I have a complete Ubiquiti setup as well and only using 1 Rasberry Pi for Pi hole. Why do you need two? For failover?
Regarding sites serving ads from their own domains, YouTube and Twitch are the biggest offenders. Pihole won’t block their ads at all.
Problem with Raspberry Pi reliability is the storage. SDcards aren’t meant for continuous use, and they fail with depressing regularity. You can avoid that by using an external USB SSD, but the USB ports are only USB2 so that isn’t a fantastic solution either.
I run pihole in a linux container myself, works great. They have docker containers also.
I used to be able to only have one DNS in the Network Settings but now it is requiring at least 2 and up to 4. Not sure when that changed. The secondary server is not used for much, but when I had 18.104.22.168 as the secondary I would see ads from time to time.
It is best for Pihole and other system and program logs to be saved somewhere other than the sd card, might be best to overview and examine all pihole configurable features, by default DNS is not cached more that 2 seconds.
Personally the real advantage to me for an adblocker like ublock origin is blocking avatars and/or GIFs.
Pi-hole is freaking awesome. Mine is running locally inside a Docker container.
Sorry to disappont you, but PiHole is not an answer for Ad Browser. https://developers.google.com/speed/public-dns/docs/dns-over-tls
I am sounding a bit paranoid, but Chrome is one flag flip away from always using Google DNS servers in uninterruptible fashion, and giving a user secure supply of automated advertising.
That’s strange. I have 4 DNS server fields as well but only one filled in pointing to my PiHole server. My USG is doing DHCP and just has the one DHCP Name Server set. I guess since you already have it setup the benefit is that if one of the Pi’s fail you will have a backup
Where did you get the information about DNS only being cached for 2 seconds. I don’t see that on the PiHole documentation page and no settings on changing it.
Definitely possible. If adblocking via DNS becomes super common, perhaps this will happen. I think more sites will serve up ads from their own domain, personally.
Also in case you’re curious about power consumption of the 3b+ versus older Pis:
I’d expect a pi-hole device to be “near idling” most of the time, so 230mA is the realistic floor for recent Pi models that have ethernet.
Here we see 350mA idle, which is ~2w. Maximum realistic is just over 5w at full synthetic CPU load.
Do give a try to https://technitium.com/dns/ on your Raspberry Pi which can block Ads based on block lists and has some advance features like built-in DNS-over-HTTPS, DNS-over-TLS and ability to use SOCKS5 proxy + Tor network to allow using Cloudflare hidden DNS resolver.
I hate what’s happened to the web. Many articles are now unreadable and ironically try every trick in the book to distract you from the content you came to read.
But, if you’re going to use an ad blocker then you really need to meet them halfway and address the root cause - you need to pay for the content that you value the most. The reason this has gone so over the top is that so many outlets are struggling to survive.
Apple News+ is an interesting approach to this problem and to me it’s quite refreshing to be able to just read content from a diverse set of sources without having to weed through the distractions.
My Asus router lets me set custom DNS servers for the DHCP clients on the network, and I’ve been using OpenDNS without any blocking (using uBlock Origin on browsers). I’ve got a Ubuntu server running on the network, I might install pi-hole on there and point my DNS over there for a bit, and see how it works.
One concern I might have, though, is that there are some folks in this household that play app-supported games on their phones/tablets, and I don’t know how those apps will behave under ad blocking.
Currently you can setup your mobile device to VPN into your PiHole to use it as the DNS server, even on the go. The new thing that should make this better is WireGuard, which is what the 22.214.171.124 mobile app is using. (CloudFlare claims their implimentation uses LESS power that a traditional VPN. If that is true, and they have released their implementation as open source, even on devices whose Linux Kernel doesn’t support it, this will probably bea win.)
I haven’t switched completely to Brave, but there are so many tools to sync bookmarks and all the Chrome extensions work in Brave, so I’m not sure what’s holding me back. For testing, I like having a separate browser sometimes which I use Brave.
Worse is that some adverts come complete with exploits that attempt to hack your systems. I’ll consider switching off my adblocker only once advertisers stop pop-over adverts, adverts with sound, and adverts with exploits.
Interesting article and responses but, at the risk of being off-topic, I wondered what the situation is with browsers other than Chrome (particularly Firefox). Are these also at risk from Google’s impending changes?
While I’m sure my default setup of Firefox with ABP/Ghostery and couple of other addins to deal with Flash Cookies and YouTube ads is technically inferior from a performance perspective, it keeps my screen adequately clear of junk. I’ve always been suspicious of Chrome (I’m old enough to remember the Google Add-on for IE which still relayed everything to HQ even when supposedly disabled) hence it only gets used for specific (application) purposes.
Any guidance much appreciated.
I think if the 3B+ actually had gigabit ethernet, it would show up in the iperf column. Compare it to the Macbook Air:
It looks like the new Raspberry Pi 4 has actual gigabit ethernet, so maybe you should update your blog post to recommend that?
Thanks for the blog post. I’d read Troy Hunt’s article about Pi-Hole a while ago, and initially I set it up running in a docker container which was a bit flaky. I bought a Pi 3B+ and set it up last night. Was my first Raspberry Pi experience and overall I am impressed with the kit! I might buy some more of them to play with.
It does have gigabit ethernet, but the interface is piped through a limited internal bus. It is still more than 2× faster than the 3B. As you noted, they properly fixed this bus bandwidth limitation with the 4.