I ordered a Raspberry Pi 5 so I have a Pi 3 that’s about to be redundant. I haven’t used Pi-Hole so I was thinking it’d be good for that but I’m curious if there’s any downsides for users. Are sites blocked if you dont whitelist them? That sort of thing.
Basically, I’m not worried about me having issues but I’m worried about a maintenance headache if friends and family can’t access things.
Been running it 7 years with a combined adlist of 1,089,320 domains.
It’s really rare that I run into a site that won’t load or function correctly (like once maybe twice a year). The most noticeable really is the ad results in Google, but I’ve moved away from that to DuckDuckGo anyway.
In the few cases that you do want to use a blocked doman; you can open pihole and either whitelist the domain with one click right out the query log, or disable pihole blocking entirely for 5sec-30min with one or two clicks.
If you really want to, you can group clients and adlists so some clients have much stricter blocking than others do. You can even leave some devices completely free of blocking while still using pihole to log their traffic.
By far one of the noisiest blocked domains is Nvidias driver telemetry. If you don’t strip it out using NVSlimmer, it’ll constantly retry its phone home, spamming the pihole with dns requests (not enough that it can’t handle, but enough that it’s VERY noticeable in the dashboard)
Could you point me at where to find a list of domains for Nvidia telemetry?
events.gfe.nvidia.com is the main one that gets spammed if it fails.
Just use NVSlimmer to strip it out entirely. (grab that and the latest driver package from Nvidia, repeat for updates)
Does a similar utility exist for Linux, though?
On my Windows system I’m using NV Cleanstall to prevent installing telemetry and other unnecessary bits in the first place. Quite the nice tool as well
Not that I’m aware of, but I haven’t looked for one either.
I manually added a handful of domains, and not a single one of them has been pinged so far. We’ll see
About two years ago I played a shitty mobile game called Idle Miner Tycoon and its pseudo-multiplayer system wouldn’t work. It turns out that Pi-hole was blocking a domain the game used. While I did whitelist the domains I ended up not playing the game anymore.
I’m using AdGuard, which is pretty similar. I had issues with my Sonos speakers. The devices couldn’t find the speakers until I set a few servers on the whitelist.
Apart from that, all’s good.
Good, Sonos is shit anyway.
Why would a speaker even need an app in order to be configured when a webapp should be fine? And why would that app need GPS location data in order to do so? It is on my network, it should just find the devices on my network. I don’t need to be able to access it when I am on the other side of the world. It is a speaker.
And most importantly, why would the app on the computer have LESS functionality than the mobile app?
Sonos is the embodiment of enshittification.
Any alternatives you could suggest?
The speaker I have sounds great, but I agree the software is utter garbage.
Yes, but first go check which list you want to use since they’re a good starting point to understand a kind of level of tolerance and expectations around your experience.
There’s lots of lists around here’s a small sample:
https://arstech.net/pi-hole-blocking-lists-2023/Be prepared for a bump in time outs as you work through things you might need (I blocked by accident a bunch of needed Microsoft services that I need to use during my job).
I haven’t edited my white list in months, maybe over a year. It’s going very well. I’ve been running pihole on ubuntu for more than 5 years as two virtual machines. I’m happy.
I can’t think of any problems I’ve faced in over 3 years. I have an app on my phone that I can use to temporarily disable my Pi-hole if I need to do some testing, but I don’t know if I’ve ever had a situation where the Pi-hole was the source of a problem. Definitely not a maintenance headache. I run an update on it every now and then, but only because I see a notification that there is one, not because there’s something going wrong.
Depending on how you configure it you can run into issues with sites and apps that use trackers.
My most frequent issue is that links created through an email service provider like ConvertKit will get blocked by PiHole.
I’m a small business owner and so I get a lot of other people’s newsletters, on purpose. I like seeing what mentors and colleagues are doing with their businesses. But a link to their website, a blog post, anything really will almost always be blocked by PiHole if it’s sent via an ESP. This kind of “tracking” (email clicks from a small biz I know and trust) is something I am totally fine with.
It’s easy to disable for 1 minute to click through, but sometimes I forget that the PiHole is active and I can’t figure out why the links aren’t working.
