top of page

Shut your Pi-hole!



So I have a Raspberry Pi. Now what? My initial plan (as it was the reason for getting it in the first place) was to set up a Pi-hole (https://en.wikipedia.org/wiki/Pi-hole). I may discuss the installation / setup process at some later date, but it’s all well laid-out at https://pi-hole.net/ and other places.

For now, I’m more interested in how to describe it to people. As I have noted before, many people discussing technical issues either assume their audience has more familiarity with the material than they do, or act as if technology is some sort of esoteric art beyond the capacity of outsiders to understand. (Interestingly, this latter group often does not understand the material as well as they think, or as well as they want people to believe.)

I think this is all rubbish, of course. Someone who understands the material sufficiently well should be able to explain the concepts to any other reasonably well-informed person. The main drivers are the audience’s prior knowledge, their level of interest, and the the amount of time/effort they are willing to commit. I could probably write a book on this topic, but usually assume a “general public” level of familiarity and provide a high-level summary. I then ask if anyone has questions or want to dig into more detail before moving on. This approach is usually successful, as it provides a baseline for futher discussion, and does not implicitly insult the intelligence of the audience.

So, what IS a Pi-hole anyhow?

According to Wikipedia (https://en.wikipedia.org/wiki/Pi-hole), “Pi-hole is a Linux network-level advertisement and Internet tracker blocking application which acts as a DNS sinkhole and optionally a DHCP server, intended for use on a private network.”

Huh?

This is the sort of definition that makes sense to someone with a certain level of technical experience, and is almost unintelligible to someone non-technical, so I’d like to try and break it down a bit. (An ongoing theme which I find interesting is the difference between technical terminology used to precisely describe technical details of a system, and technical terminology used to confuse people or make one sound “smart” - one of my pet peeves.)

First, for anyone not familiar with the name, Linux is the common name for a computer operating system, comparable to Windows or Mac OS. Without getting into details, it is relatively uncommon for home computers, but very common for web and network systems. The current state, history, and evolution of computer operating systems are the subject of endless books and articles, but of limited interest to most people.

Ok, so it’s a program that runs on a network, and blocks advertisements and Internet trackers. In the context of the Pi-hole, the main take-away for me is that far too many of the ads presented automatically by web pages are malicious. (A lot of possible topics for future discussion here, including how Internet traffic is monetized, how our internet activity is tracked and used, and even the question of what we mean by privacy on the Internet. I find it interesting that there appears to be a shift in some areas away from ads embedded in pages, towards a sponsorship model, in which patrons support content creators directly.)

Next up! Wikipedia (https://en.wikipedia.org/wiki/DNS_sinkhole) describes a “DNS sinkhole” as “a DNS server that gives out a false result for a domain name.” Easy, right?

This is a question I find interesting. Most people seem to assume that everyone knows what “DNS” is, and how it works, but many of those people are wrong. It’s one of the key elements of the Internet, and most people who “understand” it are barely even scratching the surface. It’s also so complex that (honest) experts will freely admit that they only understand pieces of the puzzle.

So, what is it? At it’s most superficial level, DNS (Domain Name System) translates from a “domain name”, which can be described as a human-readable address, to an “IP address”, which identifies a specific server or device. This has two main advantages: First, it’s easier for humans to remember a site-name like “www.til-technology.com” than a numeric address like “127.0.0.1”. Second, this model lets us re-organize the underlying servers and other devices without needing to provide new addresses to everyone trying to connect to a site.

In practice, when you type an address like “www.til-technology.com” into a browser, the browser starts “calling” DNS servers until it finds one that “knows” the precise address for the site requested. So, with this in mind, a “DNS sinkhole” would sit between the browser and the DNS servers and respond with “fake” addresses that don’t go anywhere if a request comes for a site on its “block” list.

Nowadays, most websites call other sites for various reasons. Aside from ads, a web page might reach out for embedded content (eg, a Youtube video), traffic analysis, security tools, and a number of other things. The Pi-hole’s “block” list generally consists of lists of sites which are known to either be malicious, or to be one of the less-reputable ad networks. If a page tries to automatically access content from one of these sites, the Pi-hole will essentially ignore the request, while passing along “valid” requests as before.

The practical upshot is that most content from known ad networks or known malicious sources will not be loaded, which improves security and also improves site performance, as some of these ads are actually pretty big and time-consuming to load.

I’m going to pass on “DHCP server”, except to note that DHCP stands for “Dynamic Host Configuration Protocol” and is a tool to manage network configuration so that IP addresses can be assigned automatically to devices, rather than having to be assigned manually for each device.

Where does that leave us?

Original: “Pi-hole is a Linux network-level advertisement and Internet tracker blocking application which acts as a DNS sinkhole and optionally a DHCP server, intended for use on a private network.”

RG: “Pi-hole is a program which runs on a network, blocks ads and other unwanted content, and can be used to help manage a network.”

So, now that we know what it is, let’s go a little deeper. Once the Pi-hole was set up and configured, I updated the UDM Pro (UniFi Dream Machine Pro) – see https://www.til-technology.com/post/adventures-in-networking-iii-the-great-unboxing for more detail – to point to the Pi-hole. This means that DNS requests go to the Pi-hole first, without needing to make changes anywhere else – easy and convenient. I ran some tests to ensure that the “allow” and “block” lists work, but haven’t yet dug in much further than that.

Funny story – I used www.pmi.org (short, familiar, easy to remember) as a test case for the “block” list, but, er, forgot to remove it. A few weeks later, I was trying to log in and kept getting error messages – confusing and frustrating for a moment, until... oh, yeah. Right. Remove the “block” entry, and all is now well.

And finally, TIL that VPN traffic is not affected by the Pi-hole, as that traffic goes directly to the VPN service and uses their DNS infrastructure. Obvious in retrospect, but it didn’t initially occur to me. (I may discuss VPN as well at some future date, but not right now.)

Cheers!

11 views

תגובות


bottom of page