Pi-Hole or something else for network ad blocking?

plz1, 1 year ago

NextDNS.

Also, be wary of relying on anything blocking ads on streaming services this way. They will likely serve them within the video stream, so not network-blockable.

Objects, 1 year ago

I’m also a fan of NextDNS. Have an unbound instance querying it.

satanmat, 1 year ago

I love pihole, for my family it is better as it helps on all the devices. Being able to block malware and tracking is nice too

lemming741, 1 year ago

I run pihole on proxomox, and also opnsense in the same box. Then you can forward all port 53 traffic to your pihole. Some devices have hard-coded DNS that will bypass the DHCP DNS.

AbidanYre, 1 year ago

Some chromecasts stop working when you do that.

DeltaTangoLima, 1 year ago

Really? I run several Chromecasts, and I block their access to all DNS services except my internal Pi-holes. They work just fine.

4am, 1 year ago

It’s probably not blocking DNS-over-HTTPS

DeltaTangoLima, 1 year ago

Lol - not my first rodeo. I’m blocking dns.google as well, and I’m 99.999% certain Google won’t have coded Chromecasts to use anyone else’s DNS servers.

AbidanYre, 1 year ago

Yeah, I don’t know if it’s all models, but the ultras do at least.

reddit.com/…/chromecast_ultra_just_updated_and_no…

DeltaTangoLima, 1 year ago

Ah - I only have the Chromecast GTVs. Good to know I don’t need to pay for an upgrade then!

zzzz, 1 year ago

Chuck 'em in the garbage and get something that doesn’t break when you insist on privacy.

ApathyTree, 1 year ago

Ha! This is my new way of looking at my smart devices. I’ll sell you off if you don’t do what I want, and buy something that does. Very much a threat.

I recently factory reset all my Roku TVs, and didn’t connect them to the internet… and they work much better now.

Roku broke big time when I insisted on privacy. blocked the entire Roku domain, it broke the apps on a 1-month schedule like clockwork to get the network release for reinstall which allowed for phone home. lol no. I trashed it. They are dumb TVs now.

zzzz, 1 year ago

I’ve done the same! It’s impossible to buy dumb TVs nowadays, but you can always prevent them from connecting to the network.

retrieval4558, 1 year ago

Yeah do it there is basically no downside. I agree with others that you may have trouble with the ads in streaming services. On my android TV, YouTube ads, for instance, aren’t blocked by pihole.

cmnybo, 1 year ago

When the ads come from the same domain as the content, which is the case with youtube, you can’t block them with any DNS based ad blocker.

unwillingsomnambulist, 1 year ago

Pi-Hole’s great. Got my primary instance on a Pi 4 and three secondaries (one per vlan) on LXCs. Works so well it feels weird seeing ads when I’m not at home, I’m actually considering using Tailscale to route all my queries through my home connection.

Arkhive, 1 year ago

I do this and it works great. Ad block on all my devices regardless of proprietary sandboxes. I also use Syncthing over my tailnet IP addresses so that traffic never leaves my “grounds”. I’m slowly building out a whole suite of services I host only within my tailnet, jellyfin, calibre, invidious, it been a great learning experience. I’m about to set up a proper home lab, finally moving everything off an old laptop.

ajmxco, 1 year ago

I use knot-resolver with the big block list from oisd.nl and it works great.

akilou, 1 year ago

You should definitely set up pihole but I don’t think it’ll block ads on streaming apps unless I’m wrong and someone can point me to something that explains how I can set that up.

Codilingus, 1 year ago

Adguard home is like pihole, but has built in encrypted DNS options. For easy mode NextDNS.

They pretty much all have the same block lists to choose from.

KyuubiNoKitsune, 1 year ago

I use 2 cloudflare containers that the pihole points to. That gives me DNS over https but it’s more of a mission to set up.

Gooey0210, 1 year ago

Adguard-home is way better than pi-hole imo

dan, 1 year ago

Plus it’s easy to run multiple AdGuard Home servers and keep them in sync using github.com/bakito/adguardhome-sync

Gooey0210, 1 year ago

Oh, oh, oh, gimme that!!

