I set up pi-hole recently after hearing about it for years. I was kind of surprised at a lack of really basic features (imo):
There isn't any kind of "dry run" or "phantom" mode, where requests are not actually blocked, but appear marked in the log UI as "would be blocked". This is super important because I want to see all the things my home network is doing that would be blocked before I actually hit the big red button. I want to fix up the allow/denylist before going live.
It's also not possible (or not clear) how to have different behavior for different clients. For my "smart tv" which I begrudgingly have to allow on my network occasionally for software updates, I want to treat it with the strictest possible list. But for my phone, I don't want that same list. There's a concept of "groups" so perhaps this is user error on my part, but the UI does not make this clear.
I've been using AdGuard Home, which does pretty much the same thing, but is slightly better polished, with things like support for DoH and OSs other than Linux.
Pi-hole is such a great tool. I've been running it for a few years on a raspberry pi zero, and am constantly astonished by the sheer amount of cruft it blocks for me.
Congratulations to the team for the release - happy to support you via Patreon!
Pi-hole is a killer application and I've loved it since I got it setup. One other app I highly recommend to run on your Pi in addition to Pi-hole is Nginx Proxy Manager[1].
> The web interface has been completely overhauled with settings split into Basic and Expert modes. This allows users to customize their experience based on their comfort level and needs.
This sounds helpful for setting up a Pi-Hole for family or friends that aren't DNS admins by day.
I run my PiHole on a small cloud VM that I use for several projects, but put it behind a VPN that's configured to only forward DNS lookups, then VPN into it from my phone. So many advantages behind this setup.
- Since only DNS lookups are tunneled, I don't have to worry about tunneling ALL my traffic and paying egress fees
- Blocks ads in ALL apps, not just my browser
- If it's acting up, I can just disconnect from the VPN to disable PiHoling
- Don't have to expose my home IP address and open a port for the world to start banging on
I make these suggestion during all conversations about PiHoles:
Use Class A2 SDmicro cards (they'll last significantly longer... particularly if you keep logs). There are additional 3rd-party installations which can write into RAM, but IMHO it's easier for most new users to just buy better NANDs.
Set up more than one physical Raspberry Pi, running multiple versions of PiHole software on multiple IP addresses.
Have your main DHCP router auto-issue DNS information for your "most permissive" PiHole, with a minimal list of choice URL-blocks (e.g. pagead2.* , doubleclick). Individual clients can then manually change DNS server to 2nd (3rd... 4th...) PiHole(s) which are each more-restrictive.
This allows non-technical users to still browse somewhat ad-free, but also won't block banking/govt/etc for novices. As a failsafe, teach users to enter your router's IP as DNS x.x.x.1 [should they ever need to bypass local filtering, entirely].
I use sequential IP addresses [192.168.0.6, x.x.x.7, x.x.x.8, x.x.x.9] so it's easier to explain/teach my networks ad-blocking capabilities. YES, I understand that Pi-Hole allows different clients to follow different rulesets, but if you can afford to buy redundant hardware it's just so much easier to change the client DNS server information when a specific website isn't working correctly [due to erroneously blocked host].
Does anyone know if pihole is ever going to add DoH or similar support natively? I've had such troubles with cloudflared awhile back that I gave up on DoH, but would love to encrypt those queries.
In my experience Pi hole is a very worthwhile investment. People who used my internet when I had one would remark how much faster it was. Everything in general seems faster, even things that you wouldn't think of. I typically use Brave for browsing which has good ad blocking capabilities, but this adds a whole additional layer.
The only reason I don't use one now is that I travel a lot more so it's irrelevant, and I have to work enough on tools with Google/Vercel/other analytics that it is just very inconvenient.
Regarding smart TVs, I have found that it's better to just use an Apple TV or Kodi box and never connect to them internet though. Having said, I gave my TV away because I never used it, so this might not be as up to date. A Pi hole will block ads on smart TVs though.
I checked that Pi-Hole can run on Raspberry pi zero as per the GitHub. But would you recommend to use Raspberry Pi 5 2 GB or 4 GB RAM instead of Raspberry Pi zero. I don't have any Raspberry Pi and I intend to make a new purchase.
Lots of great memories using Pi-hole and messing with RPi. I eventually ended up putting my devices on Tailscale and managing DNS through it, eventually using Mullvad VPN as the exit node.
Pretty good interface, and most people just have to connect using the app. Having a virtual network between devices with dedicated IPs is pretty nice too.
The big feature miss for me in this announcement is baked in support for configuration sync between servers. Redundant DNS is common and it would be nice if pi-hole supported this oob. Making it even better would be an ability to see stats across all synced servers from one location.
Slightly off topic, but it annoys me that protonvpn does not allow split tunnel of DNS to an internal host. It calls this DNS leak protection, which is a good default. But I want to run my own DNS server and I know what I'm doing, and the Proton GUI won't let me.
I do something similar to Pi-Hole using plain dnsmasq.
I use two old PINE64 (one with FreeBSD, one NetBSD to make it more fun), and the Ansible configuration downloads https://github.com/ShadowWhisperer/BlockLists and creates a file dnsmasq can use. Which lists from the repo to use is defined as a variable.
Works very well and I feel I can understand what is going on.
I've been waiting for this - I wanted to play around with blocking distractions on various rules, but controlling pi-hole remotely was a huge pain and often didn't work until now.
Not sure if this is the right place to ask, but I've got a semi-obscure DNS question.
I'd like to use Cloudflare's Zero Trust DNS filtering with DoH by running a DNS proxy on my network.
I can get this to work great with github.com/adguardTeam/dnsproxy (running on a Pi 4B) but what I would really like is to have different devices (based on their IP on the network) get their queries forwarded onto a different DoH upstream.
