Go Back   Hardware Canucks > SOFTWARE > Networking

    
Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old February 14, 2019, 11:14 PM
JD's Avatar
JD JD is offline
Moderator
F@H
 
Join Date: Jul 2007
Location: Toronto, ON
Posts: 8,726

My System Specs

Default Pi-Hole

I'll spawn off a separate thread here since it seems like some of you guys are running them already...

I recently setup one too (in a VM) and have been sorting out the block lists I want to use the past couple weeks now. It's been pretty hard to not heavily impact services while still blocking "garbage" traffic...

I setup mine as a fully standalone DNS resolver so it does it's own queries directly without relying on Google, CloudFlare, etc along with enabling DNSSEC. How-to is here: https://docs.pi-hole.net/guides/unbound/

I'm currently using all the "ticked" lists from here: https://firebog.net/ along with this whitelist: https://github.com/anudeepND/whitelist. I've tried using some stuff from: https://blocklist.site/app/ but that seems to get into a lot of problems...

Off hand, Adobe Creative Cloud is blocked by most lists it seems. I also had ns*.omtrdc.net blocked heavily which prevented a bunch of domains from resolving. Ended up whitelisting those.

Curious to know what lists you guys run? Any issues in your cases?

My current block rate is around 36%. Still run AdGuard in my browser that picks up a lot, and from what I gather, Pi-Hole isn't as effective against ads as it once was.

And as a side note, I also run IP blocklists on my EdgeRouter, using this: https://github.com/WaterByWind/edgeos-bl-mgmt. That hasn't given any notable issues though as I'm really just using it inbound to prevent anyone "attacking" my open ports.
Reply With Quote
  #2 (permalink)  
Old February 15, 2019, 07:47 AM
Mr. Friendly's Avatar
Hall Of Fame
 
Join Date: Nov 2007
Location: British Columbia
Posts: 2,267

My System Specs

Default

so you made something into a security gateway?
Reply With Quote
  #3 (permalink)  
Old February 15, 2019, 08:52 AM
supaflyx3's Avatar
Hall Of Fame
F@H
 
Join Date: Jun 2010
Location: Langley, BC
Posts: 2,938

My System Specs

Default

I'll paste my lists when I get home. It's rather annoying but I whitelist anything I need manually, I still run in to things that should be whitelisted every day but I'd rather that over telemetry tracking and other crap. I don't have a resolver running however, I have PiHole running on a 3b so I'm not sure how well that would handle it. I might setup PiHole in a VM with a resolver running and use my 3b PiHole as a backup DNS server for when I take my server down for maintenance.
__________________
Reply With Quote
  #4 (permalink)  
Old February 15, 2019, 01:35 PM
JD's Avatar
JD JD is offline
Moderator
F@H
 
Join Date: Jul 2007
Location: Toronto, ON
Posts: 8,726

My System Specs

Default

Quote:
Originally Posted by Mr. Friendly View Post
so you made something into a security gateway?
I guess you could kind of consider it like that. It's a secure DNS to help filter out "bad" traffic or things you don't want people accessing. Mostly to block telemetry, some ads, malware, etc. Also helps prevent your ISP from "spying" on you, assuming they don't forcefully capture port 53 traffic. Security comes in layers though, DNS is just part of that. That's why I also have the IP blacklists on my router too as another layer.

Quote:
Originally Posted by supaflyx3 View Post
I don't have a resolver running however, I have PiHole running on a 3b so I'm not sure how well that would handle it.
Running unbound (first Google result being vibrators ) doesn't really seem to eat up any CPU, it's really just the initial lookup and then it's cached. Some people claim really slow performance for that first lookup, but I haven't noticed anything. Even if I purge the cache, things still load quick. Memory usage stays under 1GB. I'm running it on Ubuntu Server LTS within Hyper-V. I'd suspect the rPi distros are slimmer than that.
Reply With Quote
  #5 (permalink)  
Old February 15, 2019, 03:08 PM
supaflyx3's Avatar
Hall Of Fame
F@H
 
Join Date: Jun 2010
Location: Langley, BC
Posts: 2,938

My System Specs

Default

Quote:
Originally Posted by JD View Post
I guess you could kind of consider it like that. It's a secure DNS to help filter out "bad" traffic or things you don't want people accessing. Mostly to block telemetry, some ads, malware, etc. Also helps prevent your ISP from "spying" on you, assuming they don't forcefully capture port 53 traffic. Security comes in layers though, DNS is just part of that. That's why I also have the IP blacklists on my router too as another layer.


Running unbound (first Google result being vibrators ) doesn't really seem to eat up any CPU, it's really just the initial lookup and then it's cached. Some people claim really slow performance for that first lookup, but I haven't noticed anything. Even if I purge the cache, things still load quick. Memory usage stays under 1GB. I'm running it on Ubuntu Server LTS within Hyper-V. I'd suspect the rPi distros are slimmer than that.
Good to hear, I have other services running on my Pi (NUT Server, OpenVPN etc) so RAM may become an issue, so I may just setup a VM again for that. Also here are all my blocklists:

