Ads? What Ads?
For the last month or so there has been a noticeable decrease in the number of ads appearing on our network. Why? I installed a Pi-hole.
Using the same Raspberry Pi Zero from my OpenVPN project, I installed a program called Pi-hole. This nifty piece of software shuttles ad requests into a black hole. It works by acting as a DNS server, identifying ad domains before they download, and dropping them.
What is DNS?
DNS stands for Domain Name System. From Sideways Dictionary:
"It's like a contact list on your mobile phone. You know your correspondents by their names but the contact list has telephone numbers and postal addresses. When you want to go to a particular website, you look up the site's name in the Domain Name lookup service and get back the Internet Protocol address of the destination."
Pi-hole maintains a list of millions of known ad domains. Whenever a request for one of those addresses comes through, it throws it away.
Steps to Follow
- Install Pi-hole
- Configure DNS settings on my router
- Update OpenVPN settings to route through Pi-hole
1. Install Pi-hole
Incredibly simple. One command:
curl -sSL https://install.pi-hole.net | bashThe script walks you through a few questions and then you're done. That's really it.
2. Configure DNS on the Router
Log into your router by entering its local IP address in a browser (usually 192.168.1.1). Navigate to the DHCP settings and set a static DNS pointing to your Pi's local IP address — in my case, 192.168.1.104. This routes all network DNS traffic through the Pi, stripping ads before they load.
3. Update OpenVPN to Use Pi-hole
OpenVPN defaults to using 8.8.8.8 (Google's DNS). I wanted to change that to my Pi-hole so VPN traffic also gets filtered.
Edit the OpenVPN server config:
sudo nano /etc/openvpn/server.confUpdate the dhcp-option DNS line to point to your Pi-hole's IP address.
Then create a new file in the dnsmasq config directory:
sudo nano /etc/dnsmasq.d/00-openvpn.confAdd the following line:
interface=tun0
This is the important part. By default, Pi-hole only listens on the eth0 interface (ethernet). The tun0 interface is the VPN's virtual tunnel. This file tells Pi-hole to also filter traffic coming through the VPN.
Why bother for the phone? Blocking ads while on cellular can save real data — potentially quite a few MB per month.
The Admin Interface
Pi-hole includes a web dashboard accessible from any browser on your local network. In my case: http://192.168.1.104/admin. From there you can view traffic stats, tweak the whitelist and blacklist, and watch the DNS requests roll in.
It's satisfying to watch the stats — you can clearly see the flat network activity while we sleep, and the spike when we pick up our phones in the morning.
Takeaways and Future Thoughts
Unexpected problems: Port 80. Pi-hole creates a small web server on port 80 for the admin console and for redirecting blocked requests. When I tried to set up a separate web server on the same Pi, it wouldn't work — Pi-hole had already claimed the port. For anything public-facing, HTTPS (port 443) is the right choice anyway, so this isn't a huge constraint.
Future concerns: Port 80 is unavailable for other uses on this Pi. For now that's fine.
Future enhancements: Use Pi-hole to monitor traffic and look for unusual spikes in DNS requests — a potential early indicator of malware or bots on the network.