Have used pi hole for over 5 years and very happy with it. Most times I use it via phone to manage kids devices to block/unblock access etc and this also works quite well . Thank you very much
Ha! I bought a Pi5 as a Christmas present for myself, I've only done some basic setup and gotten sidetracked by other projects - but setting up pi-hole is near the top of my list of sh*t to get done
I wish pfblocker-ng was as easy to use and polished as pihole. It seems silly to run an extra DNS resolver if I'm already running one on pfsense, but the interface makes it tempting
if you are on openwrt i can recommend checking out unbound and adblock as alternatives (running directlly on your routers without the need of a raspberry pi)
Pi-hole v6
(pi-hole.net)561 points by tkuraku 18 February 2025 | 298 comments
Comments
There isn't any kind of "dry run" or "phantom" mode, where requests are not actually blocked, but appear marked in the log UI as "would be blocked". This is super important because I want to see all the things my home network is doing that would be blocked before I actually hit the big red button. I want to fix up the allow/denylist before going live.
It's also not possible (or not clear) how to have different behavior for different clients. For my "smart tv" which I begrudgingly have to allow on my network occasionally for software updates, I want to treat it with the strictest possible list. But for my phone, I don't want that same list. There's a concept of "groups" so perhaps this is user error on my part, but the UI does not make this clear.
https://github.com/AdguardTeam/AdGuardHome
Congratulations to the team for the release - happy to support you via Patreon!
[1]: https://nginxproxymanager.com/
I have some scripts to sync config between them and a Jenkins job if I want to pause blocking on them for a bit.
It looks like https://github.com/mattwebbio/orbital-sync and https://github.com/lovelaze/nebula-sync can sync configs with Pi-hole 6 now, but it’s quite a bit of code for what looks like just a few HTTP requests to get the config from one using the teleporter feature, then restore it on the others using the same.
This sounds helpful for setting up a Pi-Hole for family or friends that aren't DNS admins by day.
I run my PiHole on a small cloud VM that I use for several projects, but put it behind a VPN that's configured to only forward DNS lookups, then VPN into it from my phone. So many advantages behind this setup.
- Since only DNS lookups are tunneled, I don't have to worry about tunneling ALL my traffic and paying egress fees
- Blocks ads in ALL apps, not just my browser
- If it's acting up, I can just disconnect from the VPN to disable PiHoling
- Don't have to expose my home IP address and open a port for the world to start banging on
Use Class A2 SDmicro cards (they'll last significantly longer... particularly if you keep logs). There are additional 3rd-party installations which can write into RAM, but IMHO it's easier for most new users to just buy better NANDs.
Set up more than one physical Raspberry Pi, running multiple versions of PiHole software on multiple IP addresses.
Have your main DHCP router auto-issue DNS information for your "most permissive" PiHole, with a minimal list of choice URL-blocks (e.g. pagead2.* , doubleclick). Individual clients can then manually change DNS server to 2nd (3rd... 4th...) PiHole(s) which are each more-restrictive.
This allows non-technical users to still browse somewhat ad-free, but also won't block banking/govt/etc for novices. As a failsafe, teach users to enter your router's IP as DNS x.x.x.1 [should they ever need to bypass local filtering, entirely].
I use sequential IP addresses [192.168.0.6, x.x.x.7, x.x.x.8, x.x.x.9] so it's easier to explain/teach my networks ad-blocking capabilities. YES, I understand that Pi-Hole allows different clients to follow different rulesets, but if you can afford to buy redundant hardware it's just so much easier to change the client DNS server information when a specific website isn't working correctly [due to erroneously blocked host].
we block all meta and X properties from our home network, also ads
and it's self hosted on our own metal
it's a wonderful life
The only reason I don't use one now is that I travel a lot more so it's irrelevant, and I have to work enough on tools with Google/Vercel/other analytics that it is just very inconvenient.
Regarding smart TVs, I have found that it's better to just use an Apple TV or Kodi box and never connect to them internet though. Having said, I gave my TV away because I never used it, so this might not be as up to date. A Pi hole will block ads on smart TVs though.
I checked that Pi-Hole can run on Raspberry pi zero as per the GitHub. But would you recommend to use Raspberry Pi 5 2 GB or 4 GB RAM instead of Raspberry Pi zero. I don't have any Raspberry Pi and I intend to make a new purchase.
Pretty good interface, and most people just have to connect using the app. Having a virtual network between devices with dedicated IPs is pretty nice too.
I use two old PINE64 (one with FreeBSD, one NetBSD to make it more fun), and the Ansible configuration downloads https://github.com/ShadowWhisperer/BlockLists and creates a file dnsmasq can use. Which lists from the repo to use is defined as a variable.
Works very well and I feel I can understand what is going on.
I've been waiting for this - I wanted to play around with blocking distractions on various rules, but controlling pi-hole remotely was a huge pain and often didn't work until now.
I'd like to use Cloudflare's Zero Trust DNS filtering with DoH by running a DNS proxy on my network.
I can get this to work great with github.com/adguardTeam/dnsproxy (running on a Pi 4B) but what I would really like is to have different devices (based on their IP on the network) get their queries forwarded onto a different DoH upstream.
Is this possible in a simple way?
oh noes!
Any details on what HTTPS support provides, other than a TLS connection to the admin dashboard?
That’s why I switched to affairs home but wouldn’t mind switching back
I wish pihole or adguard would add support for change DNS records based on the query subnet. I believe this is called DNS views.
That way my local devices and wireguard devices can get the correct IP for internal services.
I am using Pi-Hole for about 8 years and can't imagine a world without it.
Another big THANK YOU to all list maintainers out there. You're doing an incredibly useful service to the community.