DNS

Ditch the Ads, Reclaim Your Privacy: Installing Pi-hole the Easy Way!

Neal Cleaves

Neal Cleaves

9 min read
Ditch the Ads, Reclaim Your Privacy: Installing Pi-hole the Easy Way!

Tired of relentless ads interrupting your browsing and apps? Worried about companies tracking your online activity? At present, online advertising and user monitoring are more aggressive than ever. What if you could shield your entire network–every phone, computer, and smart TV–from this, all at once?

You can with Pi-hole. Pi-hole is a free and open-source solution that transforms your Raspberry Pi into a network-wide ad blocker and privacy guardian. It acts like a digital bouncer, stopping unwanted connections by preventing your devices from connecting to known tracking systems and ad servers.

We'll walk through the absolute simplest way to get Pi-hole up and running on a brand-new Raspberry Pi.

Why Am I Seeing So Many Ads And Why Am I Being Tracked?

As our use of content and daily social habits have evolved, advertisers have had to pivot to keep their products on your radar. Where they once focused on print, broadcast and outdoor ad placements, they are now heavily focused on delivering ads directly to you via the apps and websites that you visit frequently. They are also focused on tracking your online activity so that they can target specific ads to you based on said activity.

Advertising is a big business with staggering budgets. Developers and service providers can generate significantly more revenue by showing you ads than they used to by charging you a one-time fee or monthly subscription. This means that virtually all apps, operating systems, smart devices, phones and more now have code baked into them to report into some data collection point to share information on what you are doing when you use those devices or services. If you examine the EULA (End User License Agreement) that you agree to when you begin using a device or app, there is almost always a section included covering the collection and use of such data.

The Solution: Take Control Of Your DNS

Each internet connected device that you own uses DNS (Domain Name Service). When your app or device wants to show you an ad or report some tracking data to the mothership, it needs to use DNS to lookup the IP address for that ad or data server. Right now you are likely using the DNS system provided by your ISP, or you may be using those provided by Google, Cloudflare, or perhaps some other tech giant. Whoever owns those DNS servers can log the queries coming from your network and use that information to track what you are doing online.

Our solution involves introducing our own DNS server that periodically updates lists of known ad servers and data collection endpoints and then refuses to resolve those names to IP addresses. This prevents apps and devices on your network from connecting to those endpoints and therefore prevents them from displaying the ad or sending the tracking data.

This isn't foolproof. Some advertisers have gotten wise to this trick and have taken steps to prevent users from blocking certain ads. For example, YouTube moved to serving all of its ad content from the same endpoints where you retrieve videos. So this solution will not give you ad-free YouTube. That said, I would say that it works for 75% or more of web and in-app ads, though your mileage may vary.

Why Pi-hole? (And a Quick Look at Alternatives)

Before we dive in, there are other tools for this job. Let's quickly compare Pi-hole to a powerful alternative like Technitium DNS Server.

  • Technitium DNS Server: This is an incredibly robust and feature-rich DNS server that can also perform ad-blocking. It offers advanced controls, can act as its own recursive resolver (meaning it doesn't need to ask other DNS servers for help), and provides a deep level of network configuration. Recursive resolution is a key feature as it prevents any one entity from knowing all of your web browsing tendencies. It's a fantastic choice for advanced users, network administrators, or those who want maximum control over every aspect of their DNS.
  • Pi-hole: While also very capable, Pi-hole shines in its simplicity and focused purpose: ad-blocking and tracking protection. It's designed to be lightweight, easy to deploy, and maintain. For most home users who want effective ad-blocking without needing to delve into the complexities of a full-fledged DNS server, Pi-hole is a great fit.

For the purposes of this guide, we're going with Pi-hole. Its streamlined installation process and user-friendly interface make it the ideal choice for quickly getting powerful network-wide ad-blocking set up.

What You'll Need

Here's our shopping list for a smooth Pi-hole setup:

  1. Raspberry Pi: A Raspberry Pi 3, 4, 5 or even a Zero 2 W will work perfectly. (The Pi 4 and 5 are overkill but fine if you have one).
  2. Power Supply: A high-quality USB-C power supply (for Pi 4 or 5) or Micro USB (for Pi 3/Zero 2 W).
  3. microSD Card (8GB+): A 16GB or 32GB card is ideal. We highly recommend a reputable brand for reliability.
  4. Ethernet Cable: For connecting your Pi to your router. (While Wi-Fi works, it is not recommended for a DNS server).
  5. A Computer: To flash the OS onto the microSD card.

