Traffic Blocking with Pi-hole and Learning about DNS

One of the frustrating thing about being online these days is the obnoxious number of ads that litter each and every website. Some of these sites are so full of ads that it’s just impossible to get to the content.

Take a look at Yahoo Finance for example

Half the page is an ad.

There are worse offenders out there. Sites that greet you with a mess of loud, inconvenient ads before you can get to the content. It’s not just annoying; it pulls your focus away from what you came looking for in that website.

But this is just the tip of the iceberg. Then there are trackers.

A tracker is just a hidden script or request that reports your activity back to a third party. Most people think “tracking” means someone is watching their screen, but it’s much more mechanical than that. When you open an app or a website, your device often reaches out to domains you never typed in - like graph.facebook.com or settings.crashlytics.com.

Often these trackers sends,

• Your button clicks, idle state etc
• Your IP address, your device type, duration for which you were active

If an ad as something you see on the site. A tracker is meant for them to see you.

A few years back I was done with these annoying ads and trackers. Beyond being a nuisance, it was also eating away at my network bandwidth, and I wanted a solution.

I tried the usual ad-blockers, but they’re a pain because you have to install them on every single phone, tablet, and laptop. I didn’t want to manage a dozen apps. I wanted a “fix” for the whole house-something that stops the ads and trackers.

That’s when I found Pi-hole.

Setup

I first installed Pi-hole about four years ago on a Raspberry Pi 4B. Initially, it was just as a trial to see what kind of traffic was moving through my network. To route my network traffic through Pi-hole, I gave the Pi a static IP and set it as the DNS server for my router.

The static IP part of the configuration is important. Usually, the IP address you get from your router is “leased” - it’s reserved for a set time (e.g., 2 hours). If your device disconnects and the lease expires, that IP becomes available for any other device that joins the network. If your Raspberry Pi is configured as the DNS server for the router and it doesn’t get the same IP address back, your whole network stops working. Every device will be looking for a DNS server that isn’t there.

Next I added the websites I wanted to block in Pi-hole. Fortunately, the community has already compiled a list of the websites.

• https://github.com/blocklistproject/Lists
• https://github.com/StevenBlack/hosts

There are thousands of websites in the lists and you don’t have to add it one-by-one. You can subscribe to the list by adding the link directly in Pi-hole. Pi-hole will periodically check if these lists have been updated. When it gets updated, it’s automatically pulled and updated by Pi-hole.

The lists are not just for ads. You can use Pi-hole to filter out and block any website you don’t want in your network -

How it Works

To understand how all of this works, let’s first understand how a DNS (Domain Name System) server works. To put it simply, when you request a website like jerrymannel.me, your device asks a DNS server for the IP address of the server that serves jerrymannel.me. Once your device get’s the IP address, the request gets routed to the right server.

Most routers comes preconfigured with the DNS set to Google (8.8.8.8) or Cloudflare (1.1.1.1), or even the ISP’s (your internet service provider) own DNS server. So with the router in the picture this is how the request flows.

Pi-hole sits in the middle of this process. It uses upstream servers like Google (8.8.8.8) or Cloudflare (1.1.1.1) for legitimate requests.

But for any domain that is blocked, Pi-hole creates a DNS Sinkhole. This means that the DNS resolution returns 0.0.0.0. By resolving DNS queries to 0.0.0.0, the request just fails. The request never leaves your network.

Simple blocking isn’t enough

You might think blocking facebook.com is enough to stop Meta from pushing ads to you or even tracking you. It isn’t. Sites like Facebook and Google use a massive distributed network to serve ads and track activity across the web, even if you don’t visit their main website.

To block Meta completely, you have to block over 22,000 domains. Thankfully the links I shared above has the complete list.

And it’s not just the community-maintained lists, you also have the option of adding your own custom lists. Whether you want to block a specific set of sites or just have a very niche list of domains you want to keep off your network, Pi-hole allows you to manually import and manage them alongside the global defaults.

My network stats

After running this for a while, the difference is night and day. Here’s how Yahoo Finance and The Times of India looks like in my network these dsys.

Another interesting thing I noticed was that the smart-devices on my network become incredibly active once the house goes quiet at night. They wait for traffic to reduce on my network, to start connecting to their tracking servers. Here’s an old screenshot from 2022.

These days on an average approximately 30% of my DNS queries are blocked.

Additional configuration

• I have made Pi-hole as my DHCP server. This way I know when a new device joins my network and how many devices are connected at any given time.

• My Home Assistant dashboard pulls stats from Pi-Hole and displays it

Links

A few links for you to explore.

• Pi-hole - https://Pi-hole.net/
• Raspberry Pi 4B - https://www.raspberrypi.com/products/raspberry-pi-4-model-b/
• DHCP server - https://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol
• Home Assistant - https://www.home-assistant.io/
• DNS server
  • https://www.cloudflare.com/learning/dns/what-is-a-dns-server/
  • https://en.wikipedia.org/wiki/Domain_Name_System
• Block lists
  • https://github.com/blocklistproject/Lists
  • https://github.com/StevenBlack/hosts

./J