Pi Hole with a few good block lists…
Also using this on the go through VPN
Same.
Same. Wireguard is a beautiful thing.
Which VPN service? I normally use Tailscale with the Pi as an exit node, but I’d like to have simultaneous VPN connection
I think people just use wireguard for this. And pivpn.
Interesting. I’ll have to look into PiVPN. Thanks!
Same here. Wireguard.
Which block lists?
Out of the box, pihole has a few block lists already set up. Those are pretty good already.
To add more, you can find some good block list collections online. No need to add them all. Pick a good handful, depending on the category of stuff you want to block. Here are some helpful links:
https://github.com/lightswitch05/hosts
… Once you got a few block lists set up, you’ll probably want to whitelist some things specifically, that are otherwise caught up in the filter. This is a super helpful resource for that:
https://discourse.pi-hole.net/t/commonly-whitelisted-domains/212
There’s a script on github (don’t have the link right now) for an automated whitelist. I was expecting it to break some things or end up useless, but it was the perfect addition for me Edit: https://github.com/anudeepND/whitelist
Yup. Another piHole user.
Adguard Home. I find it to be more feature complete, compared to Pi-Hole. Nicer GUI, more options, built in DNS-over-HTTPS/TLS, better client controls & detection, more domain information, better domain list blocking, and so on.
I moved from NextDNS, to Adguard Home. All self hosted, and accessed with a reverse proxy.
Same, used NextDNS and Pi-Hole then move to AdGuard Home til today.
Built-in (DoH, DoT,…) servers are useful and simple to setup with client identification.Are you guys not concerned about losing complete access to the internet if something drops on your server?
I realise these will be very rare cases, but shit happens sometimes, and always seems to happen at the worst possible moments.
What’s your recovery plan?
Edit to add that this is the reason I’m on nextdns… Make it someone else’s problem
You do have two DNS options on most devices. A Primary and a Secondary. If you’re worried about your primary’s stability/reliability, put a different dns as your secondary that you trust.
It’s not hard to setup a pi as a backup DNS on your local network, but how I’ve setup a few friends who have limited hardware is to have the primary DNS as the local adguard and the secondary DNS as adguards public adblock DNS
That way if the local falls over, you still get some as ad blocking from their public one. If your setup allows it, they also have a public doh and dot encrypted dns for a bit of privacy
Not really. I maintain backups (one local, one offsite, one snapshotted and stored on a flash drive I carry around with me) of everything at home, including my OpenWRT devices and the configuration of my Pi-Hole. The Pi-Hole is running on an SBC so I also periodically take local images of it with dd in case I need to write a new microSD card and boot it up. I’m not the only one at home that relies on a net.connection every day, so I have to take other folks into account for resilience.
NextDNS
Why?
I was able to test it out first without having to create an account and I liked it. It has simple Ad/Tracking blocklists and supports both DoT and DoH. Also it has rewrites (like
/etc/hosts
).For me, Nextdns. It’s mostly because I can choose which list is used by the dns blocking. If adguard has a lost blocking what I use, I can’t do anything about it. Or maybe like allow a lot of domains.
Using the Hagezi pro++ list currently and it works damn well without any issues for me.
Also, there is a free way to use it (not sure about adguard).
Adguard home for everything
nextdns is the most performant option I’ve used. it often beats our cloudflare even. adguard wasn’t bad but it was a bit more cumbersome and very slow.
I don’t like recommending self hosting as opening ports on a private network isn’t a great idea. you could use something like cloudflare or tailscale to bridge access but you’ll run into issues with network speeds.
opening ports on a private network is fine as long as you exercise a sane amount of security measures.
most people don’t nor do the aforementioned measures have substantial documentation that is easily accessible by the average user.
they aren’t even meant for enthusiasts but rather, in industry professionals
enthusiasts become industry professionals.
And if substantial documentation were the only thing that kept networks from security and absolute anarchy, then all of the internet would be lost.
It’s not documentation, nor is it absolute knowledge that brings someone to understand a sane amount of security. But also trial and error.
One of the most important first rules of security is, start testing in applications that pose the least amount of risk.
If you’re looking into hosting your own DNS server, you’ve already proven you understand a lot more than the average user does about networking in general.
Pi-hole for my home network. NextDNS on my phone.
Can I run pihole on the same Pi that’s already running Octoprint?
Sure! If you’ve got that pi on all the time. I previously did that and it worked well. My current setup is multiple pi’s though, cause the octo pi is switched off with the printer now…
Yes, I leave it running all the time. So do I just install PiHole as a package on the server and then connect to it to configure?
I had it setup using docker at the time. Both pihole and octoprint as individual containers…
But I assume you should be able to just install and run the package locally on the octopi distro.
Only thing you might need to change is the configuration for which port the pi-hole web server (UI) will be running on. Because octoprint already uses Port 80 by default, you might have to assign another port for the pi-hole service. (I believe it also defaults to 80. That would crash because it can’t bind to the same port). That should be a pretty simple config change though.
Just did a quick Google… There are some resources and tutorials online of people doing exactly that. Take a look!
Thanks, guys! I’ll set this up soon.
I just use ublock origin
NextDNS. Easy, free, and effective.
Adguard home with a few extra lists and custom rules. Just got the sync tool set up to auto replicate changes from one to another so no more copy/paste to a secondary. Great when I need to restart a VM and don’t want to take out the internet while it reboots.
Used pihole some while back but the feature list was tiny by comparison, though it was a good while back so probably unfair to compare.
Also ran with pfBlocker for a while, nice to have it right on the gateway but found it a bit opaque and lacking customization for my needs.
nextds, feels almost like a pihole but unnecessarily crippled in some ways, which don’t really matter to me.
What about Mullwad dns
NextDNS because I benefit from it on my phone even when I’m not at home.
Adguard home for everyone in the house. Externally I just use ublock Origin and Cloudflare’s DoH.
Adblock origin???
uGuard Plus
Oops, I meant ublock origin. I apparently can’t do two things at once. ha
NextDNS. Several years now. It’s absolutely brilliant.
I roll my own. I created a Docker image that periodically downloads tons of blocklists, smashes them into an Unbound configuration file then runs Unbound with TLS enabled.
On my iPhone and macOS devices I just connect to the encrypted service using
.mobileconfig
files to apply it system-wide. My home router also uses it as an upstream server (again with TLS) so all connected clients benefit from it as well.