https://raw.githubusercontent.com/St...s/master/hosts
https://mirror1.malwaredomains.com/files/justdomains
http://sysctl.org/cameleon/hosts
https://zeustracker.abuse.ch/blockli...omainblocklist
https://s3.amazonaws.com/lists.disco...e_tracking.txt
https://s3.amazonaws.com/lists.disco.../simple_ad.txt
https://hosts-file.net/ad_servers.txt
https://dbl.oisd.nl/
https://phishing.army/download/phish...t_extended.txt
https://tspprs.com/dl/tracking
https://raw.githubusercontent.com/CH...er/AudioFp.txt
https://raw.githubusercontent.com/CH...ter/Canvas.txt
https://raw.githubusercontent.com/CH...ter/WebRTC.txt
https://raw.githubusercontent.com/CH...t/master/HOSTS
https://raw.githubusercontent.com/de...ts/AakList.txt
https://raw.githubusercontent.com/de...-Obtrusive.txt
https://jasonhill.co.uk/pfsense/ytadblock.txt
https://raw.githubusercontent.com/He.../ytadblock.txt
https://raw.githubusercontent.com/an...ster/hosts.txt
https://raw.githubusercontent.com/an...domainlist.txt

and my pihole stats.

With those lists I was able to block ads on youtube via Chromecast (I think, I don't recall seeing any ads if I chromecast to my TV) however youtube ads are still present on my phone, & the youtube app on my TV. The youtube app on my TV also seems to crash when an ad tries to play in the middle of a video, but that could be unrelated. So be aware of that if you use my lists you may need to play around with it a bit and whitelist a couple things.
__________________
Reply With Quote
  #6 (permalink)  
Old February 15, 2019, 05:45 PM
JD's Avatar
JD JD is offline
Moderator
F@H
 
Join Date: Jul 2007
Location: Toronto, ON
Posts: 8,726

My System Specs

Default

Hmm, I'll give those YouTube lists a shot you have there. Wouldn't mind clearing the ads up on my Android TV boxes.

But like tonight, Uber Eats wouldn't let me checkout, so now I need to figure that out... just flipped to LTE so I could order
Reply With Quote
  #7 (permalink)  
Old February 15, 2019, 05:48 PM
supaflyx3's Avatar
Hall Of Fame
F@H
 
Join Date: Jun 2010
Location: Langley, BC
Posts: 2,938

My System Specs

Default

Haha what I normally do I grab my laptop and keep refreshing the query log to see what's being blocked on the device as I'm trying to access it, and unblock things that don't look like telemetry or ads
__________________
Reply With Quote
  #8 (permalink)  
Old May 14, 2019, 05:40 PM
Sagath's Avatar
Moderator
F@H
 
Join Date: Feb 2009
Location: Edmonton, AB
Posts: 3,898

My System Specs

Default

A friend wasnt using his old 2B, so he gave me it. I've installed DietPi, and put pihole on it. Works amazing, and I'm super happy with it so far.

The only (minor) issue I'm having is I'd like to get the clients list working more effectively. Currently my router (192.168.1.254) is directing to the pihole (192.168.1.101) for DNS only, not DHCP. Is there an easy way to change this so I can see individual clients rather than them all comming from .254?
__________________
My Disclaimer to any advice or comment I make;
Quote:
Originally Posted by CroSsFiRe2009 View Post
I'm a self certified whizbang repair technician with 20 years of professional bullshit so I don't know what I'm talking about
Reply With Quote
  #9 (permalink)  
Old May 14, 2019, 07:34 PM
JD's Avatar
JD JD is offline
Moderator
F@H
 
Join Date: Jul 2007
Location: Toronto, ON
Posts: 8,726

My System Specs

Default

Quote:
Originally Posted by Sagath View Post
A friend wasnt using his old 2B, so he gave me it. I've installed DietPi, and put pihole on it. Works amazing, and I'm super happy with it so far.

The only (minor) issue I'm having is I'd like to get the clients list working more effectively. Currently my router (192.168.1.254) is directing to the pihole (192.168.1.101) for DNS only, not DHCP. Is there an easy way to change this so I can see individual clients rather than them all comming from .254?
Does your router let you adjust what DNS servers it sends to clients (usually in the DHCP options)? Otherwise you'll have to manually set your devices to use 192.168.1.101 as their DNS.

Last edited by Sagath; May 14, 2019 at 07:57 PM.
Reply With Quote
  #10 (permalink)  
Old May 14, 2019, 07:57 PM
Sagath's Avatar
Moderator
F@H
 
Join Date: Feb 2009
Location: Edmonton, AB
Posts: 3,898

My System Specs

Default

Yep. I set the DNS on the router to 101, but I miswrote in my first post. What I maybe wasnt clear about is on the pihole all the statistics show .254 as the 'hosts' for blocking rather than the individual clients. This makes it tougher to see whats being blocked where, or not blocked where as I cant see what client is actually making the requests to pages.
__________________
My Disclaimer to any advice or comment I make;
Quote:
Originally Posted by CroSsFiRe2009 View Post
I'm a self certified whizbang repair technician with 20 years of professional bullshit so I don't know what I'm talking about
Reply With Quote
Reply


Thread Tools
Display Modes

Similar Threads
Thread Thread Starter Forum Replies Last Post
That hole on the i7-3820 elmorejohn46 CPU's and Motherboards 13 December 3, 2012 09:47 PM
hole in eyes CTA Off Topic 3 January 2, 2011 06:29 PM
Hole in a Rad martin_metal_88 Water Cooling 31 May 27, 2010 03:31 AM
Hole in antistatic bag SuperFriedFish Troubleshooting 11 August 5, 2008 06:06 PM
Hole Saw Question miggs78 Cases 11 July 14, 2008 04:37 PM