Something Something PiHole

So I'm sure you're familiar with adblockers; in short, you install a plugin on your browser / phone and then when you visit the web it'll run in the background and block any request to a list of domains.

There is a drawback to this approach however, the app / browser that you're using has to support the adblocker and this isn't always the case, in fact many apps can inject banner ads even if you use an adblocker.

A simplified flow may look something like this:

  1. Visit a website, say techradar.com
  2. Page loads (along with a load of JavaScript) which begins to request ads
  3. Each request is first run through the adblocker
    • if found on blacklist, request is blocked (in Safari you can see this in the console as Reasource blocked by content blocker)
    • else request is made allowed through

So the flow above really only cares about two things; the blacklist of domains and the domain being requested.

At the application level this is possible with extensions, but what about the network level?

Shut your PiHole

In short PiHole takes the idea of the adblocker and applies it to the whole network. Like before it uses the two basic ideas of a blacklist and the requested domain, only this time it's doing it at the point the DNS lookup is done.

Quick aside on DNS (Domain Name System). Essentially it connects readable website addresses like blog.barnettjones.com with their IP address which computers and ISPs use to talk across the internet.

For example:

$ nslookup mbarnettjones.com
Server:       194.168.4.100
Address:  194.168.4.100#53

Non-authoritative answer:
Name: mbarnettjones.com
Address: 130.211.93.80

Here the command nslookup can be query the DNS for the IP address behind it. (You may find a different IP address is returned if you run the same command)

This is all happening on your local network with zero effort / setup from you, it's simply the way we expect the internet to work. In fact the Hub / Wifi Router you're using to connect to the internet is usually processing the DNS lookups for you (or at the very least, dictating the DNS server your networked devices are using).

I'll leave DNS there for the moment but for more info on DNS check out this awesome guide by the folks over at Mozilla.

My Network, MY DNS

As it's your home network you're free to do what you please with it. With a Raspberry Pi you can build a new DNS server which can be used like an adblocker. There's a program dnsmasq which runs on Linux and powers DNS lookups, but it would be a very manaual process to go through and maintain a blacklist and configure that yourself. Enter Pihole.

Building on dnsmasq, PiHole manages your DNS and maintains the blacklist of ad domains in oder to block those requests.

How does it work?

Well, above when nslookup was run against mbarnettjones.com it returned an IP address, in order to block a request to a blacklisted domain it can simply returns nothing:

$ nslookup logs-01.loggly.com
Server:     192.168.0.100
Address:    192.168.0.100#53

Name:   logs-01.loggly.com
Address: 0.0.0.0

The important part of that nslookup is the 0.0.0.0 that is returned for the Adddress. Because 0.0.0.0 doesn't point to a real server the page / app that's trying to request content from that domain simply cannot.

Now there's a lot more to dig into with PiHole so i think I will do a follow up post about how I'm gettin gon with it. But it's certianly worth a go if you're also annoyed by the amount of ads you're faced with on the daily, plus more people are talking about it now than ever before so there's never been a better time to get your hands dirty and get involved.

First appeared on Trusty Interior, last update 15 Mar 2019