Basic Configuration
Most static ads and domains will be blocked. Dynamic content is continually changing and therefore ad-blocking for youtube is usually hit-or-miss.
Navigate to Pi-Hole admin interface: http://pi.hole/admin or use static IP if not using Pi-Hole DNS server yet.
This will setup ad-blocking in the following manner:
Router upstream DNS servers set to
1.1.1.1,8.8.8.8.Router DHCP Assigns Pi-Hole as primary DNS server for clients.
Router uses DNAT to force all DNS requests to Pi-Hole (optional).
Pi-Hole upstream DNS server set to router.
Pi-Hole will have static hosts set in /etc/hosts to resolve multiple
hostnames resolving to the same IP.
Manual Configuration
Manual Configuration
Upstream DNS Provider
INTERNAL DNS
Third Party Lists
All
Protocols
All
Static IP Address
Use current DHCP settings
Web admin interface
☑
Web Server (required for webface if no other server)
☑
Log Queries
☑
Privacy Mode
0
Note
The password will be listed on the summary page. This can be set using
pihole -a -p and reached via http://pi.hole/admin, once DNS is set to
Pi-Hole.
Updated: None
Blocklists
Settings › Blocklists
These can be added all at once (one per line) then mass updated.
Wally’s list has a good list of stricter blocking.
Large list of additional blocklists.
Ensure all lists have a check after loading. If there is an ✗ then the list could not be obtained.
Check this list for common services to whitelist.
Updated: None
Setup DNS Servers
Settings › DNS › Upstream DNS Servers
Custom 1
INTERNAL DNS
Updated: None
Add Interface
Settings › DNS › Interface Listening Behavior
☑
Listen only on interface {INTERFACE}
Updated: None
Add Interface
Settings › DNS › Advanced DNS Settings
☐
Never forward non-FQDNs
☐
Never forward reverse lookups for private IP ranges
Updated: None
Disable DHCP Server
Settings › DHCP › DHCP Settings
☐
DHCP Server Enabled
Updated: None
Set DNS Resolver Privacy Settings
Settings › Privacy › Privacy settings › DNS resolver privacy level
☑
Show everything and record everything
Updated: None
Static Host IP Resolution
Useful for hosts with multiple hostnames per IP (e.g. containers); or static hosts that the router cannot resolve (e.g. the static address is not defined in the router itself).
/etc/hosts1.2.3.4 app1.host.com app1 # app 1 comment
1.2.3.4 app2.host.com app2 # app 2 comment
Restarting Pi-Hole may be required.
Disable Blocking for Specific Clients
Disabling ad blocking for specific clients. Disables can be all lists or specific lists.
Add Disable Group
Group Managements › Groups › Add a new group
Name
DISABLE
Description
Disables PiHole domain blocking
Updated: None
Enable the Disable Group
Group Managements › Groups › List of configured groups
Name
DISABLE
Status
ENABLE
Description
Disables PiHole domain blocking
Updated: None
Add Clients to Manage
Group Managements › Clients › Add a new client
Known clients
IP
Comment
DESCRIPTION
Updated: None
Add Clients to Disable group
Group Managements › Clients › List of configured clients
IP address
IP
Comment
DESCRIPTION
Group assignment
☑ Disable
›
☐ Default
Updated: None
Router Configuration
Generic Configuration - will be located slightly differently for each router.
Add Upstream DNS Servers
System › DNS Servers
1.1.1.1
cloudflare DNS resolver
8.8.8.8
google DNS resolver
Updated: None
Add Pi-Hole as DNS Server for DHCP
config tree › service › dhcp-server › shared-network-name › NETWORK › subnet › IP RANGE
DNS server assigned for DHCP clients
IP
Updated: None
Allow TCP/UDP traffic on port 53 to Pi-Hole
Firewall Policies › WIFI_IN › Actions › Interfaces
Source
Destination
Pi-Hole:53
Protocol
TCP/UDP
Action
ACCEPT
Updated: None
Clients Ensure clients flush the DNS cache and new DNS server is set to start resolution via Pi-Hole.
See DNAT for Captive DNS to finish captive DNS setup.