Menu Close

Setting up Pi-hole

Pi-hole is a DNS ad-blocking solution that runs on small devices (such as the Raspberry Pi) that can block ads on all devices network-wide. What this means is that you no longer need any ad-blocking plugins/software installed on your browsers.

All devices connected to your network (phones, tablets, smart TV’s, etc…) will also have the befit of ad-blocking as well.
With Pi-hole, you also have the ability to blacklist or whitelist applications as you see fit.

Sound interested? Read on…

Before getting started, there are a few prerequisites needed using this guide. You will need:

  • A Raspberry Pi. I will be using a Raspberry Pi 3 for this guide. If you don’t have one, you can buy one here from Amazon. This is the complete kit which comes with everything you need.
  • A (minimum) 8GB microSD card (included in this package)
  • A microSD card reader/writer (included in this package)
  • A router that can run OpenVPN. I will be using an ASUS RT-AC5300 flashed with Asuswrt-Merlin firmware. This guide should work with any router that supports OpenVPN, you will just need to adapt the settings for your particular device.
  • A mouse, keyboard and an HDMI monitor/TV for initial setup on the Raspberry Pi.
  • A network cable from your router to connect to the Raspberry Pi
  • A computer running Windows 10.

Let’s get started.

Installing Raspbian

  1. Download Raspbian Stretch Lite and extract the image file contained inside the zip file
  2. Download and install Etcher. onto your machine.
  3. Put the microSD card into the microSD card reader/writer, then connect it to your computer.
  4. Launch Etcher, then click on the Select image button and navigate to the path of the image file you extracted earlier.
  5. Next, click on Select drive and select the drive which represents the microSD card.
  6. Lastly, click on Flash! and wait a few minutes while the image is being written to then microSD card. Good time to go grab a beer.
  7. Once the image has been written, plug the microSD card into the Raspberry Pi along with the mouse, keyboard, network cable and monitor/TV then power it up.

Setup Raspbian

raspi-config

Once Raspbian has booted, you will be asked to login. The username is pi and the password is raspberry.

 

Before you go any further, take a note of the IP that has been assigned to your Raspberry Pi and the MAC address – you will need this later.If you don’t see it, simply type in ifconfig and you should see some output similar to
eth0 Link encap:Ethernet HWaddr b8:27:eb:81:21:30
inet addr:10.1.1.2 Bcast:10.1.1.255 Mask:255.255.255.0In this example, 10.1.1.2 is the IP of my device and b8:27:eb:81:21:30 is the MAC address.

 

After you have logged in, it’s a good idea to first update the system. Enter the following commands:

Now you will need to to change some configuration settings in Raspbian. This is done by executing sudo raspi-config.

The raspi-config window

Localization Settings

Next, we need to change the localization settings By default, the keyboard is setup to work with keyboards form the U.K. so we will change this to work with U.S. keyboards.

  1. Select Localization Options menu. Note that this option will not show up if you do not have your keyboard plugged in during boot.
  2. Choose the option to Change Timezone and adjust to your locale.
  3. Back in the Localization Option menu select the Change Keyboard Layout option.
  4. Select the default option ,Generic 105-key (Intl) PC.
  5. Next you will be asked to select your keyboard. You can select the default option [Generic 105-key] option.
  6. Now scroll down and select [Other] to go to the Country of origin menu, and here select English (US).
  7. Select English (US) in the Keyboard layout screen.
  8. In the Key to function as AltGr screen, select The default for the keyboard layout.
  9. In the Compose key screen, select No compose key.
  10. Once these changes have been made, reboot the Raspberry Pi so that you can now use your new keyboard layout.

Change User Password

Once you are logged in, run sudo raspi-config again and this time select the Change User Password option to set your own password for the pi account.

Set the hostname

Next, you will need to set a hostname for your Raspberry Pi. Select the Hostname option and follow the prompts to set your hostname.

Enable SSH

You will need to enable SSH so that the Raspberry Pi can act as a headless machine, meaning you do not need to have your keyboard or monitor or any devices connected to it.

