1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Setting up Pi-hole

Discussion in 'Linux & Open Source' started by NoNameNoNumber, 5 Nov 2016.

  1. TangoEchoAlpha

    Wise Guy

    Joined: 13 Jun 2016

    Posts: 1,115

    Location: UK

    Excellent :) I upgraded my Unraid parity drive recently and at the moment it's mid-way through the copy of the old parity, but once that's done I'll take a look :)
     
  2. nst68

    Wise Guy

    Joined: 7 Jul 2003

    Posts: 1,449

    Location: Chelmsford

    I've changed to just use the https://dbl.oisd.nl/ list.

    It's been running for a couple of days and is now blocking 10.8%, previously using various lists it was around 20-25%.

    What rates are others getting?
     
  3. Rainmaker

    Sgarrista

    Joined: 18 Aug 2007

    Posts: 8,795

    Location: Liverpool

    The rates are pretty meaningless. Depending on who's home and what gets done in any given day, my home network pushes through anything between 50,000 and 75,000 queries per 24h. My block rate with OISD used to hover between 15% to 20% most days, but it obviously depends on what traffic/sites/domains your users are visiting in any given day... Some days there'll be a lot of blocks, when people are on social media a lot and browsing the Daily Fail (just kidding, noobs who read the DF aren't allowed on my network :p). Other days they're mostly watching Netflix and playing games, and the block rate will be commensurately low.

    [​IMG]

    Since AdGuard Home now handles my DHCP as well as DNS - and as such enables local client resolution - a good chunk of my queries are now local lookups (1.0.0.10.in-addr.arpa type searches). Those lookups would never be blocked, but thousands are made every day. That skews the 'blocked' percentage down quite a bit. Filtering those out the block percentage is around 15% to 20%, but on quieter days (where people are mostly gaming and using educational apps or working, versus actual browsing) it can be as low as 5%.

    [​IMG]

    The more valuable metric is 'Are users noticing ads and annoyances creeping through, or do the logs show allowed lookups to undesirable domains?'. With OISD, things like gambling, porn, warez etc are not blocked by design. Trackers, ad networks, malicious IPs and so on are. You'll never see the massive block rates you do on the less curated lists, which tend to be millions of lines long and have a 'block everything, worry about false positives later/never' approach. That said, reading the logs you'll never see undesirable stuff being allowed, either - which is what really matters.
     
  4. Robert

    Capodecina

    Joined: 20 Oct 2002

    Posts: 15,345

    Location: North West

    What lists do you use?
     
  5. bloodiedathame

    Sgarrista

    Joined: 11 May 2007

    Posts: 8,216

    Location: Surrey

    Any ideas how I can solve this?

    I use a couple of Huawei AX3s for the majority of my network (everything wireless and a couple of wired connections), but every client connected via these falls under one client in pihole, so I can't see what devices are accessing and blocking sites. Is there any way to separate the clients out?
     
  6. Spleen Sauce

    Wise Guy

    Joined: 16 Jan 2005

    Posts: 1,533

    Location: UK

    What are the DNS servers of your clients configured as currently? If they were set to the Piholes I can't see a reason why they wouldn't appear as individual clients, sounds like they are set to the AX3s somehow.
     
  7. bloodiedathame

    Sgarrista

    Joined: 11 May 2007

    Posts: 8,216

    Location: Surrey

    Maybe that's what it is then, the devices must be using the AX3 as the DNS, and the AX3 is using the pihole as its DNS.

    Just noticed that the DHCP was turned on on the AX3. Turned that off as pihole should be doing that.
     
  8. Spleen Sauce

    Wise Guy

    Joined: 16 Jan 2005

    Posts: 1,533

    Location: UK

    That would be my guess. What's doing DHCP for your clients?
     
  9. Rainmaker

    Sgarrista

    Joined: 18 Aug 2007

    Posts: 8,795

    Location: Liverpool

    OISD.nl and my own custom list in ABP format (works in AdGuard Home but I don't think PiHole is capable of using them).
     
  10. bloodiedathame

    Sgarrista

    Joined: 11 May 2007

    Posts: 8,216

    Location: Surrey

    Looks like DHCP was on by default on the AX3. Pihole has DCHP enabled (plusnet modem DHCP off)).
     
  11. bloodiedathame

    Sgarrista

    Joined: 11 May 2007

    Posts: 8,216

    Location: Surrey

    Turned that off and all the clients have dropped off and I can't access the AX3 now. Doh! Hard reset time.

    Had to go in and setup the AX3 in Bridge mode. Seems to all be working now.
     
    Last edited: 10 Jun 2021
  12. Robert

    Capodecina

    Joined: 20 Oct 2002

    Posts: 15,345

    Location: North West

    hmm, I have an issue. I’ve setup adguard home in docker on my synology. If I manually add the address to devices, it works fine however when I add the adguard address to my ASUS router, my internet dies. I can see the router did connect to adguard and processed 14 requests, then stopped. Could I have hit a device limit? I had connected three devices before the router (to test).
     
