Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3
870 posts

Ultimate Geek

Subscriber

  # 2346939 31-Oct-2019 19:38
Send private message quote this post

JeremyNzl:

No ads on youtube or tvnz, haven't tried FB yet. 


<

The parallel upstread dns looks good also.




Do you know if it blocks ads on YouTube for android tv? Can you configure your own dis forwarder? I chain mine off getflix so I get ad blocking and BBC iPlayer on my Nvidia Shield.







113 posts

Master Geek


  # 2346943 31-Oct-2019 19:51
Send private message quote this post

If you go for the Pi 4 (which is probably overkill for just this one application) then I highly recommend you purchase a heat sink and fan. You will also need to make 100% sure you get a power supply that can consistently supply enough power, otherwise it will undervolt and that will just cause issues. The official one is a good choice.


 
 
 
 


786 posts

Ultimate Geek


  # 2346951 31-Oct-2019 20:16
Send private message quote this post

gbwelly:
JeremyNzl:

 

No ads on youtube or tvnz, haven't tried FB yet. 

 


<

 

The parallel upstread dns looks good also.

 




Do you know if it blocks ads on YouTube for android tv? Can you configure your own dis forwarder? I chain mine off getflix so I get ad blocking and BBC iPlayer on my Nvidia Shield.

 

No it does not block ads within YouTube.

 

Yes you can use whatever DNS upstream you like - I use Getflix too.

 

 

 

With regards to some comments about some google links not working that is true - although it depends on the blocklists you choose (start with the default ones though!).  I've whitelisted a couple of domains to get around that.  Happy to share my whitelist if people want it. Most of the entries come from Origin though (so my daughter can play The Sims).


470 posts

Ultimate Geek

Subscriber

  # 2347001 31-Oct-2019 23:26
Send private message quote this post

Another alternative for folks running pfsense is a package called Pfblocker-ng, it basically applies a set of blocklists to pfsense's internal unbound DNS server. It's a little more complex to set up, but IMO is a more elegant solution than having your DNS server, an essential part of your network infra, sitting on a raspberry pi dangling off a power cable.




553 posts

Ultimate Geek


  # 2347064 1-Nov-2019 09:17
Send private message quote this post

Thanks for the feedback guys.

 

 

 

I can appreciate looking at just Pi-hole, there is no real need to go for a Pi 4 other than "shiny, new, cause I want to". I like the idea that I can re-use it for something else home-automation-ee later on if I go the way of unraid etc later on and move it to a container. Or go pfsense with the Pfblocker-ng, thanks @ripdog. Or just lose it all together for something else, you get the picture here.

 

I'm not a huge fan of second-hand, history unknown hardware, especially from something designed for people to be tinkering with. And for something performing a critical function like Pi-hole, I would rather just have brand new hardware anyway, since the cost difference isn't extravagant. I think I would probably stick to something like a Pi Zero, which works out to about $50-60 shipped here for a starter kit.

 

It is only me and my partner in my household, so I am fine running the entire network though it (and my partner is used to my tinkering breaking the internet now), as one thing I want to try to accomplish is also capture "chatty" devices trying to bypass the network DNS. 

 

One thing I have been thinking would make it worth getting a Pi 4 is the ability to host more things than just Pi-hole. I don't know how smart it would be to run anything else off the same box, but if there were other functions that it could also host, would be nice to have that option.

 

Looking at Adguard vs Pi-hole, it seems like Ad-guard is forcing you to use its own lists and upstream DNS, so I'm not sure I like the lack of configurability there. Effectively I am going to be using Cloudflare anyway, since I want to use DoH, but if local DNS providers implement it, it would be nice to have that control.


15558 posts

Uber Geek

Trusted
Subscriber

  # 2347098 1-Nov-2019 10:09
Send private message quote this post

I run pi-hole on the original Raspberry Pi powered from the Fritzbox USB port, it works perfectly. I'd suggest you go second hand Pi 2, you really don't need a Pi 4 for this.

 

AdGuard looks interesting. Can people who've tried it expand a bit more on how they find it? Pi Hole is good, and I haven't had any problems with it at all, and I like that if I want to I can use it as a DCHP server and configure DNSMasq to allocate different DNS servers to each client. The downside to configuration is complexity. You use multiple external block lists, and on the rare occasion a website doesn't work properly it's not always clear how to fix it. I guess an advantage of AdGuard is it's a single consistent product. If you have to use their upstream DNS then it's a no-go for me.


786 posts

Ultimate Geek


  # 2347101 1-Nov-2019 10:16
2 people support this post
Send private message quote this post

ShinyChrome:

 

One thing I have been thinking would make it worth getting a Pi 4 is the ability to host more things than just Pi-hole. I don't know how smart it would be to run anything else off the same box, but if there were other functions that it could also host, would be nice to have that option.

