Sometime last year, a friend of mine told me about his home network and not having adds on any of his devices anymore. Upon asking him how, he told me he used something called Pi-Hole. Pi-Hole? That sounds fishy, but hey, I have found myself quite fed up with all those adds always showing up in browsers, but also on YouTube and other places. So I went for a look.
Pi-hole was apparently started by a guy called Jacob Salmela as an open source alternative to AdTrap, back in 2014. It was hosted on GitHub and more contributors have joined since then.
It works as a DNS sinkhole, where only the DNS requests that are not blacklisted are answered. Because this blocking of domain names works at a network level (you set this thing to be your DNS server basically), it doesn't only block banners in your web pages, but also adds on your iOS, Android and other devices like smart TV's, basically anything on your network. The system, in it's current version of 4.1.1, comes preloaded with a number of lists from which it grabs its configuration, granting you a bit over 136000 domains on the Blocklist:
Since these are updated automatically, this will ofcourse keep growing. You can add your own if you have more sources of blocklists by adding these to the system.
The name is based on Raspberry Pi ofcourse, allowing this to run natively as a solution on a Raspberry Pi, even the older ones. The system load is very light, so even the previous versions should be able to run this very well. Running stuff on a Raspberry is fine and dandy, there's even ESXi for Pi now. But for me, this poses a problem, as this would be yet another piece of hardware I would have to put somewhere in the house, taking up yet another network interface on one of my switches. I do have a relatively new Synology in use, so I started looking if there was a way to be able to run in on there somewhere. I found that there is also a Docker instance of Pi-hole available. My Synology DS416play however is not on the list for official docker support, according to the Docker DSM application documentation from Synology.
Since the DS216+ was on the list, which has about the same hardware as mine, I went ahead and installed the package through the manual installation options of my NAS, downloading the newest version from the Docker DSM download folder on the Synology site. You can just install the package through this manual option in the Package Center interface:
After docker was successfully installed, to my surprise, in the docker application, there is a register view in which a lot of predefined docker containers have already been listed, ready for download. The official Pihole is one of them:
Downloading this will provide you with an image that you can use to create your container. For me, this was a first in using docker, so it took me a few times to get it to work properly. This was mainly due to the fact that I read some conflicting information in regards to the fact that this is running on a synology.
After pressing "Launch", my first docker container ever sprung to life. You do have to supply the image some environment variables, and there are some network choices to make. I decided to have the container run on the same network as my synology, since I have port 53 free on my nas. The web interface port runs on 80 per default, but this can be changed as there settings will show. Once you press Launch, you go to the Advanced
Settings of the container that is going to be created and configure a few settings:
First, I configure the container to restart automatically by selecting the "Enable auto-restart" setting. Should the container application crash for some reason, it will just start from scratch again. If it keeps crashing, the time between restarts will increase. Since this will be my single point of failure in terms of DNS queries and effectively my internet for the home network, this shouldn't be down for too long as this would seriously decrease the W.A.F. For those unfamiliar with this acronym, this is the Wife Acceptancy Factor...:
The second setting I change is the one on the Network tab. Instead of bridging networks, I choose to run it on the same interface, with the same IP address. Enable the setting "Use the same network as Docker Host":
Since we use the docker host network, there is no need for any Port Settings or Links. The last step is to provide the system with the necessary Environment settings. Without adding these, the log will show you that the container cannot start, as it expects some of them to be filled. A list of these variables can be found here.
The ones I added through the interface are the following:
DNS1 = 127.0.0.1
DNS2 = my service providers DNS server address (*.*.*.*)
DNSMASQ_LISTENING = all
ServerIP = the ip address of my synology
VIRTUALHOST = the ip address of my synology
WEB_PORT = a custom port, since port 80 is already in use on my synology. Anything in the 8000 range would be good
WEBPASSWORD = a password you are going to use for the admin interface of the pi-hole (http://<ipaddress>:WEB_PORT/admin, example http://192.168.0.1:8888/admin)
I also changed an existing one, to disable the ipv6 interface: IPV6 = false
Now pressing the "Apply" button will start the container:
Once started correctly, the system can be viewed live through the terminal tab, you can also check the event log to see if there were any problems. This is especially handy when you have problems starting the container, the log will tell you what happened and why:
To test whether the application runs, you can access the admin interface. This will show you a neat graph of what is happening, there is more information visible once you login with the password you defined in the settings.
To be able to login, you need to point your browser to https://<ipaddress>:<port>/admin/index.html
Update!!
31-01-2020:
Ok, time for an update! I have been running the Pihole for quite a while now, and I must say, I did not have to make many exceptions in the interface. There has only been one website that did not work correctly.
If you do need to make an exception, you can add the specific URL to the Whitelist. You can add the address to the bar, and just press Add to make sure the DNS address is resolved instead of thrown into the dark:
My whole network now uses this DNS server. All my computers, tablets and phones, when connected to the internal network show no signs of anything going wrong or not working.
An update of the version of my Pihole container is also something I am looking at, but this is something I will be saving for a new blogpost.
Any comments? Please let me know!