phrasing
this post was submitted on 05 May 2025
281 points (98.3% liked)
Technology
69734 readers
4669 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
66.6% of all traffic is blocked with no functional impact on anything that I do
Okay. I’m convinced.
Misleading statement. It doesn't block "traffic", it blocks DNS requests... you don't know how much traffic this corresponds to.
Correct. The payload of DNS requests is tiny compared to, say requesting a webpage. So there might not be a huge decrease of bandwidth usage reduction. However, having 66.6% less DNS requests is still a win. The router/gateway doesn't have to work that hard because of the dropped requests.
It isn't so much about the payload of the DNS requests, but about the content that would have been loaded if the DNS request hadn't been blocked.
If you load a page that has 100kB of useful information, but 1MB of banner ads and trackers ... you've blocked a lot more than 66%. But if you block 1MB of banner ads on a page that hosts a 200MB video, you've blocked a lot less.
Also a 66% blocked percentage seems very high. I have installed pihole on 2 networks, and I'm seeing 1.7% on my own network, but I do run uBlock on almost everything which catches most stuff before it reaches the pihole, and 25% on the other network.
Don't fall for the trap that they recommend an expensive Pi 5: I am running Pi-hole on a Pi 2 but you can basically run this on obsolete hardware, whether that's a Pi or a PC/laptop
Can confirm. I have 10 year old pi2 that is dedicated to pi hole and even that is not utilizing all of its 1gb of memory
I run mine on a PI 0. Also use it as a samba disk partition for transferring files.
No performance impacts on regular browsing? I never dared to run a DNS on a wifi only device. Or are you using some kind of Ethernet over USB thing?
I use adguard home in conjunction with NextDNS.
I find adguard a little better in the UI department. Have it in a docker container so it's a set and forget.
Getting an error trying to access this:
https://den.dev/blog/pihole has a security policy called HTTP Strict Transport Security (HSTS), which means that Firefox can only connect to it securely. You can’t add an exception to visit this site.
Perhaps it's blocked for you.
Works for me
I recommend having two. Otherwise your home internet goes down everytime you update or reboot or it crashes.
Yes especially if you’re using DHCP on Pi-hole
Huh? Typically you have a secondary DNS entry on your router
Secondary DNS is not for redundancy!
The way secondary DNS works is that a client distributes DNS requests across the primary and secondary DNS servers. So if you have pihole as your primary DNS and, say, 8.8.8.8 as your secondary DNS, you're sending half of your DNS requests to google unfiltered. And if your pihole DNS goes down, half of your DNS queries time out.
The way to have redundancy with DNS is with a standby server that takes over the IP of the primary server if it goes down. You can do this with keepalived.
And what do you set that secondary DNS entry to? Operating systems may use both, so you need the secondary to point to a pi hole or else you're letting ads through randomly.
dns.adguard.com
Sure, if your router supports DoH or DoT. Most consumer routers don't. I know that Mikrotik supports it out of the box, and OpenWRT has a package for that.
Randomly? No, only when your pi goes down. Or when ever you're looking at something that gets around the simple DNS based ad filtering pinhole does. It's foolish to spend twice as much money for this level of fail over protection to prevent ads. It's not like if you see an ad you're going to die lol. If you're that opposed to them, sure, go for it, but you're better off spending your time doing other things to stop ads than maintaining two pi holes because one might fail.
And like the other person said, just use ad guard's public DNS. I use it on my router and on my phone.
Randomly? No, only when your pi goes down
Not how secondary DNS works. It round robins the requests across primary and secondary DNS servers.
I have two piholes - they serve different DHCP ranges (e.g. 1-100 and 101-250), and option 6 references each other.
Interesting... And this is not a criticism, simply an observation...
I've a single Pihole instance running on a RPi 4 and have experienced not a single instance of any of the 3 probs you mention. Except, of course, the very few minutes it takes for a reboot which I can schedule and am aware when it's happening...
🤷♂️
Raspberry Pies (is that how you pluralize it?), and especially their SD cards are not the most reliable pieces of hardware. I've already had a few die on me.
As for how annoying outages are, I guess that depends on how many people and services you have on your network relying on a functioning DNS. I am running two pihole instances on separate hardware in a keepalived virtual IP setup, with a replicated configuration. Sounds complicated, but it's really easy.
It's just nice to be able to reboot or perform maintenance on my pihole knowing it won't impact DNS, and not having to worry about interrupting my girlfriend streaming her Netflix series or whatever. For example, just a couple of weeks ago I converted my bare-metal pihole installation to a dockerized one, which was a couple of hours of work, without any DNS downtime at all.
