PiHole + Cloudflared is awesome :-)

PiHole + Cloudflared is awesome :-)

Post just about everything that isn't directly related to Spring here!

Moderator: Moderators

Post Reply
User avatar
Forboding Angel
Evolution RTS Developer
Posts: 14673
Joined: 17 Nov 2005, 02:43

PiHole + Cloudflared is awesome :-)

Post by Forboding Angel »

So a little backstory. Most of you know that I do Network/Server admin as day job, mostly for small businesses, and ironically, usually we're freeing those businesses from MS Domains. That's not particularly relevant but it will make some other parts of the story more clear.

A while back I started having internet issues. Random connection drops and just general weirdness. I narrowed it down to the actual cabline, which is run outside the house and had been done 10 years ago. So I went all out, got some outdoor cat6 with high quality terminators (Metal), etc. Wired up the entire house and poolroom for 10gigabit. A while later I put in a business grade wired router with load balancing (if you happen to have multiple ISP's to draw from), some really high quality switches and a TP Link Wireless Mesh (The m5 one. Pretty great mesh and supports backhaul, so that's nifty).

Right around the time of doing some of the original cabling, net neutrality fell in the US and so I started trying to figure out what I should do. Anyway, fast forward to the other day... I have wanted to be able to use the router to hand out dns queries to another machine to then forward those queries to either a dns over tls or dns over https.

A few years ago I bought a pi model 3 b to play around with. They're a lot of fun. Somewhat useless, if you don't have a specific purpose in mind for them, but great for some fun here and there and learning about them. A few nights ago, I started thinking about my pi that was on a shelf collecting dust. My thinking was... Could a pi be used as a legit dns server? I had never investigated that possibility, and before i got very far, I ran across pihole. I was somewhat familiar with pihole already, to a small degree, but I was doing some research and found that with pihole + cloudflared I could have network wide adblocking (assuming devices are using the router issued dns address). But the thing that really tickled my biscuits was the fact that cloudflared allowed for queries to be sent via dns over https to cloudflare's dns servers, which are stupidly fast. Win!

Anyway, fast forward a few hours and I had it all set up. Added persistent vnc so that I could get into it if needed, and some other qol stuff.

I cannot explain how pleased I am with it. Because pihole caches dns queries, anything that has been queried before returns a dns query in about 0.233(ish)ms. Which in turn makes browsing feel incredibly responsive. As queries are being sent via https, I no longer have to worry about frontier doing something stupid and under the table (Based upon dns queries, which, if you look at pihole logs, you can get an alarmingly clear picture of someone based upon only their dns query history) (if you know about #murrikan ISPs, you are probably familiar with the fact that they are shady pieces of shit).

Also, the pihole stats are super interesting:
https://i.imgur.com/T58LS6i.png

So far, in the past couple of days, 54% of dns queries have effectively been garbage queries. That is freaking insane (what's also insane is the frequency and volume of queries to google analytics as opposed to any other domain)!

Anyway, the point of this post is that if you've been thinking about setting up a pihole yourself, I HIGHLY recommend it. Everything about it is great so far and I am loving it. It really isn't hard. Just make sure you're on the latest version of raspbian and as long as you can follow some simple directions, you should be fine. If you want to set up cloudflared so that you can have secure dns queries, there is documentation on the pihole knowledge base that covers it in a pretty foolproof manner.
User avatar
Jools
XTA Developer
Posts: 2816
Joined: 23 Feb 2009, 16:29

Re: PiHole + Cloudflared is awesome :-)

Post by Jools »

Yeah I use a pihole all the time. I have it on my raspberry pi and I point all devices to use it as dns server (unfortunately my router cannot be set up with external dns server).

