Setup Pihole On Ubuntu
Overview
It's estimated around 25% of web traffic is advertisements and/or trackers. Once Pihole is setup, it acts like a DNS resolver and will block these ads and/or trackers at the DNS layer. What this means is that this traffic doesn't even reach your client.
How to setup OS on Ubuntu
- Download Ubuntu Server
- My recommendation is to use the server-edition called Ubuntu Server xx LTS, because it's optimized for headless installations and LTS (long term channel) means the OS will be supported with updates for a long time.
- This will download ubuntu-xx.xx-live.server-amd64.iso
- Approx. 1gb in size
Choice of Hardware
- Feel free to install on whatever system you choose:
- Bare hardware
- Virtual Machine (my recommendation)
Installation of Ubuntu Server
- Language
- English
- Keyboard layout
- Network Connections
- Set to DHCP by default, I strongly advise setting Static IP (due to DNS being very picky about this)
- Subnet:
192.168.1.0/24
(my network) - Address:
192.168.1.210
(this will be the Pihole IP) - Gateway:
192.168.1.1
(my pfsense firewall) - Name Servers:
192.168.1.1
(my pfsense firewall)
- Subnet:
- Set to DHCP by default, I strongly advise setting Static IP (due to DNS being very picky about this)
- Configure Proxy
- None
- Ubuntu Archive Mirror
- Done
- Guided storage configuration
- Done
- Continue
- Profile setup
- Your name:
Pihole Admin
(my choice) - Your server's name:
ubuntupihole
(this will be the hostname of this machine) - Pick a username:
piholeadmin
(you'll use this user to login) - Password: ___ (you'll use this to login)
- Your name:
- SSH Setup
- Recommended to turn on by pressing Spacebar and then Done.
- Featured Server Snaps
- Skip by pressing Done.
- Select Reboot
Connect to Ubuntu
Once the server restarts, you can access it on your network.
From another computer on same network, using your favorite SSH client (I use Putty for Windows):
- username/password
- piholeadmin/***
Change to root:
Install updates:
Install Pihole, with this command. (Source)
Installing Pihole
- Select OK 3 times
- Select Upstream DNS Provider
- Select Google (leave as is, we can change later)
- Select OK
- Press Ok for list of ads
- Press Ok for IPv4/IPv6
- Do you want to use your current network settings as a static address?
- You'll see 192.168.1.210/24 (IP that we setup previously for ubuntu)
- Select Yes
- Enter your desired IPv4 default gateway
- I use
192.168.1.1
(where my firewall is) and left it as is.
- I use
- Confirm static IP by selecting yes
- Do you wish to install the web admin interface?
- Select ok (of course)
- Do you wish to install the web server (lighttpd)?
- Select ok (of course)
- Do you wish to log queries?
- Select ok (of course)
- Select Privacy Mode:
- Default: Show Everything
- Select ok
- Installation complete
- It will show you the password you need to use to login
- Select Ok
Change default password
To change the default password, run command:
Pihole -a -p
Access Pihole dashboard
- Open Browser and type in:
http://192.168.1.210/admin/
- Login with your new Password
Test your Pihole to make sure it's working
- dashboard, Tools, Select Update Gravity, Select update
- This will run scripts to pull the ad-list from the internet and add to your Pihole.
- You'll see if it worked.
- As you can see, the default list of ads have 84,818 unique domains in the Gravity list (aka the Pihole blacklist)
note
None of these ad-lists block adult websites (porn). There are specific ad-lists to block those.
Now, re-configure your clients (or firewall) to use this Pihole's IP as the DNS server.
- All clients who use Pihole as the DNS server, will be under the protection of Pihole, meaning most advertisements will be blocked.
Customize the public DNS servers
The benefits of using multiple public DNS servers is redundancy.
- Dashboard, Settings, DNS Tab
- Enable Google (my recommendation)
- Enable Cloudflare (my recommendation)
Verify listening interface
- Under Interface listening behavior
- Select: Listen only on interface ens160
- Caution: If you set Listen on all interfaces, your Pihole won't work.
Add DNSSEC for added DNS security
- By default, Pihole doesnt enable DNSSEC.
- DNSSEC creates a secure domain name system by adding cryptographic signatures to existing DNS records.
- If you care about security and privacy, enable it.
- Dashboard, Settings, DNS Tab
- Enable Use DNSSEC
- Select Save
Ad-lists that are worth looking at
My recommendation is add lists from firebog.net. They have been around for several years and have a good community following.
My recommendations:
- If you're the type of user who just wants to set up Pihole and forget it, such that it works almost 100% of the time, and doesn't break any websites, which means you won't need to come back into Pihole to whitelist domains.
- If you're the type of user who wants the MORE protection/blocking of ads (than previously), and is SOMETIMES willing to come back into Pihole to whitelist domains when things are broken (meaning Pihole blocked something).
- If you're the type of user who wants the MAXIMUM protection/blocking of ads (than previously), and is ALWAYS willing to come back into Pihole to whitelist domains when things are broken (meaning Pihole blocked something).
caution
When I tried the maximum list, at least 5 things broke:
- Hotmail.com email account for mobile (unable to sync any emails)
- Evernote (completely down)
- Twitter (which blocked t.co and so any link on twitter were blocked)
- Skype partially broken (since one domain was blocked, I was unable to send/receive messages/pictures)
- One website's jquery scripts (which makes one website unusable)
As you can tell, you'll get several things broken, until you start to troubleshooting what things are broken, and then whitelist manually. I reverted back to tick list.
How to add more ad-lists to Pihole
- Let's say I chose the Firefog's ad-list:
- Open https://v.firebog.net/hosts/lists.php?type=tick
- Copy a url at a time (there are 34 lines)
- Pihole, Dashboard, Group Management, Ad-lists
- Address: Paste in one url at a time
- Pihole, Dashboard, Tools, Update Gravity
- Scroll down and you'll see how many got updated:
- 416,055 unique domains
- So your ad-list went from 84,818 to 416,055 domains (increased by 390%).
- Scroll down and you'll see how many got updated:
note
None of these ad-lists block adult websites (porn). There are specific ad-lists to block those.
Once you verified that everything is working, let's make a backup
- Backups are always good to have.
- Go to Settings, Teleporter, select Export (this will export ad-lists and your custom whitelists/blacklists)
Once a new version comes out, here's how to update Pihole
Pihole, terminal:
pihole -up