  1. From the main menu, select Interfacing Options then SSH.
  2. You will be asked if you want to enable SSH access, select Yes.
  3. Now you will test your SSH connection. to do this, download and install PuTTY onto your machine.
  4. In the Host Name (or IP address) field, type in the IP address of your Raspberry Pi, then click on Open at the bottom.You will receive a security alert pop-up from PuTTY. Click on Yes at this prompt (don’t worry – it’s safe).
  5. Congratulations! You have now logged into the Raspberry Pi via SSH. Go ahead and reboot the server by typing in sudo reboot.

Secure SSH with SSH Keys

This part is optional, but highly recommend. This will secure your Raspberry Pi so that (remote) access to the Raspberry Pi can only be granted if you have the right public/private key combination and passphrase. For a simplified version of how this works, see this link.

  1. First you will need to generate your public/private keys. Download PuTTY Key Generator.
  2. Run the puttygen.exe file then click on the Generate button. While the key i being generated, move your mouse over the blank area to generate random data that will be used for your key.
  3. Once your key has been generated, fill in the Key comment section with a brief description of what purpose the key servers, the date…something to help you identify the key.
  4. Fill in the Key passphrase and Confirm passphrase sections with some a passphrase that will be used to secure your private key. Anytime you use this key, you will need to enter your passphrase so make it something only you will remember.
  5. Next, click on the Save private key button and save the private key to a secure location on your computer. Keep this file safe! Should anyone else ever gain access to this file, they will have a way into your Raspberry Pi.
  6. Keep the PuTTY Key Generator application open, and open PuTTY and SSH into your Rasbperry Pi.
  7. Once logged in, enter the following commands:

The above commands will create a new hidden directory called .ssh and a new file called authorized_keys that will hold your public key on the Raspberry Pi.

  1. Now, go back to the PuTTY Key Generator application and right-click in the Public key for pasting into OpenSSH authorized_keys file area and select Select All, then right-click again and select Copy.
  2. Back in your SSH session, right-click in your window and then contents of this file should be pasted.
  3. On your keyboard, press CTRL + O to save the file, Enter, then CTRL + X to exit. You should now be back at the prompt.
  4. Next, we will secure the .ssh folder and the authorized_keys so only the pi user can access them. To do this, type in the following commands:

Now that we have our keys generated and SSH setup, let’s further secure access by disabling password authentication. Remember to keep your private key somewhere safe because if you lose, you will lose remote access to the Raspberry Pi.

  1. In the SSH session, type in sudo nano /etc/ssh/sshd_config.
  2. Using your keyboard, look for #PasswordAuthentication yes and change it to PasswordAuthentication no (notice the # is removed).
  3. On your keyboard, press CTRL + O to save the file, Enter, then CTRL + X to exit. You should now be back at the prompt.
  4. Now we will restart the SSH server so that our changes can be applied. Type in sudo /etc/init.d/ssh restart.

Moment of truth! Let’s test to make sure that SSH is working before closing your current PuTTY session:

  1. Open a new instance of PuTTY, and you again type in the IP address of your Raspberry Pi.
  2. In the Category pane on the left hand side, click on SSH (under Connection) then select Auth:

  1. Click on the Browse… button and navigate to the location you saved your private key file earlier.
  2. Now click on the Data node (just directly underneath Connection) and in the Auto login username field type in pi.
  3. Scroll to the top of the Category pane and select Session. This time press the Save button so that we can save this information and not have to enter it each time.
  4. Now click on the Open button. You should be asked to enter the passphrase of your private key.
  5. Once entered, you should now be at your prompt! Success! You can now close all your open SSH sessions.
  6. The next time you want to log into your Raspberry Pi, just launch PuTTY and then select the IP of your Raspberry Pi and click on Load, then Open.

Install Pi-hole

Next we will cover the setup and configuration of Pi-hole.

  1. SSH into your Raspberry Pi and once logged in, type the following command to begin the Pi-hole setup:

  1. The Pi-hole setup screen will load, click on OK to get past the initial screen.
  2. You will be asked to enter the upstream DNS provider. or this guide, we will use CloudFlare’s DNS servers. Select  the Custom option at the bottom and enter 1.1.1.1 as the primary DNS and 1.0.0.1 as the secondary DNS server.
  3. Next, you will be asked if you want to block IPv4 and/or IPv6. Typically, most people will only need IPv4 so unless you know you need IPv6 support, only select IPv4.
  4. The setup will now identify the IP address assigned to your Pi-hole and ask you if you want to assign this address as the static IP for the device. You can choose to accept this value, or set a different static IP.
  5. After you have decided on the static IP you will be asked if you want to install the web interface. Choose Yes.
  6. The setup will continue doing its thing and at the end, give you a summary screen with a random password. You can now open a web browser and navigate to the URL provided in the summary screen which will bring up the Pi-hole web interface. Go ahead and log in!

