It’s that time of year again: this is the start of “summer mode” for the JeeLabs weblog.
Instead of weekly article series, there will be just one post per week, covering a somewhat wider range of topics than usual.
This week, I’d like to report on a very nice little gadget to block most adware and even entire sites from all machines on the local LAN and WLAN network here at JeeLabs:
All the magic comes from an OSS package called Pi-hole, which is a word-play on this:
It’s delightfully easy to install, and a great match for dedicated Linux boards like the Raspberry Pi, Odroid, or CHIP. I used the latter, since it’s the cheapest of them all (when they’re in stock…) and has both flash storage and WiFi. It even does LiPo backup.
I also 3D-printed a little cover (in a hurry) to dim its annoying LED, using this design.
It’s brilliantly simple: Pi-hole takes over as DNS server. This is done with a single configuration change on my home router: I just tell it to announce the Pi-hole as local network DNS server, instead of the router itself (which delegates lookups to my ISP).
Pi-hole itself in turn, maintains a list of over 100,000 domains which it hijacks, and redirects to its own IP address. The result is that when a browser (or any other app!) requests info from one of these domains, it’ll see Pi-hole’s error reply instead, like this:
This disables images and tracker requests. Also on all your mobile devices using WiFi!
Furthermore, Pi-hole includes an excellent web-based admin / configuration panel:
Note that there’s one pesky little detail: you must get the DNS routing absolutely right. This means you have to make sure Pi-hole will use the router, not itself, for forwarding DNS requests it doesn’t know about.
Any mis-configuration will cause all DNS lookups on your network to fail (!). Note also that the Pi-hole must remain powered up and working properly at all times.
But once set up, it’s absolutely brilliant. I’m so delighted with this, that
I’ve also black-listed “facebook.com” - good riddance…
There’s no performance penalty since only the DNS requests are redirected, not the actual page transfers and downloads. In fact, some sites may become faster as their adware payloads are never seen or fetched.