It works great. Cuts off all youtube ads that nowadays also interrupt songs.
User avatar
Jools
XTA Developer
Posts: 2816
Joined: 23 Feb 2009, 16:29

Re: PiHole + Cloudflared is awesome :-)

Post by Jools »

I wish there were something to also prevent all updates. Those are the most annoying things today on the net:
i) ads
ii) software updates
User avatar
ThinkSome
Posts: 387
Joined: 14 Jun 2015, 13:36

Re: PiHole + Cloudflared is awesome :-)

Post by ThinkSome »

Jools wrote: 03 May 2019, 17:40 I wish there were something to also prevent all updates. Those are the most annoying things today on the net:
i) ads
ii) software updates
A solution for those is to whitelist programs. The easiest OS-independent way of achieving that is to have browser access the net via an external proxy server while blocking all direct internet traffic. Of course the best is to use an OS where you can get all the stuff from the package manager.
User avatar
Silentwings
Posts: 3720
Joined: 25 Oct 2008, 00:23

Re: PiHole + Cloudflared is awesome :-)

Post by Silentwings »

I wish there were something to also prevent all updates.
I heard about one, it worked really well at the time but then it was never updated and it doesn't work anymore.
User avatar
Forboding Angel
Evolution RTS Developer
Posts: 14673
Joined: 17 Nov 2005, 02:43

Re: PiHole + Cloudflared is awesome :-)

Post by Forboding Angel »

As far as MS updates, you can block MS update servers, but blocking updates is a pretty horrible idea, even though they might be inconvenient.
User avatar
very_bad_soldier
Posts: 1397
Joined: 20 Feb 2007, 01:10

Re: PiHole + Cloudflared is awesome :-)

Post by very_bad_soldier »

Forboding Angel wrote: 03 May 2019, 10:52 I cannot explain how pleased I am with it. Because pihole caches dns queries, anything that has been queried before returns a dns query in about 0.233(ish)ms. Which in turn makes browsing feel incredibly responsive. As queries are being sent via https
Quite sure you were always using DNS caching already. Your browser and also your OS should be doing it already. So I am surprised that you are experiencing such an incredible boost in responsiveness due to PiHole caching. Maybe in rare situations you can profit from Pihole cache when another machine in your network queried a hostname before.
Let alone the fact that using HTTPS for DNS queries heavily *increases* DNS latency compared to plain UDP or TCP.

Also your blocking rate of about 50% is quite suspicious imo. You should check your machines for mailicous processes or bots. For me the blocking rate of Pihole is at around 1.5%. No idea what a good average is but 50% seems really high.
User avatar
ThinkSome
Posts: 387
Joined: 14 Jun 2015, 13:36

Re: PiHole + Cloudflared is awesome :-)

Post by ThinkSome »

The boost likely comes from analytics and advertisements not loading.
raaar
Metal Factions Developer
Posts: 1094
Joined: 20 Feb 2010, 12:17

Re: PiHole + Cloudflared is awesome :-)

Post by raaar »

if you block the ads of the websites you visit, aren't you hurting their revenues and long term sustainability?
User avatar
Forboding Angel
Evolution RTS Developer
Posts: 14673
Joined: 17 Nov 2005, 02:43

Re: PiHole + Cloudflared is awesome :-)

Post by Forboding Angel »

@vbs, yes I'm aware, but here we have the benefit of all devices queries being cached instead of only my desktop/phone.

This is also something to consider:
By default, Windows stores positive responses in the DNS cache for 86,400 seconds (i.e., 1 day) and stores negative responses for 300 seconds (5 minutes).
So having negative results cached for a longer period may be yielding results.

Also, don't rule out the placebo effect.

I've already spent time looking over the logs. Nothing suspicious going on there. What I see is exactly what I would expect. *Shruggie*

@raaar, possibly. That said as far as YouTube creators go, I have YouTube red.


And yes, what thinksome said. I believe that the high percentage is due to analytics being blocked. The amount of queries to Google analytics is pretty insane. It dwarfs other domain requests by orders of magnitude.
Post Reply

Return to “Off Topic Discussion”