In addition, you will need access to your router. Make sure you have your credentials and that you know how to access its management interface. Most ISP provided routers (sometimes called modems) now have a sticker on the side with details on how to access its management interface. For additional help, you will have to contact your ISP or router manufacturer.

A quick caveat: There is a Docker image for Pi-hole. If you're running a home lab and have a dedicated Docker host, you do not necessarily need a Raspberry Pi.

Step 1: Prepare Your Raspberry Pi OS

We'll use the official Raspberry Pi Imager tool for the easiest setup.

  1. Download Raspberry Pi Imager: Go to raspberrypi.com/software and download the imager for your operating system (Windows, macOS, Linux). Install it.
  2. Launch the Imager:
    • Click "CHOOSE OS" and select "Raspberry Pi OS (other)" -> "Raspberry Pi OS Lite (64-bit)". (The Lite version is perfect; it's headless, meaning no desktop environment, saving resources).
    • Click "CHOOSE STORAGE" and select your microSD card. Double-check this is the correct drive!
    • Click the Gear Icon (Advanced Options): This is crucial for an easy setup!
      • Set hostname: pihole (or whatever you like)
      • Enable SSH: Select "Password authentication" and set a strong password. This lets you access your Pi remotely.
      • Configure wireless LAN (NOT Recommended): Only if you absolutely can't use Ethernet. Enter your Wi-Fi SSID and password.
      • Set locale settings: Choose your timezone and keyboard layout.
    • Click "SAVE."
  3. Write OS: Click "WRITE" and confirm. The imager will now write the OS to your microSD card. This will take a few minutes.

Step 2: Boot Up and Connect

  1. Boot: Eject the microSD card, insert it into your Raspberry Pi, connect the Ethernet cable to your router, and then plug in the power supply. Give it a minute or two to boot up.
  2. Connect via SSH: We will now log in to the Pi's command line from your computer.
  • On Windows: Open PowerShell or Command Prompt.
  • On macOS/Linux: Open the Terminal.
  • Type the following command and press Enter. (Remember the hostname we set?):
ssh pi@pihole.local
  • You might see a security warning about the host's authenticity. Type yes and press Enter.
  • When prompted, enter the strong password you created in Step 1.
  • Troubleshooting: If pihole.local doesn't work, you'll need to find your Pi's IP address by logging into your router's admin page and looking for a device named "pihole" in the list of connected clients.

Step 3: Install Pi-hole (The Famous One-Liner)

You're now logged into your Pi. It's time to run the famous Pi-hole installer.

Update Your Pi: First, run these two commands to make sure your Pi is up-to-date.

sudo apt update
sudo apt upgrade -y

Run the Installer: Copy and paste the following single command into your terminal and press Enter:

curl -sSL https://install.pi-hole.net | bash
  1. Follow the Wizard: A text-based wizard will appear. Use the Arrow Keys, Tab, and Spacebar to make selections, and Enter to confirm.
    • Press Enter through the first few informational screens.
    • Static IP Address: The installer will warn you that you need a static IP. This is critical. We will handle this in the next step using a much easier method (DHCP reservation). For now, just select "Continue".
    • Upstream DNS Provider: This is who Pi-hole will ask for non-ad-related queries. Cloudflare is a fast, privacy-focused choice. Select it and press Enter.
    • Blocklists: Just accept the default list. You can add more later. Select "Continue".
    • Web Admin Interface: Yes (press Enter). This is the dashboard.
    • Web Server: Yes (press Enter).
    • Log Queries: Yes (press Enter). This lets you see what's being blocked, and will be helpful for whitelisting domains later on.
  2. Installation Complete! The installer will finish and show a final screen. On this screen you will see the IP address of your Pi-hole and the password for logging into the web interface. Make note of the IP address and password. You will need them. Press Enter to finish.

Step 4: Set a Static IP (The Easy Way)

Your Pi-hole must have an unchanging IP address. The easiest and most reliable way to do this is on your router, not the Pi itself.

