and also in all android apps

My PiHole is on a Pi Zero W plugged into the router's USB port. Only one wire required. :o)

Yeah. I was looking myself logs that what on earth on my home network was so aggresive. Turned out to be Samsung TV.

Let met guess... Samsung smart TVs ? I just plugged it off -.-

@@MrLuNa77 Yup Samsung. I have since unplugged it. The "smart" functionality of the tv is not that useful anyways when there are other devices plugged into it. I think another offender was my tp-link smart socket. It's on a separate IOT wifi network now.

Roku doesn’t stop once you block it. Amazon devices are really bad as well.

PI-hole + Wireguard and DynDNS and you never have to look at an ad again ;-) not even on your Phone on the go. But i would always build the NAS/Home-Server myself.

I've got it running on a pi2 along with pi-vpn using wireguard. So hand, cheap to run and easily runs both and have it also running dhcp as well. Its great as I can VPN into my home and then I get the filtering when off WiFi. Have it reboot once a week and since 5.0 update is great and can add devices to groups if people complain they can't buy things via Google links...

Take a comp-tia course.

Or... and hear me out... you could throw an SSD into your NAS and run pinhole on that ¯\_(ツ)_/¯

Running on Unraid I can run the PiHole docker without spinning up any of the HDD drives. Just have an unassigned drive like an SSD or even a flash drive and move your docker image there. Also makes docker containers extract and start up much faster.

To counter this (valid) point, Pis will absolutely destroy SD cards, and it's actually recommended to use USB storage for long-term use, whether flash drive, external HDD, or external SSD. The blame isn't entirely on the Pi, for some reason SD cards just seem to fail more than anything else.

@@SoundToxin Berryboot solves this pretty well and gives you additional features.

@@pieterrossouw8596 but this won't work on consumer grade NAS enclosures (synology, qnap, etc). which this is clearly addressed to. there's always a more professional solution , but for the average user a pi-hole with a pi (zero) would be easier than buying and setting up a unraid system.

Not that I've noticed, the disable ad blocker notification hasn't shown up, even on sites that I know pop up with the notification with a normal ad blocker.

Dns crypt is more secure

But you could use all three (doh, dot,dnscrypt) plus dnssec

@@DistantComputer i totally missed that.

docs.pi-hole.net/guides/dns-over-https/ If you are comfortable cutting and pasting into an SSH console those instructions are fairly easy to follow.

None of the ARM based ones support it. Only Intel.

There has to be a convenient way to bypass filtering for those few that are worth it, I suppose, would like to learn that

Yes, you can do Regex on Piholes now.

They got rid of the list of adlist for a database of adlists, so you have to use their teleport backup and recovery tool

@Neon Rogue slooooow

Really the VPN is the easiest part, if you're going to rent a VPS or something, just simply making sure it's secure and setting up stuff like docker will take far longer than almost any service you want to run, double that if you want to do things proper by routing things through a reverse proxy and use a domain name (traefik ruined my excitement for finally setting up a home server).

PiVPN is probably the easiest way to get OpenVPN or preferably WireGuard running. I've got it running on a little Ubuntu VM at home so I can VPN into my network. You can easily spin up a nano or micro EC2, assign an elastic IP and VPN in there if you trust AWS with your traffic... The how isn't hard, it's where to run it that has become a minefield. Linode might be great and respect privacy (or not, I don't know) but they certainly don't have servers in every region.

Mine cant bypass, I have set firewall rules to block all dns requests to internet if they are not from my pi-hole.

Same here... x86 wasn’t common on Synology, or NAS in general, until recently. With the success of Docker it’s been disappointing to say the least.

It seems the low end Synology NAS don’t support docker which I find a shame. Not sure why, perhaps CPU related.

Richard S ARM based nas won’t be supported. Only Intel.

Has to have an intel CPU.

@@richards7909 It's not low end. I have a 8 bay one. It needs an intel CPU.

Not the lists but its queries: docs.pi-hole.net/guides/dns-over-https/

Plug your own router to at&t modem/router and then plug your devices into your own router.

@@lordstevewilson1331 I tried that at one point and it was still using the AT&T DNS. Maybe it was how the 2nd router was attached.

