I’ve been aware of pi-hole for a while now, but never bothered with it because I do most web browsing on a laptop where browser extensions like uBlock origin are good enough. However, with multiple streaming services starting to insert adds into my paid subscriptions, I’m looking to upgrade to a network blocker that will also cover the apps on my smart TV.
I run most of my self hosted services on a proxmox server, so I’d like something that’ll run as an LXC container or a VM. I’m also vaguely aware that various competing applications have come out since pi-hole first gained popularity. Is pi-hole still the best thing going, or are there better options?
pihole is mature and very functional. i jumped in last summer, no regrets.
AdGuard Home and blocky are other popular options. I switched over to AdGuard Home a while back because it supported DNS over HTTPS although I’m not sure if that’s still a relevant reason. I run AGH as a docker container but it is easy to run in a LXC or VM. There’s also a tool to sync configs if you need multiple instances. Notice: AGH block lists are formatted like uBlock Origin lists so you will not be able to use PiHole style lists.
DNS based ad blockers won’t work when ads are served from the same place as the content. Which is why DNS based ad blockers don’t work against Twitch or YouTube. So YMMV.
If you’re looking to block interface ads and select streaming service ads there are block lists available like this one. The game with smart TVs is blocking the ads breaks the TV a little because sometimes it calls back to the same servers for updates and misc info like weather.
Pi-hole is great, but unfortunately ads in YouTube or other streaming services is not one of the things it blocks.
Glad I read this - all my other devices block ads perfectly well already, but was wondering if I could block YouTube ads on my Apple TV… I guess not!
If you’re comfortable self hosting you can use isponsorblocktv to block ads/sponsorship on YouTube on AppleTv and various smart TVs. I use this + Pi-Hole https://github.com/dmunozv04/iSponsorBlockTV
Your best bet is getting a platform your can sideload apps onto and running SmartTube
Not sure of any downside yet but setting your country to Albania via vpn removes all YouTube ads on Apple TV. Was just informed of this yesterday and as mentioned there may be reasons to not do this.
I wonder why we don’t have AI browser extensions that can recognise and obscure possible ads / unwanted content yet
Because the AI isn’t needed, and would be computationally expensive.
Extensions like ublock origin and sponsorblock work just fine.
Simple: That would be the opposite of making money for companies
PiHole and similar services just use DNS blocking, which only works if the ads are served via a third-party ad server. Sites with their own ad inventory (YouTube, Facebook, Twitter, etc) can’t be blocked this way since they can just serve the ads from the same domain as their regular content.
Removed by mod
I have the LCARS theme for my HomeAssistant, which takes telemetry from PiHole.
Now we just need a locally hosted voice assistant with “computer” as the wake word.
That is completely possible right now.
Removed by mod
The complicated one, ha-lcars. It takes a while to get things looking good - looks like total trash out of the box, actually.
Could you share a screenshot of your final result?
I’ve only got one interface done at the moment:
I enjoy that it reminds me of a Star Trek console.
Probably by design but all the same.
That’s what LCARS means, it’s the name of the computer console in Star Trek. In the show, it stands for “Library Computer Access and Retrieval System” although it’s often used for stuff other than the library computer too.
Oh yeah, that looks much better than any of the included themes. Nice work!
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters DNS Domain Name Service/System HTTP Hypertext Transfer Protocol, the Web HTTPS HTTP over SSL IP Internet Protocol IoT Internet of Things for device controllers LXC Linux Containers PiHole Network-wide ad-blocker (DNS sinkhole) SSL Secure Sockets Layer, for transparent encryption VPN Virtual Private Network
7 acronyms in this thread; the most compressed thread commented on today has 5 acronyms.
[Thread #431 for this sub, first seen 15th Jan 2024, 23:55] [FAQ] [Full list] [Contact] [Source code]
NextDNS.
Also, be wary of relying on anything blocking ads on streaming services this way. They will likely serve them within the video stream, so not network-blockable.
