I think it’s safe to assume that most people don’t like ads, especially now that we live in a time when your browsing activity is being tracked to provide you a “tailored” advertising experience. These target ads are generated specifically for you, based on a profile of your preferences built off your browsing history. I’ve been using browser-based ad blockers for years, but they have a few drawbacks. One of those drawbacks is that many websites have become savvy to their users’ use of ad blockers and developed ways of detecting ad blockers and denying or restricting access unless the site is whitelisted. Another drawback of these browser plugins is that, hence their name, they only work in the web browser.
This is where Pi-Hole comes in, by blocking ads at the network level. Pi-Hole is a self-hosted DNS server specifically designed with ad blocking in mind. In addition to the limitations of browser ad blockers, I became frustrated with the ads in services I paid for, I’m looking at you Apple News+. I decided to deploy Pi-Hole in my home network to see how it could help out.
In Proxmox, I created an Ubuntu VM with more than sufficient virtual hardware specifications: 4Gb of RAM and 2 CPU cores. I later scaled this back after looking at the performance baselines. Pi-Hole installs quickly and easily via the terminal and a guided prompt. I assigned the VM a static IP in my network and then launched the web portal for final configuration.
The key to Pi-Hole is its blocklists. While it comes preconfigured with a default list, this is most likely not going to be enough. I opted to take a more ambitious blocking stance and headed over to The Firebog. This site compiles categories of blocklists for users to choose from, including ads, trackers, suspicious sites, and known malicious sites. I loaded all of the check marked (least likely to generate false positives) blocklists into my Pi-Hole and synced the lists to load their contents.
The final step was to configure my home router to hand out the Pi-Hole IP address during the DHCP process and point hosts to Pi-Hole for name resolution. The router was configured with additional name servers from the usual providers for failover. Once hosts had renewed their DHCP leases and received the new DNS server, Pi-Hole started to get to work.
I was impressed at what Pi-Hole was able to do, with about 10-15% of my network traffic being blocked by Pi-Hole. After a couple of weeks, I analyzed the performance baselines in my Pi-Hole VM and optimized the specifications. I later added a second Pi-Hole VM for failover and converted both of these into Proxmox lxc containers instead of full-fledged VMs.