@@MrV1NC3N7V3G4 If you have AT&T U-Verse, you will need to setup IP Passthrough on the AT&T gateway in order for the 3rd party router to work correctly. There is no bridge mode on U-Verse like there was with the legacy DSL service from AT&T.

@@JJFlores197 I'll try that when I find the time to reconfigure everything in the house again. I think the first time I just connected the 2nd router via an ethernet port and let my AT&T router do all of the DHCP.

Pi-Hole was originally designed to run on a Raspberry Pi. These can be bought for just $30 and ~is~ *are* more server than you ever need for this kind of stuff.

@@ecnctggc cool, tyvm

IMHO, no. pfBlockerNG can use the same blocklists that PiHole does, doesn't require additional hardware/docker/VM etc. as well it can do Geoblocking. I ran PiHole for about a year before switching. Both work well, pfBlocker can do more. You're not playing whack-a-mole against people/devices casually bypassing your DNS by "going right to the gateway/router."

It's not WAN IP but LAN IP that has to be static. I think you can set that on your router without your ISPs say.

It's prettier

why trust any software? look and verify yourself

@@nictou That does not help with answering my question. I do not have time to verify someones side projects like pi-hole, and I doubt many has such time. But pfblocker has more eyes on it.

@@lifebarier ..then the answer is "no". Different use cases . I needed a network-wide blocker/filter and do not have a home lab to play with. So i use a pi3 under my shoe shelf. Simple "plug and play" ... DietPi as OS and one wget command. This more for the "wife Factor" than for a production environment.

@@nictou I disagree with "different use-cases", from the way you put it it seems that pi-hole is just poor mans pfblocker.

wendal?

@@sirius4k vandal

Yes you can, but it's a lot more complicated.

There's plugins now for most browsers that block KZbin ads and generally make it easily usable (like removing unneeded blocks, easily adjusting playback speed including with a hotkey, and so on), and on Android office there's r Eva nСеD for that. Google breaks then sometimes by changing KZbin, but that happens not that often, and generally there's an update for that shortly available.

You shouldn't be using pihole at such scale, get something enterprise grade

I believe we can set up steam dns to cloudflare in pihole.

Huh? In the video the docker container is bridged to the host network via the Synology gui. Don't need to muck with docker net config....

Wait, is this an actual possibility?

You just need to add another list, like an adlist or malware list, so a host list I guess. Hasn't gotten bad enough you need content filtering. But that will be next.

It's only a matter of time. Then we have to block HTTPS requests to DOH from all hosts except for Pi-Hole.

@@Cheeky_Goose Yes, it's a possibility. Try looking at a Chromecast dongle... It's even more painful than that. There are normal DNS running on port 53 (can be both TCP and UDP but normally UDP). Then there are DNS-over-HTTPS (DoH) Finally, there are DNS-over-TLS (DoT). Any application can in principle have a preconfigured list of servers it can try to connect to, to attemt circumventing DNS filtering. To make matters worse (in this regard), a DoH service can run on any URL, and as the connection is encrypted, you can't really inspect it and block it specifically while leaving the rest of the site untouched. You are forced to block that host entirely. In my own network (pfSense firewall): - firewall rules will redirect any DNS request destined to external DNS servers to my own DNS (port 53). (pfSense with Unbound DNS and pfBlockerNG plugin for pi-hole-like functions). - any connections to public DoH servers (I know of), are blocked. - any connections to DoT ports (port 853) are blocked. Effectively, you have to try really hard to circumvent my DNS filters (but it's not a bullit proof setup I have made)

And then we shall all make the great pilgrimage to the holy grail... Pfsense.

You mean Quad9 don't you? It's so simple to remember the name when looking at that IP

@@sitte24 :-D Shiit. I really hate my phone's multi-language dictionary... Now I wonder how many times it changed quad to cloud - without me noticing :-D

On phones and tablets (and maybe laptops) there is also IMU tracking, which is not talked about very much and doesn't require user consent. It uses gyroscopes, accelerometers, and magnetic sensor (compass). Can pinpoint your location with the dead reckoning method, guess what activity you're doing based on acceleerometer movements, and possibly listen to vibrations (audio) since these sensors are so precise on devices today.