Tek's Domain

  • Making My Pi-hole Real Metal
  • Making My Pi-hole Real Metal

Making My Pi-hole Real Metal

2020-08-04 5 min read Hardware Networking Tech Teknikal_Domain Unable to load comment count

Note: Not sponsored. Just excited.

So, fun fact, I run Pi-hole on my network as a relatively easy set-and-forget ad-block. For a while, this has been, and please stow your pitchforks, a VM on the main hypervisor. As of now… it’s that thing up there. Pi-hole’s resource requirements are so low that no matter what I assign that VM, I’m wasting something somewhere. Besides, I have plenty of those little machines, so why not?

What is Pi-hole?

Pi-hole is a network-wide ad-blocker. More specifically, it’s an ad-blocking DNS, which, well, heck I guess I can explain real quick.

DNS

DNS, or the Domain Name System, is a, and I’m simplifying here, list of all the names that exist on the internet. For example, www.google.com is a DNS name, comprised of three parts:

  • com, which is the Top-Level Domain, or TLD. Everything has a TLD, the most common is .com and .org, though others exist like .tv, .me, .edu, and so on.
  • google, which is the name is the site you’re going to
  • www, a sub-domain of the site. For example, I run tdstoragebay.com, meaning anything that ends with tdstoragebay.com is under my control. I have hg.tdstoragebay.com, which leads to a different place, and svn.tdstoragebay.com which leads somewhere else.1

DNS is hierarchically structured, think of it like the path to a folder on your computer… just backwards.

You might have a file in Documents/school/mywork, and in the DNS system, this is shown as mywork.school.Documents, you get more specific by adding elements on to the beginning of the name, not the end.

Every time you go to a URL, you’re using DNS. Most humans cannot remember raw IP addresses, and therefore, we have human-memorable concepts like words that we use instead. In this way, DNS is like the phone book of the internet.

DNS maps human-readable names into computer-usable IP addresses. Whenever you say “I want to go to youtube.com”, your computer fires off a query to its local DNS resolver, which does pretty much the same thing again and again that I won’t cover here, and finally returns a response back, “oh, youtube.com is 172.217.8.206”.

So here’s the rub: every internet connection starts out with resolving the DNS name into an IP address. Even ads. Pi-hole is a fully-functional DNS resolver that you can drop onto your network, and then just tell devices “ask this thing for DNS” (pro-tip: DHCP settings in your router to deploy to the entire network). Feed pi-hole some lists of domains to block, it starts with some good baselines, though a quick Google or trip to r/pihole can help you find more. Whenever it gets a query for a blocked domain, it immediately responds with IP 0.0.0.0, meaning instead of an ad, you’ll get a nice browser error message in its place, stating that it refused to connect. Nice!

If you set this up so that everything on your network points to it, you can check things like which device is the most chatty, which one is generating the most blocked traffic, and some really cool metrics for nerds like me… oh and it’ll block ads across anything on that network, pretty much passively. Remember to occasionally sign-in to the admin portal and refresh the lists and you’ll be good! If something is on a list that you need, or isn’t on a list that you want to block, you can manually whitelist and blacklist domain names too.

And finally, the kicker: Pi-hole is a free and open-sourced project, that’s designed to run on a Raspberry Pi single-board computer. Which, for anyone not familiar with those, means it’s so lightweight that just about anything can run it and have extra resources.

The Black Box

With that introduction out of the way, that little Lenovo ThinkCentre you see there is the new pi-hole here. It’s a M93p model, collectively referred to in my group as a “tiny”. They have a pretty decent i5 CPU in them, 12 GB of memory (from where I get them), a good sized 2.5" HDD, and two Wi-Fi antennas, one internal, and one port for a screw-on attachment on the back. DisplayPort and VGA out, runs on the same power supplies as the laptop docks I use, and can even take wired Ethernet, along with plenty of case USB 3.0 ports. Really, it’s a nice little ThinkPad in a box. They also make for good little compute units. Not full server-grade, but if you only have light-duty loads or just a lot of them, they’re powerful.

Because of all that, I can set this in the networking cabinet with everything else, all I need to really ever do can be managed through the web interface (it automatically resolves pi.hole to itself), or through SSH. What this means is that I can clear out a VM from the hypervisor, and I’ve finally got some physical hardware for it to utilize, which it seems ever so slightly less broken when it’s requests for things like CPU temperature can actually be answered.

  1. Not an exhaustive list. TDSB has servers for Git, Mercurial, Monotone, Fossil, darcs, GNU Bazaar, BitKeeper, Subversion, and CVS, each with their own subdomain, minus Git which is at tdstoragebay.com itself. ↩︎

Ad-blocker DNS Pi-Hole
© 2023 Teknikal_Domain
Modified fork of the Bilberry Hugo Theme