PiHole + Cloudflared is awesome :-)
Posted: 03 May 2019, 10:52
So a little backstory. Most of you know that I do Network/Server admin as day job, mostly for small businesses, and ironically, usually we're freeing those businesses from MS Domains. That's not particularly relevant but it will make some other parts of the story more clear.
A while back I started having internet issues. Random connection drops and just general weirdness. I narrowed it down to the actual cabline, which is run outside the house and had been done 10 years ago. So I went all out, got some outdoor cat6 with high quality terminators (Metal), etc. Wired up the entire house and poolroom for 10gigabit. A while later I put in a business grade wired router with load balancing (if you happen to have multiple ISP's to draw from), some really high quality switches and a TP Link Wireless Mesh (The m5 one. Pretty great mesh and supports backhaul, so that's nifty).
Right around the time of doing some of the original cabling, net neutrality fell in the US and so I started trying to figure out what I should do. Anyway, fast forward to the other day... I have wanted to be able to use the router to hand out dns queries to another machine to then forward those queries to either a dns over tls or dns over https.
A few years ago I bought a pi model 3 b to play around with. They're a lot of fun. Somewhat useless, if you don't have a specific purpose in mind for them, but great for some fun here and there and learning about them. A few nights ago, I started thinking about my pi that was on a shelf collecting dust. My thinking was... Could a pi be used as a legit dns server? I had never investigated that possibility, and before i got very far, I ran across pihole. I was somewhat familiar with pihole already, to a small degree, but I was doing some research and found that with pihole + cloudflared I could have network wide adblocking (assuming devices are using the router issued dns address). But the thing that really tickled my biscuits was the fact that cloudflared allowed for queries to be sent via dns over https to cloudflare's dns servers, which are stupidly fast. Win!
Anyway, fast forward a few hours and I had it all set up. Added persistent vnc so that I could get into it if needed, and some other qol stuff.
I cannot explain how pleased I am with it. Because pihole caches dns queries, anything that has been queried before returns a dns query in about 0.233(ish)ms. Which in turn makes browsing feel incredibly responsive. As queries are being sent via https, I no longer have to worry about frontier doing something stupid and under the table (Based upon dns queries, which, if you look at pihole logs, you can get an alarmingly clear picture of someone based upon only their dns query history) (if you know about #murrikan ISPs, you are probably familiar with the fact that they are shady pieces of shit).
Also, the pihole stats are super interesting:
https://i.imgur.com/T58LS6i.png
So far, in the past couple of days, 54% of dns queries have effectively been garbage queries. That is freaking insane (what's also insane is the frequency and volume of queries to google analytics as opposed to any other domain)!
Anyway, the point of this post is that if you've been thinking about setting up a pihole yourself, I HIGHLY recommend it. Everything about it is great so far and I am loving it. It really isn't hard. Just make sure you're on the latest version of raspbian and as long as you can follow some simple directions, you should be fine. If you want to set up cloudflared so that you can have secure dns queries, there is documentation on the pihole knowledge base that covers it in a pretty foolproof manner.
A while back I started having internet issues. Random connection drops and just general weirdness. I narrowed it down to the actual cabline, which is run outside the house and had been done 10 years ago. So I went all out, got some outdoor cat6 with high quality terminators (Metal), etc. Wired up the entire house and poolroom for 10gigabit. A while later I put in a business grade wired router with load balancing (if you happen to have multiple ISP's to draw from), some really high quality switches and a TP Link Wireless Mesh (The m5 one. Pretty great mesh and supports backhaul, so that's nifty).
Right around the time of doing some of the original cabling, net neutrality fell in the US and so I started trying to figure out what I should do. Anyway, fast forward to the other day... I have wanted to be able to use the router to hand out dns queries to another machine to then forward those queries to either a dns over tls or dns over https.
A few years ago I bought a pi model 3 b to play around with. They're a lot of fun. Somewhat useless, if you don't have a specific purpose in mind for them, but great for some fun here and there and learning about them. A few nights ago, I started thinking about my pi that was on a shelf collecting dust. My thinking was... Could a pi be used as a legit dns server? I had never investigated that possibility, and before i got very far, I ran across pihole. I was somewhat familiar with pihole already, to a small degree, but I was doing some research and found that with pihole + cloudflared I could have network wide adblocking (assuming devices are using the router issued dns address). But the thing that really tickled my biscuits was the fact that cloudflared allowed for queries to be sent via dns over https to cloudflare's dns servers, which are stupidly fast. Win!
Anyway, fast forward a few hours and I had it all set up. Added persistent vnc so that I could get into it if needed, and some other qol stuff.
I cannot explain how pleased I am with it. Because pihole caches dns queries, anything that has been queried before returns a dns query in about 0.233(ish)ms. Which in turn makes browsing feel incredibly responsive. As queries are being sent via https, I no longer have to worry about frontier doing something stupid and under the table (Based upon dns queries, which, if you look at pihole logs, you can get an alarmingly clear picture of someone based upon only their dns query history) (if you know about #murrikan ISPs, you are probably familiar with the fact that they are shady pieces of shit).
Also, the pihole stats are super interesting:
https://i.imgur.com/T58LS6i.png
So far, in the past couple of days, 54% of dns queries have effectively been garbage queries. That is freaking insane (what's also insane is the frequency and volume of queries to google analytics as opposed to any other domain)!
Anyway, the point of this post is that if you've been thinking about setting up a pihole yourself, I HIGHLY recommend it. Everything about it is great so far and I am loving it. It really isn't hard. Just make sure you're on the latest version of raspbian and as long as you can follow some simple directions, you should be fine. If you want to set up cloudflared so that you can have secure dns queries, there is documentation on the pihole knowledge base that covers it in a pretty foolproof manner.