First time i hear about something like that, i’m going to install it asap

dan, 1 year ago

It works well! I have one AdGuardHome instance running on my home server and one running on a Raspberry Pi, both using Docker. Having two prevents the internet from breaking in case I have to shut down one of them for some reason.

Guajojo, 1 year ago

Pihole user for more than 5 years,.can confirm that it is indeed better, made the switch few months ago

EncryptKeeper, 1 year ago

As an AdGuard home user for more than a few years, I switched back to Pihole because it wasn’t really any better. It was also easier to pair pihole with Unbound.

DreadPotato, 1 year ago

What makes adguard home better than pihole? Genuinely curious, I’m running pihole now and have been for a couple of years without issues.

Gooey0210, 1 year ago

Replied here sh.itjust.works/comment/7637726

eskuero, 1 year ago

I have no experience outside of blocky, but the configuration file is so damm simple and clean I have troubles even considering anything else.

Evotech, 1 year ago

I’ve used controld.com

bdonvr, 1 year ago

Pi-hole is great, but unfortunately ads in YouTube or other streaming services is not one of the things it blocks.

dan, 1 year ago

PiHole and similar services just use DNS blocking, which only works if the ads are served via a third-party ad server. Sites with their own ad inventory (YouTube, Facebook, Twitter, etc) can’t be blocked this way since they can just serve the ads from the same domain as their regular content.

HexagonSun, 1 year ago

Glad I read this - all my other devices block ads perfectly well already, but was wondering if I could block YouTube ads on my Apple TV… I guess not!

greyskies, 1 year ago

Not sure of any downside yet but setting your country to Albania via vpn removes all YouTube ads on Apple TV. Was just informed of this yesterday and as mentioned there may be reasons to not do this.

mgrimace, 1 year ago

If you’re comfortable self hosting you can use isponsorblocktv to block ads/sponsorship on YouTube on AppleTv and various smart TVs. I use this + Pi-Hole github.com/dmunozv04/iSponsorBlockTV

PainInTheAES, 1 year ago

Your best bet is getting a platform your can sideload apps onto and running SmartTube

dontblink, 1 year ago

I wonder why we don’t have AI browser extensions that can recognise and obscure possible ads / unwanted content yet

WaxedWookie, 1 year ago

Because the AI isn’t needed, and would be computationally expensive.

Extensions like ublock origin and sponsorblock work just fine.

HerzogVonWiesel, 1 year ago

Simple: That would be the opposite of making money for companies

Rookeh, 1 year ago

I use both. Pi-hole running in a docker container on one of my home servers which my gateway is configured to assign as the default DNS for all clients, and uBlock Origin on all my browsers to catch everything else.

Pihole is pretty good at catching ads on platforms that are not suited to browser based blockers (IoT devices, streaming boxes etc) but it isn’t perfect and is best used in conjunction with another solution.

LunchEnjoyer, 1 year ago

NextDNS is awesome if you want the simple solution, and don’t have any hardware to install services on. Thee free version is somehwta limited to queries(300k per month), but personally didn’t hit those when I was using the free tier.

NextDNS has a lot of nice customization and can easily had custom block lists. The pro version is 2euros a month I believe. I personally stick with NextDNS due to never having to worry about updating the service and it always just works. I also have it hooked to my Tailnet, that way all my devices use it by default.

But ofc, Pihole, Adguard and the rest are also awesome. Best to just pick one that looks good for you. The end goal here is to just have something running in the background rather than nothing.

Fedegenerate, 1 year ago

I went with a pi running pi-hole. I got it as a project where the tool is the project. But, it’s essential infrastructure now and I don’t want to mess with it incase I break it. I’m an idiot with a poor history with pi guides so far, so I will break it. It’s running the adblock fine, I assume it’s doing the tracking and malware blocking fine too.

