mobile, this blocks | most ads in every app, smart tvs, iot devices | newscracker wrote: | I don't know how you maintain your hosts list, but with a | solution like pi-hole, you can easily subscribe to multiple | blocking filters and have them update periodically without any | intervention. Of course, you could automate your hosts update | too, but pi-hole comes with this built-in. | user3939382 wrote: | There's an app for macOS called Gas Mask that helps you | manage these lists easily | pcl wrote: | Probably the biggest two selling points are the crowdsourced | deny list and the fact that all types of devices will benefit, | including "smart" TVs etc. | otachack wrote: | Like you said, convenience of propagating the blockage to all | devices, a central place for configuration, stats/diagnostics | built into PiHole dashboard. I do like your DIY approach, | though! | jasode wrote: | A big limitation with _/ etc/hosts_ is no support for | wildcards. | | Previous subthread about it: | https://news.ycombinator.com/item?id=22535387 | | (But it doesn't look like wildcard pattern matching doesn't | work for the substring middle part of the string like your | example.) | neurostimulant wrote: | Not sure about now, but before I'm using pihole, I was using | hosts file to block ads and found a significant increase in | network latency. Turns out the huge hosts file significantly | increased DNS lookup time in my system (>1 seconds). | more_corn wrote: | This is essentially what pihole does, but automatically, using | shared lists of ad networks (you can add your own easily). And | it's available to things on your network where you can't or | don't want to edit etc/hosts (My smart tv used to love to shove | ads in my home screen) | | It's an elegant and efficient way of taking back control of | your network and the content It shows you. | | I run it in a pi zero w with a little wooden case and a low | power phone charger (500ma) I Velcroed it to my router. | | I highly recommend that everyone do it. | russellbeattie wrote: | You'll need to make sure that you block popular DNS IPs like | 8.8.8.8 because some devices (like Amazon's Fire Tablets) hard | code the DNS address as backups. | [deleted] | hackerbrother wrote: | Side note- Pi Hole's client activity graphs are great for seeing | how much you slept at night, or how long you've been out of the | house! | godelski wrote: | Every time I've tried pihole it has failed on services like | YouTube. Can someone explain this to me and how I solve it? I | know it's not just me, it even happened to Linus Tech Tips but I | constantly hear responses "works for me" which are unhelpful. If | ublock works fine, why can't pihole? I'm actually interested in a | technical answer. | doliveira wrote: | If Linus didn't bother to clarify the reason that must have | been a pretty bad video. | | PiHole works at the DNS level, it can't block things if they're | served from the same domain | datfrojo wrote: | Pihole only works if ads are served from a distinct domain name | from content. This works in most cases but YouTube serves ads | and content from the same place so pihole can't prevent. As | uBlock works client side it does not face this limitation | ziml77 wrote: | PiHole blocks at a DNS level, uBlock blocks down to the page | element level. If the ads are coming from the same domain as | actual content, a DNS block can't be used since you'd be | blocking the content that you're trying to view. | anthropodie wrote: | PiHole works by blocking domains. Few years ago it was like | youtube.com served videos and ad.youtube.com (just an example) | served ads. | | Back then you could simply block ad.youtube.com and there would | be no ads but today Google is serving ads via their main | domain. You can't block ads unless you block youtube.com. | | So now no DNS based adblocker can block YouTube ads. uBlock is | the only option which works inside browser only. | codemac wrote: | I found this basically _only_ helped for laptops. | | Our phones and smart devices all use either DoH or hardcode a | specific DNS resolver. I haven't spent the time going all the way | down to re-routing all port 53 traffic, but I doubt it'll do | much. | | To me the future of the home network is largely dead as long as I | can't reasonably manage the software on these devices. | goodburb wrote: | Hardcoded devices/software is a very good point, not sure why | the text is faded/downvoted. | Gigachad wrote: | Proprietary software and hardware is malware. Stallman told us | this decades ago. | cassianoleal wrote: | > Our phones and smart devices all use either DoH or hardcode a | specific DNS resolver | | My phone uses whatever DNS I configure it to use. When I'm at | home, it uses my PiHole. | | If you mean individual apps going their own way, that's a | different problem. | amq wrote: | A hosted alternative to pi-hole which will work wherever you go, | also with a smartphone on mobile data: NextDNS. | anthropodie wrote: | If you liked PiHole I think you will like AdGuardHome more! | jrmg wrote: | _Like any other project I run everything in a Docker container, | and this project should be no different._ | | What is the advantage of this in this case? | dspillett wrote: | > What is the advantage of this in this case? | | Not specific to PiHole, but perhaps keeping the OPs | infrastructure management consistent may have monitoring and | maintenance benefits. | | And specifically mentioned in the _very next sentence_ : | | > The Pi Hole project already has a nice Docker project | utilizing compose. | | It is a supported configuration for PiHole so it fits in | nicely, no need to even product their own docker based | solution. | | Not much of a docker user myself (I've tinkered, and we use it | for some things in DayJob, but for my own stuff I use VMs or | occasionally LCX if I do want a container instead), but the | answer to your questions was really quite obvious. | rektide wrote: | > _What is the advantage of this in this case?