So a little backstory. Most of you know that I do Network/Server admin as day job, mostly for small businesses, and ironically, usually we're freeing those businesses from MS Domains. That's not particularly relevant but it will make some other parts of the story more clear.
A while back I started having internet issues. Random connection drops and just general weirdness. I narrowed it down to the actual cabline, which is run outside the house and had been done 10 years ago. So I went all out, got some outdoor cat6 with high quality terminators (Metal), etc. Wired up the entire house and poolroom for 10gigabit. A while later I put in a business grade wired router with load balancing (if you happen to have multiple ISP's to draw from), some really high quality switches and a TP Link Wireless Mesh (The m5 one. Pretty great mesh and supports backhaul, so that's nifty).
Right around the time of doing some of the original cabling, net neutrality fell in the US and so I started trying to figure out what I should do. Anyway, fast forward to the other day... I have wanted to be able to use the router to hand out dns queries to another machine to then forward those queries to either a dns over tls or dns over https.
A few years ago I bought a pi model 3 b to play around with. They're a lot of fun. Somewhat useless, if you don't have a specific purpose in mind for them, but great for some fun here and there and learning about them. A few nights ago, I started thinking about my pi that was on a shelf collecting dust. My thinking was... Could a pi be used as a legit dns server? I had never investigated that possibility, and before i got very far, I ran across pihole. I was somewhat familiar with pihole already, to a small degree, but I was doing some research and found that with pihole + cloudflared I could have network wide adblocking (assuming devices are using the router issued dns address). But the thing that really tickled my biscuits was the fact that cloudflared allowed for queries to be sent via dns over https to cloudflare's dns servers, which are stupidly fast. Win!
Anyway, fast forward a few hours and I had it all set up. Added persistent vnc so that I could get into it if needed, and some other qol stuff.
I cannot explain how pleased I am with it. Because pihole caches dns queries, anything that has been queried before returns a dns query in about 0.233(ish)ms. Which in turn makes browsing feel incredibly responsive. As queries are being sent via https, I no longer have to worry about frontier doing something stupid and under the table (Based upon dns queries, which, if you look at pihole logs, you can get an alarmingly clear picture of someone based upon only their dns query history) (if you know about #murrikan ISPs, you are probably familiar with the fact that they are shady pieces of shit).
Also, the pihole stats are super interesting:
https://i.imgur.com/T58LS6i.png
So far, in the past couple of days, 54% of dns queries have effectively been garbage queries. That is freaking insane (what's also insane is the frequency and volume of queries to google analytics as opposed to any other domain)!
Anyway, the point of this post is that if you've been thinking about setting up a pihole yourself, I HIGHLY recommend it. Everything about it is great so far and I am loving it. It really isn't hard. Just make sure you're on the latest version of raspbian and as long as you can follow some simple directions, you should be fine. If you want to set up cloudflared so that you can have secure dns queries, there is documentation on the pihole knowledge base that covers it in a pretty foolproof manner.
PiHole + Cloudflared is awesome :-)
Moderator: Moderators
- Forboding Angel
- Evolution RTS Developer
- Posts: 14673
- Joined: 17 Nov 2005, 02:43
Re: PiHole + Cloudflared is awesome :-)
Yeah I use a pihole all the time. I have it on my raspberry pi and I point all devices to use it as dns server (unfortunately my router cannot be set up with external dns server).
It works great. Cuts off all youtube ads that nowadays also interrupt songs.
It works great. Cuts off all youtube ads that nowadays also interrupt songs.
Re: PiHole + Cloudflared is awesome :-)
I wish there were something to also prevent all updates. Those are the most annoying things today on the net:
i) ads
ii) software updates
i) ads
ii) software updates
Re: PiHole + Cloudflared is awesome :-)
A solution for those is to whitelist programs. The easiest OS-independent way of achieving that is to have browser access the net via an external proxy server while blocking all direct internet traffic. Of course the best is to use an OS where you can get all the stuff from the package manager.
- Silentwings
- Posts: 3720
- Joined: 25 Oct 2008, 00:23
Re: PiHole + Cloudflared is awesome :-)
I heard about one, it worked really well at the time but then it was never updated and it doesn't work anymore.I wish there were something to also prevent all updates.
- Forboding Angel
- Evolution RTS Developer
- Posts: 14673
- Joined: 17 Nov 2005, 02:43
Re: PiHole + Cloudflared is awesome :-)
As far as MS updates, you can block MS update servers, but blocking updates is a pretty horrible idea, even though they might be inconvenient.
- very_bad_soldier
- Posts: 1397
- Joined: 20 Feb 2007, 01:10
Re: PiHole + Cloudflared is awesome :-)
Quite sure you were always using DNS caching already. Your browser and also your OS should be doing it already. So I am surprised that you are experiencing such an incredible boost in responsiveness due to PiHole caching. Maybe in rare situations you can profit from Pihole cache when another machine in your network queried a hostname before.Forboding Angel wrote: ↑03 May 2019, 10:52 I cannot explain how pleased I am with it. Because pihole caches dns queries, anything that has been queried before returns a dns query in about 0.233(ish)ms. Which in turn makes browsing feel incredibly responsive. As queries are being sent via https
Let alone the fact that using HTTPS for DNS queries heavily *increases* DNS latency compared to plain UDP or TCP.
Also your blocking rate of about 50% is quite suspicious imo. You should check your machines for mailicous processes or bots. For me the blocking rate of Pihole is at around 1.5%. No idea what a good average is but 50% seems really high.
Re: PiHole + Cloudflared is awesome :-)
The boost likely comes from analytics and advertisements not loading.
Re: PiHole + Cloudflared is awesome :-)
if you block the ads of the websites you visit, aren't you hurting their revenues and long term sustainability?
- Forboding Angel
- Evolution RTS Developer
- Posts: 14673
- Joined: 17 Nov 2005, 02:43
Re: PiHole + Cloudflared is awesome :-)
@vbs, yes I'm aware, but here we have the benefit of all devices queries being cached instead of only my desktop/phone.
This is also something to consider:
Also, don't rule out the placebo effect.
I've already spent time looking over the logs. Nothing suspicious going on there. What I see is exactly what I would expect. *Shruggie*
@raaar, possibly. That said as far as YouTube creators go, I have YouTube red.
And yes, what thinksome said. I believe that the high percentage is due to analytics being blocked. The amount of queries to Google analytics is pretty insane. It dwarfs other domain requests by orders of magnitude.
This is also something to consider:
So having negative results cached for a longer period may be yielding results.By default, Windows stores positive responses in the DNS cache for 86,400 seconds (i.e., 1 day) and stores negative responses for 300 seconds (5 minutes).
Also, don't rule out the placebo effect.
I've already spent time looking over the logs. Nothing suspicious going on there. What I see is exactly what I would expect. *Shruggie*
@raaar, possibly. That said as far as YouTube creators go, I have YouTube red.
And yes, what thinksome said. I believe that the high percentage is due to analytics being blocked. The amount of queries to Google analytics is pretty insane. It dwarfs other domain requests by orders of magnitude.