Sadly, that’s where I leave the project for now, I had intended to give it a HDD and some… other… software but I really don’t want to break it. I tried convincing the better half that I obviously need to N+1 but she wisely did not see reason.

khorak, 1 year ago

If you want to try setting it up in high availability with failover, give me a poke. And until then - go to Teleporter in the settings, and download the backup. You can restore from there.

One thing worth saying is this - you can grab a cheap refurbished ssd (the smaller - the better), check it’s SMART data for any red flags, and attach it to the pi as OS disk. It will be much more reliable than SD, but overkill if you only run pi on the box. Alternatively look into log2ram, it keeps your SD card alive for longer :D but backup first!

Fedegenerate, 1 year ago (edited 4 months ago)

Thanks. I already have Log2Ram running to prolong the life of the SD. My planned disaster relief is a spare SD, already set up and taped to the box ready to swap and reboot in case of emergency. SD cards are cheap so chucking <£10 at the setup once in a while is no big thing. A fresh install on the new SD allows me to improve on what I’ve already done, for example the new SD I’ll run DietOS instead of Raspbian, and reinforce skills. Less time efficient but that’s no matter when the box is working and it’s a hobby. I can then keep the old SD card taped inside the case as a physical back up. Perhaps more expensive in the long run, but an SD card taped to the inside of the case with simple instructions is an easy sell to the fiancée.

My experience with guides has shaken my confidence quite a bit. Which is fine, I’ll get over myself and the point is to learn, so me hitting snags is a good thing. But, until I have a functioning back up I’m not going to be fucking with it. Facebook cannot go down on account of my education.

But if I may, I have one question, a bunch of recommendations have the setup “segregated” (I dunno the word) in Docker and Portainers but I don’t understand the rationale. I wasn’t intending on doing this, instead opting to install Pi-hole, Log2Ram, UFW, and the… other… softwares directly to the OS for simplicity. Why would one set up a Pi-hole et al in a containers instead of directly?

My current set up is Raspbian OS running Pi-hole as ad, tracker, malware block and DHCP (the ISP router is a Sky2 box so no IP or DNS customisation), Log2Ram and UncomplicatedFireWall.

khorak, 1 year ago

I wasn’t intending on doing this, instead opting to install Pi-hole, Log2Ram, UFW, and the… other… softwares directly to the OS for simplicity. Why would one set up a Pi-hole et al in a containers instead of directly?

So there are many reasons, and this is something I nowadays almost always do. But keep in mind that some of us have used Docker for our applications at work for over half a decade now. Some of these points might be relevant to you, others might seem or be unimportant.

• The first and most important thing you gain is a declarative way to describe the environment (OS, dependencies, environment variables, configuration).
• Then there is the packaging format. Containers are a way to package an application with its dependencies, and distribute it easily through the docker hub (or other registries). Redeploying is a matter of running a script and specifying the image and the tag (never use latest) of the image. You will never ask yourself again “What did I need to do to install this again? Run some random install.sh script off a github URL?”.
• Networking with docker is a bit hit and miss, but the big thing about it is that you can have whatever software running on any port inside the container, and expose it on another port on the host. Eg two apps run on port :8080 natively, and one of them will fail to start due to the port being taken. You can keep them running on their preferred ports, but expose one on 18080 and another on 19080 instead.
• You keep your host simple and empty of installed software and packages. Less of a problem with apps that come packaged as native executables, but there are languages out there which will require you to install a runtime to be able to start the app. Think .NET, Java but there is also Python out there which requires you to install it on the host and have the versions be compatible (there are virtual environments for that but im going into too much detail already).

Basically I have a very simple host setup with only a few packages installed. Then I would remotely configure and start up my containers, expose ports etc. And I can cleanly define where my configuration is, back up only that particular folder for example and keep the rest of the setup easy to redeploy.

Fedegenerate, 1 year ago (edited 4 months ago)

I have nothing to add, and an upvote isn’t enough. Truly, thank you for your time, there’s a lot to think about.

I think for this initial iteration I’m going to direct install in the name of keeping it simple. Next go around I’ll try containerising, just to learn if nothing else. If I out-grow the Pi4 they’ll be good skills to have.