121
My experiences with Pi-hole
(scribe.disroot.org)
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
much thanks to @gary_host_laptop for the logo design :)
Pi-hole is OK, but for good measure it's easy to set up a "hosts" file that blocks all that stuff locally. You can use your findings from Pi-hole. On Linux you just pop your entries in
/etc/hosts
, or other OS equivalent. Here are some curated lists. For Mozilla telemetry - https://github.com/MrRawes/firefox-hosts/blob/firefox-hosts/hosts Massive list for everything - https://github.com/StevenBlack/hostsThat's for one device.
Where does a smart TV keep it's hosts file? IPhone? Android?
DNS (PiHole) works for all devices on your network, which I'd argue is better than a hosts file.
That’s for one network. That’s why I switched to Next DNS and have protection at home and everywhere else.
I ran PiHole for years. It started as a way to block ads but then also a way to block games and YouTube for my kids so they get a break. I had to manually control this though. I switched to NextDNS last year because this can be done on a schedule and they can't get around it such as swapping to mobile data on their phones.
In the house though I run AdGuard because there's no way differentiate traffic for each of my kids NextDNS profiles. With AdGuard it can proxy DNS requests to take traffic from the TV in their bedroom and convert it to DNS over TLS so the traffic hits the correct profile. I don't use AdGuard for anything else. It does not filter anything. It's purely to make sure traffic hits the correct NextDNS profile.
Use both.
Why maintain the same thing in multiple places? If the pi-hole is blocking it, the pi-hole is blocking it. What added value is there in also maintaining the hosts file?
On mobile or on networks with a bigger load on the DNS server it could make sense to make things faster, but otherwise a pihole is fine I think. If the pihole is not working as it should, that should be found out and fixed ASAP.
The amount of times I've seen people request help because Pi-hole was not blocking/functioning properly, well a hosts file just ensures nothing leaves that you want blocked. Besides, you may have different machines set up to be strict or permissive depending on their use case.
With Pihole you can restrict or be permissive with different devices, based on MAC or IP address.
DNS services with blocks lists such as Pi-Hole, AdGuard, NextDNS, etc, provide a centralized config file for all devices on a network, so you only configure once, collect statistics, have built in block lists that can be easily modified and updated either automatically or manually and are fast.
Using large lists in a host file will slow local resolution. It wasn't designed for this use case as it's acting a flat file database with a limited amount of RAM allocated for the process and will get slower the longer the list. While this latency won't be noticeable in the thousands of lines, once you start hitting hundreds of thousand or millions of entries it will start to crawl.
Hosts file are also unable to RegEx or Wildcard entries which means you would have to duplicated lots of variations in domains...
I mean I can also statically assign IPs to ever client and keep a spreadsheet, but why don't I just use DHCP?
That is pretty cool for folks that want a quick and easy way to block ads.
Absolutely. These lists are created by server admins who collect what the firewall rejects, much like you see with the Pi-hole. They'll automatically block some ads and many threats too. Another tip if you're using Librewolf, Mullvad browser or Firefox with uBlock, enable more of the filter lists.