 

 

I also use my Pi (that runs PiHole) as a VPN server too. So yep you can run more than one thing on it for sure. I only ever see CPU usage when I update the OS!  The biggest drawback I've found, and its not a huge one, is that ARM and the fact Raspbian is 32bit can be a bit limiting in that some software just isnt supported on it. Thats changing and improving daily (especially now there's a 64bit kernel from the Raspberry Pi Foundation).  I worked around it by running Ubuntu 64bit on it.

 

Saw some other comments about not running critical services/applications on a Pi. Find those comments a bit weird. Ive found the Pi to be as every bit as robust as every other computer equipment.  Yep it'll fail at some point and so will my router and my PC etc.  If it does, I can replace it quickly and very easily. Easier than other things! And they're cheap enough you can have a couple if you really want.  They're good little computers.


 
 
 
 


15558 posts

Uber Geek

Trusted
Subscriber

  # 2347106 1-Nov-2019 10:31
Send private message quote this post

AdGuard depends on their DNS service, which rules it out for me.

 

I've also found the R.Pi1 reliable. It sits in a fairly warm cupboard with the router and DC UPS and just works. When it fails I will log into the router and change DNS back to the ISP default while I fix or replace the Pi.

 

Some things you want to do with a Pi, such as running Kodi, are best on a dedicated Pi. Other things like running a VPN may be able to be shared, but if the VPN is outwards rather than inwards that might disrupt your DNS for example.




553 posts

Ultimate Geek


  # 2347173 1-Nov-2019 15:08
Send private message quote this post

Running two Zeros with Pi-hole could be a good idea to manage those sensitive to an overzealous filter, while still keeping Pi-hole's benefits

 

 

Some folks (this is what I do), have two very different pihole setups running, and just hand out one "safe / default list" with their router automatically as a DNS to generic devices & guests...My second pihole is much, much more aggressively setup (more block lists loaded, and a pile domains that I've hand blocked for one reason or another) that is only issued intentionally to specific devices. The idea here is that if grandma visits she'll complain if farmville doesn't work VS "No, there is not a single Facebook (or Microsoft, or Google, or whomever you'd like to not scrape the living s*** out of your privacy, or whatever reason) domain in existence that needs to resolve to an external address from this set of devices. Not now. Not ever." That power exists within the user's hands.

 


517 posts

Ultimate Geek


  # 2347548 2-Nov-2019 11:33
One person supports this post
Send private message quote this post

timmmay:

 

AdGuard depends on their DNS service, which rules it out for me.

 

I've also found the R.Pi1 reliable. It sits in a fairly warm cupboard with the router and DC UPS and just works. When it fails I will log into the router and change DNS back to the ISP default while I fix or replace the Pi.

 

Some things you want to do with a Pi, such as running Kodi, are best on a dedicated Pi. Other things like running a VPN may be able to be shared, but if the VPN is outwards rather than inwards that might disrupt your DNS for example.

 

 

You can specify the DNS. If you chose not to it will use cloudfare.

 

 

 

 

 


15558 posts

Uber Geek

Trusted
Subscriber

  # 2347659 2-Nov-2019 19:24
Send private message quote this post

Thanks @shrub :) Might be worth looking into some time, but for now Pi Hole is working fine.


190 posts

Master Geek


  # 2347684 2-Nov-2019 23:16
One person supports this post
Send private message quote this post

With all the comments around reliability, I thought I'd share my experiences with PiHole on a Pi. Now I just had to have an over engineered, dual-redundant PiHole setup at home. I ended up running PiHole on a VM, but also a backup copy on an old Pi.

 

They use keepalived to share a virtual IP address (which DHCP on the router tells all devices to use for DNS queries).

 

If the VM goes down for any reason, the Pi picks up the virtual IP within around 3 seconds. Keepalived is great, the virtual IP runs automatically on the highest priority device that is up & took about 3 lines of config. Downtime is a little longer when going back to the VM, just shy of 10 seconds.

 

Although I have dual redundancy, the only outages have ever been due to my routine shutdown of VMs to take snapshots or do major OS updates to my VM host. The Pi is really solid. I use a POE extractor to power it from my network switch and I've yet to see it crash in the 6 months I've had it running PiHole.

 

I'll be trying out AdGuard tomorrow though, it sounds even better.


289 posts

Ultimate Geek

Subscriber

  # 2347685 2-Nov-2019 23:21
Send private message quote this post

RmACK:

 

With all the comments around reliability, I thought I'd share my experiences with PiHole on a Pi. Now I just had to have an over engineered, dual-redundant PiHole setup at home. I ended up running PiHole on a VM, but also a backup copy on an old Pi.