Literally just had my pihole hard crash this weekend due to a bad update to FTL. Apparently they had a major version upgrade and didn't bother to read the notes so I had to do a full OS reinstall.
Back up your configs people. Had to dig through documentation to find the sqlite file and then parse through it like some sort of animal.
Literally just had my pihole hard crash this weekend due to a bad update to FTL. Apparently they had a major version upgrade and didn’t bother to read the notes so I had to do a full OS reinstall.
The v6 upgrade was such a disaster. I was bitten by it too, it started the upgrade then halfway through decided it didn't like my OS (debian-testing) and crapped out ... leaving me with a b0rked installation. Luckily I was able to return to v5 using my system backup. It was a right pain to figure out how to restore though, because they write files all over /opt, /etc, /usr/bin, /usr/local and /var.
For this reason I have since dockerized my pihole installation. Not only does this allow you to choose the exact pihole version you want (a bare metal install only supports the latest version), but it allows you to centralize your configuration files neatly under a docker volume, so you only have to backup the volume.
I waffled back and forth on a docker install. Outside of the initial panic to reinstall the OS (Ubuntu 24.04 for me), it was relatively straightforward outside of the config. It may be worth it to dockerize it so I can git control the config but not sure how easy it is under v6. They really changed how the files are parsed.
Before pihole was essentially a frontend for dnsmasq but it seems like it's a bit more than that now. I haven't had the chance to look too much under the hood.
If I'm being honest, I've wanted to off-load pihole to my router but lack the time and patience these days. I've reached the point in my life where IT isn't the most important thing anymore and just need it to work.
The box I'm running pihole on hosts several other services as well, so I dread having to reinstall everything. Most of it is dockerized, but still.
Anyway, I also waffled back and forth on dockerizing pihole when I initially installed it ... but ended up going bare metal, and now I wish I would have gone docker from the start. The initial install is perhaps slightly more complicated, but it's so much more maintainable and transportable to other devices: transfer volumes, and run your docker-compose.yml on the other box ... and voila, you've cloned your pihole. I use that system to keep my backup pihole in sync by the way.
Before pihole was essentially a frontend for dnsmasq but it seems like it’s a bit more than that now
Indeed, it doesn't run dnsmasq separately anymore, but somehow incorporates all dnsmasq capabilities and it still uses dnsmasq syntax config files, and can be configured to include the /etc/dnsmasq.d configs.
I’d say part of it comes down to what your log level is set at. My pi-hole ran on the pi for like 3-4 years before it destroyed the sd card and crashed. I know some people make immutable filesystems for them etc. If you’re writing to the sd card it’s just a matter of when, not if it will fail.
load more comments
(6 replies)
Mine never crashed until the latest major update, now it’s down every time I come home. Am mad
load more comments
(1 replies)
load more comments
(5 replies)
I've been thinking of setting one up for a while, if I have a home server would I be better off hosting it on that or as a separate device? What are the alternatives to a raspberry pi? They've shot up in price over the years.
I run mine in Docker. Three containers: PiHole which resolves using Unbound, and a VPN container for Unbound.
That being said, if you routinely restart that device, or it crashes because of something else you are doing, it gets annoying real quick.
A cheap mini-PC running a low wattage n150 is a good thing to have for essential services in docker.
Definitely dont bother with buying a pi if you've got other hardware.
I have one physical (a 3b I had no use for anymore), and two running as containers. The containers do most of the heavy lifting, since they are so much faster than a pi they respond far faster, but the physical is nice for when I take down the clusters for maintenance (or when I lose power, the clusters shut down after about 3 minutes, the pi will keep going for a while on UPS).
I personally like it on a dedicated Pi simplly because I don't want DNS to die if i'm doing other server maintenance. the Pi is pretty much set it and forget it.
But i guerss you might as well try it on your server first and you can always buy a Pi if you find it to be too much of a pain.
If you have a server running, I wouldn't buy more hardware. They have good example documentation for just such a configuration:
https://docs.pi-hole.net/docker/
If your server already has those ports bound (specifically the DNS port 53) you are going to have to get creative; otherwise it'll work well!
Worst case, a cheapo pi 3 will do the job. At one point I had it running on a pi zero, so hardware requirements are pretty low.
If your using docker and the ports are bound you can just use the network mode host so the container gets it's own ip. It's how I have adguard running on my unraid server
Thanks, PoopMonster, that's a good tip!
load more comments
(5 replies)
view more: next ›