and also in all android apps

My PiHole is on a Pi Zero W plugged into the router's USB port. Only one wire required. :o)

Yeah. I was looking myself logs that what on earth on my home network was so aggresive. Turned out to be Samsung TV.

Let met guess... Samsung smart TVs ? I just plugged it off -.-

@@MrLuNa77 Yup Samsung. I have since unplugged it. The "smart" functionality of the tv is not that useful anyways when there are other devices plugged into it. I think another offender was my tp-link smart socket. It's on a separate IOT wifi network now.

Roku doesn’t stop once you block it. Amazon devices are really bad as well.

PI-hole + Wireguard and DynDNS and you never have to look at an ad again ;-) not even on your Phone on the go. But i would always build the NAS/Home-Server myself.

I've got it running on a pi2 along with pi-vpn using wireguard. So hand, cheap to run and easily runs both and have it also running dhcp as well. Its great as I can VPN into my home and then I get the filtering when off WiFi. Have it reboot once a week and since 5.0 update is great and can add devices to groups if people complain they can't buy things via Google links...

Dns crypt is more secure

But you could use all three (doh, dot,dnscrypt) plus dnssec

@@DistantComputer i totally missed that.

Take a comp-tia course.

Or... and hear me out... you could throw an SSD into your NAS and run pinhole on that ¯\_(ツ)_/¯

Running on Unraid I can run the PiHole docker without spinning up any of the HDD drives. Just have an unassigned drive like an SSD or even a flash drive and move your docker image there. Also makes docker containers extract and start up much faster.

To counter this (valid) point, Pis will absolutely destroy SD cards, and it's actually recommended to use USB storage for long-term use, whether flash drive, external HDD, or external SSD. The blame isn't entirely on the Pi, for some reason SD cards just seem to fail more than anything else.

@@SoundToxin Berryboot solves this pretty well and gives you additional features.

@@pieterrossouw8596 but this won't work on consumer grade NAS enclosures (synology, qnap, etc). which this is clearly addressed to. there's always a more professional solution , but for the average user a pi-hole with a pi (zero) would be easier than buying and setting up a unraid system.

@Neon Rogue slooooow

Really the VPN is the easiest part, if you're going to rent a VPS or something, just simply making sure it's secure and setting up stuff like docker will take far longer than almost any service you want to run, double that if you want to do things proper by routing things through a reverse proxy and use a domain name (traefik ruined my excitement for finally setting up a home server).

PiVPN is probably the easiest way to get OpenVPN or preferably WireGuard running. I've got it running on a little Ubuntu VM at home so I can VPN into my network. You can easily spin up a nano or micro EC2, assign an elastic IP and VPN in there if you trust AWS with your traffic... The how isn't hard, it's where to run it that has become a minefield. Linode might be great and respect privacy (or not, I don't know) but they certainly don't have servers in every region.

Mine cant bypass, I have set firewall rules to block all dns requests to internet if they are not from my pi-hole.

Same here... x86 wasn’t common on Synology, or NAS in general, until recently. With the success of Docker it’s been disappointing to say the least.

It seems the low end Synology NAS don’t support docker which I find a shame. Not sure why, perhaps CPU related.

Richard S ARM based nas won’t be supported. Only Intel.

Has to have an intel CPU.

@@richards7909 It's not low end. I have a 8 bay one. It needs an intel CPU.

docs.pi-hole.net/guides/dns-over-https/ If you are comfortable cutting and pasting into an SSH console those instructions are fairly easy to follow.

It's fine. You imply some sort of security problem because it isn't an edge device. This is not correct..

@Neon Rogue DNS can be any server but to couple it with a storage device is not a good practice. If your NAS is down then not only your storage isn't available, your internet is also down. If you are okay with that then I guess having DNS function on NAS is fine. Just because synology allows docker or some type of virtualization technology to exist, doesn't mean you throw everything on it. Running test VM or a server, even plex, etc. on synology wouldn't be a problem as you can still get to the internet if NAS is down. You are better off keeping critical functions separate.

@@JJaani You can always have more than one PiHole there's nothing wrong with redundancy. Nobody said you an only have ONE DNS server, in large environments, it's pretty much required. I can't remember where I read it but from what I understand Microsoft broke DNS with Windows 10 and instead of sequentially resolving addresses but it queries all at once. So don't set your "unprotected" router/gateway as a backup DNS. So watch out for Win 10 users.

On my router’s DHCP settings have configured first DNS option my pi-hole and the second a public one, if the pi-hole goes down I still have resolution without protection but no downtime.

Not that I've noticed, the disable ad blocker notification hasn't shown up, even on sites that I know pop up with the notification with a normal ad blocker.

Wait, is this an actual possibility?

You just need to add another list, like an adlist or malware list, so a host list I guess. Hasn't gotten bad enough you need content filtering. But that will be next.

It's only a matter of time. Then we have to block HTTPS requests to DOH from all hosts except for Pi-Hole.

@@Cheeky_Goose Yes, it's a possibility. Try looking at a Chromecast dongle... It's even more painful than that. There are normal DNS running on port 53 (can be both TCP and UDP but normally UDP). Then there are DNS-over-HTTPS (DoH) Finally, there are DNS-over-TLS (DoT). Any application can in principle have a preconfigured list of servers it can try to connect to, to attemt circumventing DNS filtering. To make matters worse (in this regard), a DoH service can run on any URL, and as the connection is encrypted, you can't really inspect it and block it specifically while leaving the rest of the site untouched. You are forced to block that host entirely. In my own network (pfSense firewall): - firewall rules will redirect any DNS request destined to external DNS servers to my own DNS (port 53). (pfSense with Unbound DNS and pfBlockerNG plugin for pi-hole-like functions). - any connections to public DoH servers (I know of), are blocked. - any connections to DoT ports (port 853) are blocked. Effectively, you have to try really hard to circumvent my DNS filters (but it's not a bullit proof setup I have made)

And then we shall all make the great pilgrimage to the holy grail... Pfsense.

It's not WAN IP but LAN IP that has to be static. I think you can set that on your router without your ISPs say.

wendal?

@@sirius4k vandal

There's plugins now for most browsers that block KZbin ads and generally make it easily usable (like removing unneeded blocks, easily adjusting playback speed including with a hotkey, and so on), and on Android office there's r Eva nСеD for that. Google breaks then sometimes by changing KZbin, but that happens not that often, and generally there's an update for that shortly available.

None of the ARM based ones support it. Only Intel.

You mean Quad9 don't you? It's so simple to remember the name when looking at that IP

@@sitte24 :-D Shiit. I really hate my phone's multi-language dictionary... Now I wonder how many times it changed quad to cloud - without me noticing :-D

Yes, you can do Regex on Piholes now.

They got rid of the list of adlist for a database of adlists, so you have to use their teleport backup and recovery tool

I believe we can set up steam dns to cloudflare in pihole.

On phones and tablets (and maybe laptops) there is also IMU tracking, which is not talked about very much and doesn't require user consent. It uses gyroscopes, accelerometers, and magnetic sensor (compass). Can pinpoint your location with the dead reckoning method, guess what activity you're doing based on acceleerometer movements, and possibly listen to vibrations (audio) since these sensors are so precise on devices today.

There has to be a convenient way to bypass filtering for those few that are worth it, I suppose, would like to learn that

Huh? In the video the docker container is bridged to the host network via the Synology gui. Don't need to muck with docker net config....