  13. maj

    Wise Guy

    Joined: 19 Jul 2010

    Posts: 2,443

    Location: Newcastle

    I must be doing something wrong somewhere. At the moment I've got DHCP enabled on the router and DNS on the router configured as pihole IP. As per pihole guidance I've also configured conditional forwarding to be my router since pihole isn't acting as DHCP. This is creating a situation where my PC which I've manually assigned an IP and pihole as DNS, is just being named via it's IP address in logs and my mobile phone which is set to DHCP is coming through to pihole as the router.

    If I turn off DHCP on router, turn on DHCP in pihole and disable conditional forwarding, the router stops being classed as a client but I still only get clients showing as IP address and not hostname.
     
  14. Rainmaker

    Sgarrista

    Joined: 18 Aug 2007

    Posts: 8,795

    Location: Liverpool

    More info required please. What's the subnet of your LAN, and what's the subnet for your Docker instance running AGH? Is DHCP being handled by the router still, or by AGH? If your LAN subnet is 192.168.1.0/24, your Docker machine (NAS) itself has 192.168.1.5, and your Docker AGH subnet is 172.16.0.0/24 then you should be using 192.168.1.5 for the DNS address. Make sure there are no firewalls in the way, including allowing access on the NAS too; for ports 53, 80, 443, 784, 853 - UDP and TCP.

    Make sure AGH is set to listen on 0.0.0.0 (not a particular IP) and ensure the access controls aren't in use, or if they are that all relevant subnets are allowed - for example 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,127.0.0.0/24.

    There are no device limits, or indeed limits of any kind (unless you configure them yourself). How are you adding the DNS to the Asus router? Are you listing it as the router's upstream DNS, or are you setting it as the DNS to be handed out by DHCP?
     
  15. Robert

    Capodecina

    Joined: 20 Oct 2002

    Posts: 15,345

    Location: North West

    LAN is 192.168.1.0 - synology nas is .222 - the docker container is set to use host address, I used this config for pihole and it worked fine. It’s set to listen on all interfaces.

    as I said, weird that if I set my pc to .222 it works fine, but adding the dns entries to the asus and my router just loses its internet connection. I just add them as server 1 and 2 as I usually would.

    cheers :)
     
  16. Armageus

    Don

    Joined: 19 May 2012

    Posts: 12,693

    Location: Spalding, Lincolnshire

    Docker on Synology seemed to be a nightmare when I looked - Synology services bind to a few common ports that you would want to use in docker.

    Personally you'd be better off creating a VM on the Synology and then hosting docker in that
     
  17. Rainmaker

    Sgarrista

    Joined: 18 Aug 2007

    Posts: 8,795

    Location: Liverpool

    If other LAN clients are working, then ports being in use elsewhere (eg system applications) shouldn't be a consideration. Only the router is having trouble connecting.

    @Robert it sounds like you've done everything right. Have you double checked the Synology firewall to ensure the above listed ports (my previous post) are allowed? Have you checked that nothing else is installed (eg Synology DNS) that's competing for access to the port just in case as Armageus said? Post up your Docker Compose (or your run cmd) just in case.

    Here's mine:

    Code:
    version: "2.1"
    services:
      adguardhome:
        image: adguard/adguardhome:latest
        container_name: adguardhome
        network_mode: "host"
        restart: unless-stopped
        environment:
          - PUID=1033
          - PGID=100
          - PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
          - ARCH=x86_64
          - ALPINE_REL=edge
          - DOCKER_REPO=multiarch/alpine
          - ALPINE_MIRROR=https://uk.alpinelinux.org/alpine
          - TZ=Europe/London
        volumes:
          - /volume1/docker/adguardhome/conf/:/opt/adguardhome/conf
          - /volume1/docker/adguardhome/work:/opt/adguardhome/work
          - /volume1/docker/letsencrypt/oursecure.network:/LetsEncrypt:ro
    Just to check, you did set up the PUID and PGID correctly? Mine are a dedicated Docker user with privs as needed. AdGuard Home shouldn't need root or anything though, just host network access, which you say you've set.
     
  18. Avathar77

    Mobster

    Joined: 28 May 2010

    Posts: 4,313

    Location: London, UK

    Can AdguardHome provide DNS for multiple VLANs? I have Home Assistant installed on a R Pi4 and running AdGuard Home. But it only seems to handle DNS for the main VLAN.
     
  19. macuser

    Hitman

    Joined: 3 Feb 2004

    Posts: 710

    I’m getting 9.6% using a selection from https://firebog.net/ with no problems at all.
    Never really thought about this. Does the higher % mean more problems?
     
  20. Armageus

    Don

    Joined: 19 May 2012

    Posts: 12,693

    Location: Spalding, Lincolnshire

    No - depends entirely on what you browse.
    My wife uses Facebook a lot, so I'm at ~25% block rate due to all the adverts etc on there