NextDNS caps your queries per month on the free account. ControlD doesn’t and you can pick a various mix of their public DNS resolvers. You don’t necessarily get the granular control with doing it this way for free that you can get with NextDNS though.
If you do check out these, make sure you click the Secure Resolvers if you’d prefer for DLS/DOQ/DNS over HTTPS instead of Legacy.
It’s like $20 year, not everything good can be free.
I run pihole and my wireguard VPN server locks all queries through it, which in turn uses unbound and queries via different providers like Cisco’s OpenDNS, Cloudflare and Quad9. However, I wanted to present a similar offering that also has a free-tier without a query cap for people interested.
Your „free“ option just requires buying hardware that enables all of it and an intensive setup process and knowledge which might be quite time consuming.
It may be a good solution but it’s far from free for many people.
The free solution I was referring to was my comment about using ControlD, which certainly offers a free service…which is the comment that the other person was responding to.
Two things:
- A free solution was already being talked about.
- You can easily run pihole/adguard home on $20 hardware by following basic tutorials. It’s far from complex.
I’m also a fan of NextDNS. Have an unbound instance querying it.
Adguard-home is way better than pi-hole imo
Pihole user for more than 5 years,.can confirm that it is indeed better, made the switch few months ago
What makes adguard home better than pihole? Genuinely curious, I’m running pihole now and have been for a couple of years without issues.
Replied here https://sh.itjust.works/comment/7637726
What makes it better other than the UI? I’m weary of using it because it is developed by Russian developers.
Encryption, UI, probably a little bit more serious development
But encryption is a big thing, DoT, DoH, Quic. And soon they will have ECH
Just wanted to chime in and say that with a pihole you can also have encryption if you point to a local resolver like
cloudflaredorunbound.My pihole forwards everything to a
cloudflaredservice running on 127.0.0.1:5353 to encrypt all my outgoing DNS queries, it was really easy to setup: https://docs.pi-hole.net/guides/dns/cloudflared/Hold on, this is not the same encryption
The encryption i was talking about is the encryption of your dns server
The article you sent is talking about upstream dns server encryption
The encryption i was talking about is the encryption of your dns server
You mean encryption between the client and your DNS server, on your local network?
You can do it on your local network, but this won’t make much sense
I mean encryption between your phone or laptop outside of your house, and your dns server at your house
That’s a bunch of extra manual work though - both the initial setup, plus keeping the extra software packages up-to-date. With AdGuard Home, it’s already configured to use DoH by default.
That’s cool for certain applications but on my home network should I really be super concerned about DNS encryption?
Not within the network, but translating regular dns to DoH before heading out to WAN keeps your browsing a little bit more private from your isp. Marginal, but it is a difference.
It’s not just a little bit more private… It’s a lot more private. Some ISPs have been known to build advertising profiles using DNS data. It’s trivial for them to see all DNS lookups and even modify the responses, since it’s both unencrypted and unauthenticated by default.
Probably not, but anyway it’s pretty cool to have an option to do this kind of stuff
You can set up this dns on your phone, laptop, without a need of vpn (although vpns are cool, especially tailscale)
But, are you always connected to the vpn? Or even to connect to the vpn itself you probably need dns, why would not use your own
As an AdGuard home user for more than a few years, I switched back to Pihole because it wasn’t really any better. It was also easier to pair pihole with Unbound.
Plus it’s easy to run multiple AdGuard Home servers and keep them in sync using https://github.com/bakito/adguardhome-sync
Oh, oh, oh, gimme that!!
First time i hear about something like that, i’m going to install it asap
It works well! I have one AdGuardHome instance running on my home server and one running on a Raspberry Pi, both using Docker. Having two prevents the internet from breaking in case I have to shut down one of them for some reason.
Pi-Hole’s great. Got my primary instance on a Pi 4 and three secondaries (one per vlan) on LXCs. Works so well it feels weird seeing ads when I’m not at home, I’m actually considering using Tailscale to route all my queries through my home connection.
