Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3
327 posts

Ultimate Geek
+1 received by user: 77


  Reply # 2096687 26-Sep-2018 11:16
Send private message quote this post

gbwelly:

 

vulcannz:

 

That is incorrect. SSL encrypts the entire session, including the URL and host name.

 

 

Hey Mark, I know that you know your stuff, but you have the wrong end of the stick on how the Pi-hole blocks adverts. It doesn't care about protocols, it's a DNS based blocker. To fetch an advert the client must resolve the name of the server hosting the advert. This is the point where the Pi-hole returns nxdomain to the client.

 

 

 

 

Ahhh ok gotcha! 


716 posts

Ultimate Geek
+1 received by user: 293

Subscriber

  Reply # 2097017 26-Sep-2018 18:14
Send private message quote this post

timmmay: Ad block plugin can deal with first party ads. Fortunately there aren't a huge number of those.


Grrrr YouTube on Android TV mutter mutter.







IcI

806 posts

Ultimate Geek
+1 received by user: 172

Trusted

Reply # 2097133 26-Sep-2018 22:13
Send private message quote this post

gbwelly: Grrrr YouTube on Android TV mutter mutter.

 

PieHole success

 

 

 


Meow
8004 posts

Uber Geek
+1 received by user: 4003

Moderator
Trusted
Lifetime subscriber

  Reply # 2097148 26-Sep-2018 22:40
2 people support this post
Send private message quote this post

Just thought I'd mention something.

 

I personally, like you guys run Pi-Hole but there are also some sites that are very reliant from ad revenue to stay up. As you can't whitelist sites with Pi-Hole then flicking a few dollars to sites and content creators every now and then is a good thing to do. I personally donate to content creators on platforms like YouTube directly and donate to sites that I often use - it is a way of showing my appreciation for their work as otherwise they make no revenue from me.

 

Just remember that. Not saying you have to, but a donation does mean quite a bit as earning money by other means when everyone uses ad blockers is becoming harder each day and equipment costs money to do these things.

 

Also, I see a number of you are not subscribers and admitted to using Pi-Hole. If you get value from Geekzone then it is worth subscribing (https://www.geekzone.co.nz/subscribe.asp). Not only does it make the site load faster (as many scripts are not sent to your browser), you're supporting everyone who volunteers their time on here such as myself by doing your part to keep the site alive.





327 posts

Ultimate Geek
+1 received by user: 77


  Reply # 2098053 28-Sep-2018 10:49
Send private message quote this post

Whitelisting sites doesn't really work, as the advertisements are typically not hosted on that site. If the ad was hosted on geekzone itself then it doesn't get blocked. Most people block advertising as it becomes quite intrusive, sometimes loading stuff you don't want running (like cryptominers). Some advertising companies simply cannot behave themselves and cannot be trusted. And there are many examples of advertising being used to deliver malware.

 

I know it doesn't help, but I think advertising needs to change the way it operates. Smaller sites should consider hosting locally rather than embedded off-site methods. That way websites can earn revenue, and users can trust/expect websites to not deliver some of the terrible advertising behaviour we see these days.


BDFL - Memuneh
61479 posts

Uber Geek
+1 received by user: 12205

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 2098066 28-Sep-2018 11:22
Send private message quote this post

vulcannz:

 

I know it doesn't help, but I think advertising needs to change the way it operates. Smaller sites should consider hosting locally rather than embedded off-site methods. That way websites can earn revenue, and users can trust/expect websites to not deliver some of the terrible advertising behaviour we see these days.

 

 

Small sites don't have time or people to go out and sell ad space, hence solutions like ad exchanges or Google AdSense being popular. I don't have a sales team to go hunting for ad buyers to then host on my domains. 

 

A valid alternative is subscription but it seems some people are great at saying they would support but then don't. 







14204 posts

Uber Geek
+1 received by user: 2567

Trusted
Subscriber

  Reply # 2098072 28-Sep-2018 11:39
2 people support this post
Send private message quote this post

I'm a subscriber here because it's a great site I find really useful. I pay for any site I use regularly and find useful.

 

I block ads largely because they're intrusive, but also because they slow page loads. My wife plays an online game of soduku, the whole page flashes around the game and is super distracting.

 

This thread was really meant to be a technical one about the best way to implement the Pi Hole. Let's not take it too far off topic.

 

I've found that my original model of putting the Pi Hole into the DNS servers of the router doesn't work. If it goes down at all the Fritzbox switches to secondary DNS and as far as I can tell, never switches back. So I'm having DHCP hand out the Pi Hole IP to all clients directly. This gives better stats too.

 

Right now around 25% of domains are blocked, yet every website I regularly use works just fine.





AWS Certified Solution Architect Professional, Sysop Administrator Associate, and Developer Associate
TOGAF certified enterprise architect
Professional photographer


BDFL - Memuneh
61479 posts

Uber Geek
+1 received by user: 12205

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 2098075 28-Sep-2018 11:52
One person supports this post
Send private message quote this post
'That VDSL Cat'
8875 posts

Uber Geek
+1 received by user: 1937

Trusted
Spark
Subscriber

  Reply # 2098077 28-Sep-2018 11:58
Send private message quote this post

Does pihole flag the geekzone adblock detector?