For things like that, ie tracking that you’re ok with; just take a look at which domain is being linked to in the email and add them to your piholes whitelist. You may have to do this a few times as you discover new ESPs but pretty soon you’ll have a good list of them and won’t see them blocked anymore.
Better than having to remember to disable the whole pihole every time.
I don’t manage our PiHole, so easier said than done. I’m the non tech spouse (although not clicking ads or on TikTok all day, lol) but I can’t bug my spouse in the middle of the day to whitelist something for me. I can easily disable it myself and it takes 10 seconds. I could learn how to whitelist, but TBH I have enough tech to keep up with for the business already.
Only if you like watching commercials on paramount +
My gf likes to click on ad entries of Google searches - that doesn’t work
That’s a feature, not a bug.
I know and I tell her that, too - it’s just something to consider when calculating the wife approval factor
Well, tell her that these ads can and often do contain malware, and as of recent have become even better at faking the real URL of a supposed service.
DNS blocking is heavily dependent on the blocklist(s) you use. It’s entirely possible to block >95% of crapware, and break companies’ ability to track you without compromising usability.
Having used both for a lot of years, I’d say look instead at AdGuard Home. It is also FOSS but supports more out of the box; including certificate management, the ability to use encrypted DNS both upstream and downstream without need for third party software (cloudflared), the ability to use adblock filter syntax (lists are 200k lines instead of 2 million lines, but actually block more), and so on. PiHole has some improvements pending in the next version, but it’s not there yet in comparison, imho.
I’d also strongly suggest you check out Hagezi’s DNS blocklists, as they’re pretty much set and forget. They’re intended to be used as your only block list, and do an excellent job (see testing in the Discussions on their GitHub). Use the Normal list if you don’t want to deal with false positives occasionally, and the Pro++ list if you don’t mind getting your hands dirty (whitelisting occasionally) and want to block every last scrap of annoyance and anti-privacy crapware on the web. Both will significantly improve your online experience.
Just added Hagezi to my little snitch mini blocklists, had no idea that existed. Thank you!
No problem!
Do you know the Hagezi lists compare to oisd.nl? The latter have also been great for me, with no false positive that I can remember.
Even Hagezi’s most basic list blocks a lot more than OISD, and still no false positives. See a comparison (run over the top 10,000 websites) here.
Thanks! I’ll try out the lists when I get the chance :)
“PiHole Browser Extension” in Firefox is great for temporarily suspending the Pi-hole altogether and automatically re,-enabling it after a set amount of time. It’s especially handy if you run multiple Pi-holes for redundancy.
I have a pihole, I love it. My wife hates it so much I made her her own Wi-Fi network on her own vlan that’s isolated from the rest of the network and uses Google dns. My wife likes to click ads and watch TikTok and all that shit is blocked on my network
… All you had to do is create a group in the pihole, set it to bypass the filters using a ‘*’ whitelist entry, then assign any devices you want to bypass pihole to that group.
But then TikTok would be on my vlan….no….
That person is suspicious that the rogue device without adblocking is going to poison the whole network.
I won’t speak to the wisdom of that, but I’m going to imagine that’s what the issue with your suggestion is.
Lmao, LAN mesh network to distribute ads? That’s a bit intense…
I am a big fan of the idea that by doing this the OC is effectively the ad-distributor in this scenario…
Depends on what lists you add to pihole (or adguard).
The default lists for both are primarily advert or tracking related, and very safe to keep. The only time I whitelist is when I’m following some kind of shopping deal that uses a tracker. Most linux related things are free from that.
Just make sure you have port 53 and 80 open. I recently had some problems myself trying to get Pi-Hole up and running. I already had dnsmasq taking up port 53 for a wifi hotspot, which conflicts with Pi-Hole’s own DNS. Aside from that, hosting any websites can also conflict with Pi-Hole’s frontend.
If you aren’t using your Pi 3 for anything yet then I already assume this shouldn’t be a problem though.
Good luck and have fun setting up your Pi-Hole!
You’ll have to whitelist some Microsoft domains if you want to get achievements working for games that use a Microsoft account.