I second that, turns out 90% of the queries on my network come from my Libratone speakers and they seem to desperately try and reach China (.com.cn)
I do this and it works great. Ad block on all my devices regardless of proprietary sandboxes. I also use Syncthing over my tailnet IP addresses so that traffic never leaves my “grounds”. I’m slowly building out a whole suite of services I host only within my tailnet, jellyfin, calibre, invidious, it been a great learning experience. I’m about to set up a proper home lab, finally moving everything off an old laptop.
Hint: you don’t need to route all your traffic through your VPN to make use of the pihole adblocking: Just DNS. If your at home internet is even moderately stable/good then this should barely affect your roaming internet experience, since DNS traffic is such a small part of all traffic.
Also, since I’m already mirroring the configuration of my PiHole instance to a secondary one, I’m considering putting a tertiary one on some forever-free cloud server instance and just using that when not at home (put it into the same wireguard vpn to prevent security nightmares). That way my roaming private DNS wouldn’t even depend on my home internet.
I use both. Pi-hole running in a docker container on one of my home servers which my gateway is configured to assign as the default DNS for all clients, and uBlock Origin on all my browsers to catch everything else.
Pihole is pretty good at catching ads on platforms that are not suited to browser based blockers (IoT devices, streaming boxes etc) but it isn’t perfect and is best used in conjunction with another solution.
DNS based ad blocking does not block video ads served by streaming services. You’ll need a modified client specific to the service you want to block ads for to achieve that.
If you are more into a full DNS solution that can also block Technitium DNS is a reasonable choice. It is fairly userfriendly, can be run in an LXC easily (I am doing exactly that), able to use multiple block lists in any combination you want, can be controlled by an API, is regularly updated,etc.
I couldn’t be happier with it, even though the learning curve is somewhat steep, when you are new to DNS. It is a fully fledged DNS server after all.
Adguard home is like pihole, but has built in encrypted DNS options. For easy mode NextDNS.
They pretty much all have the same block lists to choose from.
I use 2 cloudflare containers that the pihole points to. That gives me DNS over https but it’s more of a mission to set up.
I run pihole on proxomox, and also opnsense in the same box. Then you can forward all port 53 traffic to your pihole. Some devices have hard-coded DNS that will bypass the DHCP DNS.
Some chromecasts stop working when you do that.
Chuck 'em in the garbage and get something that doesn’t break when you insist on privacy.
Ha! This is my new way of looking at my smart devices. I’ll sell you off if you don’t do what I want, and buy something that does. Very much a threat.
I recently factory reset all my Roku TVs, and didn’t connect them to the internet… and they work much better now.
Roku broke big time when I insisted on privacy. blocked the entire Roku domain, it broke the apps on a 1-month schedule like clockwork to get the network release for reinstall which allowed for phone home. lol no. I trashed it. They are dumb TVs now.
I’ve done the same! It’s impossible to buy dumb TVs nowadays, but you can always prevent them from connecting to the network.
Really? I run several Chromecasts, and I block their access to all DNS services except my internal Pi-holes. They work just fine.
Yeah, I don’t know if it’s all models, but the ultras do at least.
https://www.reddit.com/r/Chromecast/comments/pmt4cw/chromecast_ultra_just_updated_and_now_wont_work/
Ah - I only have the Chromecast GTVs. Good to know I don’t need to pay for an upgrade then!
It’s probably not blocking DNS-over-HTTPS
Lol - not my first rodeo. I’m blocking dns.google as well, and I’m 99.999% certain Google won’t have coded Chromecasts to use anyone else’s DNS servers.
I am very happy with Blocky https://github.com/0xERR0R/blocky
No UI, just a simply config file if that is your thing.
There’s nothing really bad with PiHole but I moved from it to AdGuard, both on proxmox. The UI brought me in, makes management a bit easier. It also supports DoH right out of the box.
Try em both. See what you think.