 

They use keepalived to share a virtual IP address (which DHCP on the router tells all devices to use for DNS queries).

 

If the VM goes down for any reason, the Pi picks up the virtual IP within around 3 seconds. Keepalived is great, the virtual IP runs automatically on the highest priority device that is up & took about 3 lines of config. Downtime is a little longer when going back to the VM, just shy of 10 seconds.

 

Although I have dual redundancy, the only outages have ever been due to my routine shutdown of VMs to take snapshots or do major OS updates to my VM host. The Pi is really solid. I use a POE extractor to power it from my network switch and I've yet to see it crash in the 6 months I've had it running PiHole.

 

I'll be trying out AdGuard tomorrow though, it sounds even better.

 

 

 

 

Do you have a how to on the virtual ip. Sounds like a great setup,

 

 


190 posts

Master Geek


  # 2347687 2-Nov-2019 23:45
2 people support this post
Send private message quote this post

JeremyNzl:

 

Do you have a how to on the virtual ip. Sounds like a great setup,

 

 

Sure, first install keepalived with apt-get, then edit /etc/keepalived/keepalived.conf and restart keepalived.

 

  • Higher number for higher priority: I use 150 on the VM, 100 on the Pi.
  • Note Ubuntu and Pi have differing interface names.
  • Substitute a random string for the password, use same on all devices
  • Your virtual IP should be within your usual subnet but reserved or outside your DHCP range so that it isn't used anywhere else.
  • Set your DHCP server to hand out the virtual IP as the DNS server for all clients.
  • ALL services work transparently through the virtual IP as if they hit the normal adapter IP, including SSH - this can be very confusing, so don't use the virtual IP for administering your PiHoles!
  • There isn't an easy way to sync PiHole configs. When I whitelist something, I do it on both, it's pretty rare. And yes stats will be screwed up but who cares, 99.9% of the time will be on primary right?

Here is my config file.  Priority and interface name are the only lines that differ between the VM & Pi.

 

! Configuration File for keepalived

 

vrrp_instance VI_1 {

 

    state MASTER

 

    interface enp0s3

 

    virtual_router_id 51

 

    priority 150

 

    advert_int 1

 

    authentication {

 

        auth_type PASS

 

        auth_pass <PASSWORD HERE!>

 

    }

 

    virtual_ipaddress {

 

        192.168.0.1

 

    }

 

}

 

And if you have UFW enabled, add the following to /etc/ufw/before.rules:

 

# Allow keepalived Multicast

 

-A ufw-before-input -p igmp -d 224.0.0.0/4 -j ACCEPT

 

-A ufw-before-output -p igmp -d 224.0.0.0/4 -j ACCEPT

 

# Allow broadcasts from peer machines' SRC_IP:

 

ufw allow from SRC_IP to 224.0.0.18


15558 posts

Uber Geek

Trusted
Subscriber

  # 2347692 3-Nov-2019 06:32
One person supports this post
Send private message quote this post

RmACK:

 

I'll be trying out AdGuard tomorrow though, it sounds even better.

 

 

Please share with your impressions of AdGuard once you give it a go :)


1 | 2 | 3
View this topic in a long page with up to 500 replies per page Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Ring launches indoor-only security camera
Posted 23-Jan-2020 17:26


New report findings will help schools implement the digital technologies curriculum content
Posted 23-Jan-2020 17:25


N4L to upgrade & support wireless internet inside schools
Posted 23-Jan-2020 17:22


Netflix releases 21 Studio Ghibli works
Posted 22-Jan-2020 11:42


Vodafone integrates eSIM into device and wearable roadmap
Posted 17-Jan-2020 09:45


Do you need this camera app? Group investigates privacy implications
Posted 16-Jan-2020 03:30


JBL launches headphones range designed for gaming
Posted 13-Jan-2020 09:59


Withings introduces ScanWatch wearable combining ECG and sleep apnea detection
Posted 9-Jan-2020 18:34


NZ Police releases public app
Posted 8-Jan-2020 11:43


Suunto 7 combine sports and smart features on new smartwatch generation
Posted 7-Jan-2020 16:06


Intel brings innovation with technology spanning the cloud, network, edge and PC
Posted 7-Jan-2020 15:54


AMD announces high performance desktop and ultrathin laptop processors
Posted 7-Jan-2020 15:42


AMD unveils four new desktop and mobile GPUs including AMD Radeon RX 5600
Posted 7-Jan-2020 15:32


Consolidation in video streaming market with Spark selling Lightbox to Sky
Posted 19-Dec-2019 09:09


Intel introduces cryogenic control chip to enable quantum computers
Posted 10-Dec-2019 21:32



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.