A new, lightweight version of Pi-Hole is here. Just how easy is it to block advertising on your home network?
Pi-Hole 6 appeared a few weeks ago. Since then, there have been a few small bug fixes and it's now up to version 6.0.5. The new release is lighter weight and has fewer external dependencies: it no longer needs PHP or an external web server. If you run the Docker container version on top of another Linux OS, it's lighter still, as the container is now based on Alpine Linux instead of Debian. Is it really worth setting up a dedicated ad-blocker on your own network? We decided it was high time to try.
Why now?
In the last year, you could be forgiven for feeling that web browser suppliers are actively working to make us trust them less. Last year, Mozilla bought an ad company; this month, it removed its promise not to sell your info.
Meanwhile, Google is nearing the end of the process of turning off the extension system that uBlock Origin uses. It's gone from Chrome 134, which came out the same day as Firefox 136. Once Chrome updates, you must either switch to the less-capable uBlock Origin Lite or an equivalent, or lose ad-blocking altogether. This also goes for anything based on this or subsequent versions of Chrome, such as Microsoft Edge. While downstream vendors may be able to keep the older Manifest V2 around for a while, sooner or later, they face the choice of updating to a newer version of Chromium and dropping it, or forking Chromium's 45-million-line codebase.
Pi-Hole 6 has a good-looking web-management screen to show what it's doing
Pi-Hole 6 has a good-looking web-management screen to show what it's doing – click to enlarge
Enter Pi-hole (a play on pie hole, which is the American English for the British cake hole – mainly used when telling someone to close it). Pi-hole takes over as your network's name server, and silently redirects all web requests to known ad-server addresses to a DNS sinkhole. Everything else is passed upstream to the public DNS server of your choice. Only requests for ads silently fail, and the rest of the page loads as normal. The result is you see fewer ads.
What you need
In terms of the computer power it needs, this is a very simple task. It's like putting up a diversion sign, rather than a bridge. The Pi-hole doesn't carry traffic, it merely diverts some of it. As a result, the requirements for the system running the Pi-hole software are very modest.
The snag, however, is that there are other external requirements. The documentation says that you really want a machine with a wired Ethernet connection into your router, not Wi-Fi, and that machine needs to have a static IP address. A permanent DHCP lease is enough, but this means you must be willing and able to log into your router and adjust its settings. It doesn't need any inbound access from the outside world, so there's no significant additional security risk.
As the name implies, Pi-hole can run on a very low-end computer such as a Raspberry Pi. This includes old models, but not the Pi Zero, as these budget models lack Ethernet ports. An older full-size Pi is probably cheaper, easier, and more reliable than trying to add Ethernet to a Pi without it. A 32-bit machine should be fine.
If you are the sort of techie who already has a Linux box running on your network somewhere, such as a NAS server, Pi-hole is also available as a Docker container, which some commercial dedicated NAS boxes can run. Failing that, a very elderly laptop, even one with a clapped-out battery and a broken screen, would suffice.
Pi-hole 6 has remarkably frugal resource usage: a passively cooled Pi 3B is overkill for the job
Pi-hole 6 has remarkably frugal resource usage: a passively cooled Pi 3B is overkill for the job – click to enlarge
We decided to try it on an old Raspberry Pi 3B that had been sitting in a box for a few years. A 64-bit quad-core is overkill for this job. A Raspberry Pi 2 would do fine, but we sold ours when we bought the Pi 3. The system requirements are so modest that even a Pi 1 might do. In use, our Pi used about 12 percent of its 1 GB of RAM, and single-digit CPU usage if that.
How to do it
Pi-hole doesn't come as a complete distro. It's a small collection of software that you install onto an existing Linux box. The supported list is the Raspberry Pi OS, Armbian, Ubuntu, Debian, Fedora, and CentOS Stream. We decided to take the path of least resistance, and used the Raspberry Pi Imager to write the latest Raspberry Pi OS Lite onto a 16 GB microSD card. We should have gone with a smaller one: it's only using 2.2 GB, and an 8 GB card would have been enough.
Using a Wi-Fi connection, we updated Pi OS, rebooted, then started the Pi-hole installation process. You can opt to continue, but the setup routine defaults to quitting until you confirm that you've set up a static IP. So we did. We cabled the Pi into a switch, gave it a static IP address on the router, then restarted setup. The next step is to choose an upstream DNS server. We went with the default here, but some of the alternatives offer stricter blocking of their own.
Once Pi-hole is installed and you've rebooted the machine, you can test it by manually setting one computer's DNS server to the Pi-hole address. If it works, there's only one mandatory setup step left: change the router's DHCP settings and set the DNS server to the Pi-hole's address. The Pi-hole's hostname doesn't matter much.
In case your router won't let you change its DHCP settings, another option is to turn the router's DHCP off and use Pi-hole's built-in DHCP instead.
Is it worth it?
So far, so good, and a definite affirmative. Comparing notes, some other vultures at The Register are also running Pi-hole. Ads consume a surprising amount of the bulk of some sites these days, so there are both speed gains and data usage reductions to be had. If you're on a metered connection, it's definitely worth a try.
Whether this sounds worth the effort depends on your personal preferences. For us, the setup and configuration process was considerably quicker than the time it took to find the Pi and a suitable power supply, plus a spare SD card, and hook it into the switch on our server shelf. (We also configured the unattended-upgrades tool to keep Pi OS fresh.)
As it happens, our home NAS servers run FreeBSD, not Linux, so running a Pi-hole VM would take more resources than our geriatric HP Microservers could really spare – and of course, a NAS box uses a lot more electricity, as well as emitting heat and noise. If you have a Linux box that's always running anyway, though, your mileage may vary.
We found the setup process easy and quick, but you do need to tweak your router settings. We've yet to find anything that isn't working right.
A small potential snag is that because the same system runs on multiple distros, Pi-hole lacks its own repository, so updates must be performed manually – although we may investigate scheduling that.
Alternatives
There are other ways. For instance, it is possible to run an OS-level ad blocker. Most Linux distributions include Privoxy, for instance, and you can also install it on Windows or macOS, where it runs in the background, filtering requests from your browsers. Download and install it, then go into your network settings and set your web proxy to localhost:8118 for both HTTP and HTTPS, and that's about it.
Privoxy has pros and cons. Advantages include that it works for all your browsers, and for road warriors, it travels with you and filters any network you happen to use. (The exceptionally dedicated could configure a VPN and access their home Pi-hole from elsewhere, but that definitely sounds like too much work for our tastes.)
The main drawback of a filtering proxy is that you need to run copies on all your computers – and it won't help with phones, tablets, smart TVs, and other devices on which you can't do that. ®
Bootnote
If any loyal Reg readers have built a Pi-hole allow-list to whitelist El Reg and its sister sites, do please let us know in the comments.