#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.


mdf

1990 posts

Uber Geek
+1 received by user: 588

Trusted
Subscriber

  Reply # 2098082 28-Sep-2018 12:10
Send private message quote this post

Just my two cents in terms of PiHole backstops:

 

I've got several separate VLANs + SSIDs set up using an EdgeRouter and WAPs. The primary network uses the ISP DNS servers without PiHole/network ad blocking. The kids' network uses PiHole to filter out the ads and other junk on the flash shovelware games they insist on playing (I haven't won that fight yet). I try and support content creators as best I can, but don't lose any sleep over keeping advertising off the kids' network (they don't have any money to spend anyway). If PiHole goes down, Mrs MDF is perfectly happy switching wifi networks until I am able to sort it out.

 

I've not used a fritzbox, but I'm guessing from context you can't assign separate DNS servers to VLANS/wifi networks. So entirely unhelpful for the OP's initial query, but if anyone else is looking for a solution, this works well for me.

 

As an aside, I've struggled to make PiHole work for parental controls if anyone is thinking about it from that perspective. Enforcing safe search works, but from memory, [naughtywebsite].com is caught, but www.[naughtywebsite] .com sails through (or maybe vice versa?). I gave up trying to figure this out and just set the PiHole's upstream DNS server to cleanbrowsing.org.

 

EDIT: Whoops. Fixing cleanbrowsing.org


4297 posts

Uber Geek
+1 received by user: 83

Moderator
Trusted
Lifetime subscriber

  Reply # 2098085 28-Sep-2018 12:15
One person supports this post
Send private message quote this post

I have not tested it, but I assume you have tried the wildcard blocking feature of the domains you wish to block?


2016 posts

Uber Geek
+1 received by user: 772

Trusted

  Reply # 2098193 28-Sep-2018 14:30
Send private message quote this post

vulcannz:

 

That is incorrect. SSL encrypts the entire session, including the URL and host name. All anything in between can see is the IP addresses and ports.

 

 

Wikipedia Link - Server Name Indication (SNI) is an extension to the TLS computer networking protocol[1] by which a client indicates which hostname it is attempting to connect to at the start of the handshaking process. This allows a server to present multiple certificates on the same IP address and TCP port number and hence allows multiple secure (HTTPS) websites (or any other service over TLS) to be served by the same IP address without requiring all those sites to use the same certificate. It is the conceptual equivalent to HTTP/1.1 name-based virtual hosting, but for HTTPS. The desired hostname is not encrypted,[2] so an eavesdropper can see which site is being requested.

 

There was a lot of discussion and a paper about fixing this in TLS1.3, but I don't think it was changed.

 

 

 

I have a PiHole at home, running as a LXC Container.  It's the only DNS server I give to my hosts.  Also Android and Chromecast will often try to use 8.8.8.8/8.8.4.4 regardless of what they're told via DHCP, I had to block all other DNS in my firewall to force these devices to talk to the PiHole.


defiant
664 posts

Ultimate Geek
+1 received by user: 309

Lifetime subscriber

  Reply # 2098199 28-Sep-2018 14:38
One person supports this post
Send private message quote this post

muppet:

 

vulcannz:

 

That is incorrect. SSL encrypts the entire session, including the URL and host name. All anything in between can see is the IP addresses and ports.

 

 

Wikipedia Link - Server Name Indication (SNI) is an extension to the TLS computer networking protocol[1] by which a client indicates which hostname it is attempting to connect to at the start of the handshaking process. This allows a server to present multiple certificates on the same IP address and TCP port number and hence allows multiple secure (HTTPS) websites (or any other service over TLS) to be served by the same IP address without requiring all those sites to use the same certificate. It is the conceptual equivalent to HTTP/1.1 name-based virtual hosting, but for HTTPS. The desired hostname is not encrypted,[2] so an eavesdropper can see which site is being requested.

 

There was a lot of discussion and a paper about fixing this in TLS1.3, but I don't think it was changed.

 

 

 

I have a PiHole at home, running as a LXC Container.  It's the only DNS server I give to my hosts.  Also Android and Chromecast will often try to use 8.8.8.8/8.8.4.4 regardless of what they're told via DHCP, I had to block all other DNS in my firewall to force these devices to talk to the PiHole.

 

 

Don't know if you've seen the Cloudflare birthday week posts, but they're creating a new rfc (?) for encrypted SNI aka ESNI https://blog.cloudflare.com/esni/

 

Only Firefox has/will have support for ESNI at this stage, but quite interesting


2016 posts

Uber Geek
+1 received by user: 772

Trusted

  Reply # 2098200 28-Sep-2018 14:40
Send private message quote this post

dfnt:

 

Don't know if you've seen the Cloudflare birthday week posts, but they're creating a new rfc (?) for encrypted SNI aka ESNI https://blog.cloudflare.com/esni/

 

Only Firefox has/will have support for ESNI at this stage, but quite interesting

 

 

I had not, thank you.  This is great to see, be nice to see this hole closed up.




14204 posts

Uber Geek
+1 received by user: 2567

Trusted
Subscriber

  Reply # 2098203 28-Sep-2018 14:43
Send private message quote this post

Has anyone tried running Pi Hole alongside Kodi? It's meant to be compatible.

 

I have OpenElec, a Kodi distribution, running on a R.Pi2. It's currently only coming on with the TV, but it's on Ethernet, has a good quality power supply, is mounted well, and has good cooling. It would be more efficient to put Pi Hole on that than to run a second Pi.

 

Are there any downsides? There might be an occasional restart of the Pi2 if Kodi locks up. I guess there could be a software conflict.

 

I can use Win32DiskImager to backup Kodi and try this.





AWS Certified Solution Architect Professional, Sysop Administrator Associate, and Developer Associate
TOGAF certified enterprise architect
Professional photographer


1 | 2 | 3
View this topic in a long page with up to 500 replies per page Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.