  1. Log in to your router's admin page (usually 192.168.0.1 or 192.168.1.1).
  2. Find the DHCP Settings or Connected Devices section.
  3. Find your Pi-hole on the list of devices (it might be named "pihole" or show the IP address from the installer's final screen).
  4. Look for an option called "DHCP Reservation," "Pin," "Address Reservation," or "Static IP."
  5. Set it to "reserve" the current IP address for your Pi-hole's MAC address. This tells your router to always give the Pi-hole that same IP.

Step 5: Point Your Devices to Pi-hole

Now you just need to tell your devices to use your Pi-hole as their DNS server.

  1. Log back into your router's admin page.
  2. Find the LAN or DHCP settings (the same place as the last step).
  3. Look for the "DNS Server" settings.
  4. Change the Primary DNS Server to the IP address of your Pi-hole (the one you just reserved).
  5. If there is a "Secondary DNS," leave it blank or, if it insists, enter the Pi-hole's IP again. (Do NOT put a public DNS like 8.8.8.8 here, as your devices will bypass the Pi-hole).
  6. Save your router settings. You may need to restart your router for this to take effect.

Step 6: Log In and Verify

Your network is now protected! Let's check your dashboard.

  1. On your computer, open a web browser and go to: http://<your-pi-hole-ip>/admin (e.g., http://192.168.1.10/admin) ...or, if your network supports it: http://pihole.local/admin
  2. You should see the Pi-hole login screen. Use the admin password you saved from Step 3.
  3. You're in! You'll see the dashboard come to life. As your devices use the network, you'll see the "Total Queries" and "Queries Blocked" numbers start to climb.

Note that it could take a day or possibly longer for all of your devices to renew their IP addresses and get the new DNS server settings from your router.

Welcome to a faster, cleaner, and more private internet. You'll be amazed at how many ads and trackers you've been unknowingly exposed to, all visible on your new Pi-hole dashboard. Enjoy the silence!

Step 7 (Optional): Enhance Your Block Lists

Pi-hole typically comes with one or more block lists preconfigured. I have found the following lists to be quite good.

To add them to your Pi-hole:

  1. Log into the Pi-hole web admin interface.
  2. Go to Group Management > Adlists
  3. Paste the URL of the blocklist into the address box, add a comment if desired, and click "Add".
  4. After adding all lists, go to Tools > Update Gravity to update your blocklist and make the changes effective.
https://big.oisd.nl/
https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews/hosts
https://raw.githubusercontent.com/hagezi/dns-blocklists/main/wildcard/pro-onlydomains.txt
https://raw.githubusercontent.com/xRuffKez/NRD/refs/heads/main/lists/30-day_phishing/domains-only/nrd-phishing-30day.txt
https://raw.githubusercontent.com/PolishFiltersTeam/KADhosts/master/KADhosts.txt
https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.Spam/hosts
https://v.firebog.net/hosts/static/w3kbl.txt
https://adaway.org/hosts.txt
https://v.firebog.net/hosts/AdguardDNS.txt
https://v.firebog.net/hosts/Admiral.txt
https://v.firebog.net/hosts/Easyprivacy.txt
https://v.firebog.net/hosts/Prigent-Ads.txt
https://raw.githubusercontent.com/anudeepND/blacklist/master/adservers.txt

Recommended Block Lists

I Can't Access A Site Or Service I Need. What Do I Do?

This may happen from time to time, but in my experience, it has been extremely rare, even with all of the extra blocklists configured. Nonetheless, if you come across this situation, here is what you do:

  1. Access the Pi-hole Web Admin Interface
  2. Go to "Query Log".
  3. Look for URL(s) related to the site or app that you need to unblock. To make it easier to find, try accessing the app or site and then immediately refresh the Query Log. Once you find the URL, click on "Whitelist" to tell Pi-hole to stop blocking it.
  4. Test the site or app again, it should work.

Take It On The Road!

Congratulations! You have now improved privacy and significantly reduced ad intrusion for all of the people and devices connected to your internet connection at home. But, what about when you are on the road? You can't take your Pi-hole with you, but it is possible to use it even when you are away from home! Keep an eye out for an upcoming article on setting up your own personal VPN that will add another layer of privacy protection and keep you safe from ad intrusion while on the road.

Read more