_ | | That you can manage & think of this machine | (program/process/container/vm) the same was as every other | machine & dont have to ever ever ever ask "what should i do in | this case?" or "what's right for this case?" because it's a | unified answer that works well & operates the same everywhere. | | Uniformity & no special cases. Death to pitiful old ways. | hinkley wrote: | My experience is that as long as a rule has only one | exception, people are pretty good at keeping on top of them. | But that always leaves you the question of whether you want | to burn that exception on the current project or save it for | something better. Which then makes you very nervous when your | coworkers start getting clever ideas and trying to volunteer | (over-engineered) things as the exception. In the same way | the best leaders often didn't want the job, the best | exceptions are the ones you accept grudgingly, not | enthusiastically. | | Much more recently I realized that this phenomenon of One | Rule, One Exception falls under the umbrella of - or perhaps | explains the effectiveness of - the Rule of Three. Two | exceptions are bad, and work is partially pre-empted to | correct that problem. | NegativeLatency wrote: | Specifically relating to pihole (as of previous versions) it | wasn't the cleanest install uninstall experience and left a | bunch of crap behind on my system. | | I now run it in a docker container because of this, but I can't | speak to OPs motivations | mmcnl wrote: | I run everything in a Docker container because I have 50+ | services running, and I don't want to spend any time on their | inner workings. I truly couldn't care less. I only manage the | access layers (configuration parameters, volumes, ports and | reverse proxy). Using Docker every application is the same | from a management perspective. | ocdtrekkie wrote: | Any special setup amongst your network takes excess work to | maintain. In the case of Pihole, I gave up on maintaining it | because I was running it on a Raspberry Pi, and found that it | was annoyingly hard to keep a Pi running stable for a long | period of time. | | Had I a convenient way to set it up in a Docker container, it | would've been better. Of course, since I don't run anything in | Docker at home, that would also constitute a special setup I | have to maintain. | BrandoElFollito wrote: | I do discaster recovery tests for my home lab from time to | time. This is bare metal recovery (from empty hardware). | | - I download the ISO for my system (Arch Linux) | | - I install it on a drive | | - I install docker and a (very) few other things | | - I recover /etc/docker and data from a backup | | - I run my docker-compose | | - the server is up | | Time: around 30 min to 1 hour without any documentation. | | For me - THAT is the real power of docker. | mmcnl wrote: | In short: the power of declarative configuration management. | Way less error-prone than imperative shell scripts. | goodburb wrote: | You can get similar/higher speeds without ad-blocking by using | DNSmasq's "all-server" with at least two upstream servers for | forwarding. | ferminaut wrote: | I know some folks are anti Ubiquiti Unifi on here, but you can | run pihole (along with a bunch of other stuff) right on a | UDM/UDM-Pro. IMO it makes the most sense to run this on the | router, and you can run it in a docker container. If you're | looking for a fun hour or two project, check out: | | https://github.com/boostchicken-dev/udm-utilities/tree/maste... | pcl wrote: | I run a PiHole and a Tailscale exit node on my Unifi routers | (previous generation). The Tailscale exit node lets me do both | site-to-site VPNs and site-specific egress. The one thing | keeping me from site network nirvana is that I haven't quite | figured out how to set up a wifi network on the Ubiquiti device | that routes all traffic through a given other exit node, | however. Someday! | fossuser wrote: | I just setup tailscale yesterday to access a local urbit node | and it's seriously great! | | They really solved what has always been a major pain with | local hosting and made it really easy to use. | | I ended up using NextDNS over pihole, but only because it was | just easier to get the same result. | [deleted] | para_parolu wrote: | I have another point of view as a non-pro user. The leas thing | my router is doing the better. I want my router software be as | simple as possible to reduce possible bugs. Plus I want it to | put all cpu time onto processing packets. I would consider | using pihole like functionality if it's baked in firmware. But | definitely don't want to install extra software. | asdkhadsj wrote: | What sort of cost is associated with pihole, with respect | mostly to very latency sensitive things like competitive | gaming. Is it problematic? | BrandoElFollito wrote: | You will not have any extra latency once the DNS resolution | is done. | | The resolution has to be done a way or another, by default | this is your ISP and they usually suck. I had hand-picked | DNSes before (there is a utility that tests plenty of them | from your connection) and after adding a pihole on a simple | RPi it was even faster. | more_corn wrote: | No expected impact. If for some insane reason a game is also | calling as servers your performance will be improved. | | Consider the case of a web page. The content you want (the | news article) consists of say 100 get requests totaling 1mb. | The content you don't want (ads) consists of 120 get requests | totaling 1.2mb. | | When pihole is in use the content you want does not have to | contend with adversarial content. You have half as many | requests, there's 50% less data in the pipe, you get what you | wanted faster. | | Gaming is not impacted because your games don't call | advertising servers. If they did (for some insane reason) the | real game requests get served immediately not having to wait | in line behind the ad content. | [deleted] | milgrim wrote: | There should be no cost. Which game will constantly use DNS | to resolve addresses after being launched? | Brybry wrote: | I caught a bug related to this in Project Zomboid in an | early multiplayer version. | | Often when someone joined a server there would be a tiny | bit of lag for all of the users. | | I figured out the server was using a java method that | indirectly was doing a blocking DNS lookup. I think it was | reverse DNS but I forget which method it actually was, and | if it was blocking the main thread or just the networking | thread. | | (PiHole still wouldn't have created an additional cost | though.) | simon04 wrote: | This issue might relate to Java's URL class | equals/hashCode doing DNS lookups which is specified in | Javadoc https://docs.oracle.com/javase/8/docs/api/java/ne | t/URL.html#... but reported by various linters such as | https://errorprone.info/bugpattern/URLEqualsHashCode | milgrim wrote: | My question was meant rhetorically, but I guess there | might be some even more interesting exceptions to this | out there. | doliveira wrote: | If anything, PiHole might make it go faster because some | requests don't go to out in the world, wouldn't it? | milgrim wrote: | That would probably depend on the the cache hit/miss | ratio. | yzerd wrote: | PiHole is just a different DNS server - I would assume that | is probably a once on connection kind of thing. | vorpalhex wrote: | I run two piholes, rackmounted and battery backed (just | plugged into a ups). | | DNS performance is very fast, better than ISP dns usually. | | General web usage is much, much more pleasant. | | No issues with gaming. | asdkhadsj wrote: | Any recommendation on hardware piholes? I have a UDM Pro | but honestly i don't know how much i trust modifying it at | all - i've found Ubiquiti software to be iffy... so i'm a | bit hesitant to modify anything. | nickthegreek wrote: | I run mine on a good old fashion rpi for years with a | 100% uptime. | theshrike79 wrote: | You can run Pihole on any crappy raspberry pi you have | around. | | I ran mine on a Raspi Model B. You know, the one with the | RCA plug and SD card slots. From 2012. At some point the | SD was so messed up I couldn't ssh into it any more, but | it still worked. | | Now Pihole is running on my Thinkcenter minipc as a | Socker image along with a good dozen others. I don't have | to worry about SD corruption or sudden shutdowns any | more. | dmead wrote: | there will be issues if you play halo. it depends on some | telemetry stuff in windows that is typically blocked by | this sort of thing. | sbarre wrote: | I've been running a pi-hole for years and played Halo on | Windows 10 and had no problems. | | If you add a bunch of extra-aggressive blocklists maybe | you'll have issues but if you stick with the recommended | OOTB lists, you'll be fine. | dawnerd wrote: | Huh, I never even considered running containers on my udm pro. | I'm definitely going to look into this. | moffkalast wrote: | Ah I just opened this thread to ask why isn't this a standard | feature on routers at this point, and lo and behold. | | I hope it becomes more ubiquitous (hah) even on lower cost ones | eventually. | pledg wrote: | It's not a standard feature on UniFi either. It's possible | but not part of the OOTB OS. | Vaslo wrote: | I have the UDM pro but have been running AdGuard home. I will | definitely have to check this out. Thanks! | goodburb wrote: | For OpenWRT users, I managed to easily get it working with LXC. | Sources are in "SmoothWAN" project at Github. OpenWRT natively | supports LXC now. Shortcut: | https://github.com/TalalMash/smoothwan-feeds/tree/main/pihol... | ronjouch wrote: | For OpenWRT users, there's even simpler: use the "adblock" | and "luci-app-adblock" packages :) . | | https://github.com/openwrt/packages/blob/master/net/adblock/. | .. | | https://openwrt.org/docs/guide-user/services/ad-blocking | | https://forum.openwrt.org/t/adblock-support-thread/507 | cassianoleal wrote: | Never heard of smoothwan but I've been running PiHole on LXC | on OpenWRT for years. It was never difficult to set it up, I | just created a Debian (or Devuan, can't remember now) | container and ran the PiHole install on it. | agomez314 wrote: | How does this compare to using Brave Browser with ad blocking? | sneak wrote: | It blocks a lot of the phone-home from Apple devices that is | built in to the OS and happens outside of the browser. | newscracker wrote: | It's different but has some similarities. This blocks all kinds | of configured (DNS) requests from your devices, even from apps | and operating systems, whereas Brave browser only blocks ads on | the browser. One drawback is that this solution does DNS level | blocking, and cannot handle any web page element-level blocking | that may be possible in some browsers. ___________________________________________________________________ (page generated 2022-05-29 23:00 UTC)