Optional: You can change the password generated by the Pi-hole with your own password. To do this, type pihole -a -p in the SSH console. You will be asked to type the password twice.

Configure Pi-hole

Now that you have Pi-hole installed, we are going to configure it by adding some additional block lists and chaining a few settings.

  1. The additional block lists will be added from https://wally3k.github.io/ but you can also add additional ones if you want. (See https://discourse.pi-hole.net/t/how-do-i-add-additional-block-lists-to-pi-hole/259)
  2. The actual block lists themselves can be found on https://v.firebog.net/hosts/lists.php which hosts Pi-hole friendly versions of the block lists. Go to this website, and click on the Ticked Lists option which will give you a list of URL’s. Select all of the URL’s and copy them (CTRL + C) to your clipboard.
  3. Log into the Pi-hole admin interface. Once logged in, click on Settings the Block Lists
  4. Scroll all the way to the bottom and paste the URL’s from your clipboard into this text box then click on the Save and Update button.
  5. The URL’s will now be processed. Be patient as this can take a little bit of time. Once completed, you should have +/- 600,000 domains added to your block list. You can check by clicking on the Dashboard link.
  6. Lastly, click on Settings > DNS and at the bottom, select the option to Enable DNSSEC.

Use Pi-hole as your DNS server

Ready to start actually blocking ads? Now we will set the DNS on the router to the IP assigned to Pi-hole.

 

I am using an ASUS RT-AC5300 flashed with Asuswrt-Merlin firmware.
If you have a different brand router, you should also be able to modify these changes but things will obviously be in different locations and some settings may not be available on some firmwares. YMMV.

 

  1. Log into the router. Typically, your router’s IP would be 192.168.1.1.
  2. Once logged in, click on LAN located in the Advanced Settings section.
  3. At the top, click on the DHCP Server tab and adjust the following values:
    • RT-AC5300’s Domain Name: Enter any domain name you would like to use for your network. For example, home.lan.
    • DNS Server 1: The IP of your Pi-hole.
    • Advertise router’s IP in addition to user-specified DNS: No
    • Forward local domain queries to upstream DNS: Yes
    • Enable DNSSEC Support: No
  4. Click Apply at the bottom.
  5. Next, click on Advanced Settings > WAN and adjust the folloing values:
  6. Connect to DNS Server automatically: No
  7. DNS Server1: The IP of your Pi-hole.
  8. Click Apply at the bottom.

That’s it! Any device on your network should now be blocking ads. You can test this by visiting the Pi-hole test page. You can also log into your Pi-hold admin page and see the blocked requests in the dashboard.

Use Pi-hole as your DHCP server

The last section for this part will be setting up Pi-hole to work as the DHCP server on your network. Why? This is so that instead of seeing IP address in your dashboard, you can see the hostnames of the devices which makes monitoring/troubleshooting a lot easier.

  1. Log into your router then click on LAN located in the Advanced Settings section.
  2. At the top, click on the DHCP Server tab and set the Enable DHCP Server to No.
  3. Click on Apply at the bottom.
  4. Now, log into your Pi-hole admin page and go to Settings > DHCP Settings and adjust the following values:
    • DHCP server enabled: Check this option
    • Range of IP addresses to hand out: Set a range that is in your network. For most people, this will be 192.168.1.10 (reserving the first 10 for special devices) to 192.168.1.254.
    • Router (gateway) IP address: Enter the IP address for your router.
    • : Enter the same domain name you set earlier in your router.
  5. Once you have saved your changes, click on Save at the bottom. After your Pi-hole has applied the changes, reboot your Raspberry Pi, your router and for god measure your PC as well.
  6. When everything is back up, log into the Pi-hole admin page and go back to the DHCP section, you should now start seeing leases being assigned to our devices. If you look in the Dashboard, you will also start to see hostnames instead of IP’s – this part might take a little time to show up.

Good work! You managed to install Pi-hole, set it as your DNS server and as your DHCP server.

Posted in Pi-hole, Tech

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.