I ordered a Raspberry Pi 5 so I have a Pi 3 that’s about to be redundant. I haven’t used Pi-Hole so I was thinking it’d be good for that but I’m curious if there’s any downsides for users. Are sites blocked if you dont whitelist them? That sort of thing.
Basically, I’m not worried about me having issues but I’m worried about a maintenance headache if friends and family can’t access things.
I use default block list and had 0 issues so far
FML I shouldnt wtite this lol. Just after my comment I found that Lichess app is giving servfail in query and doesnt work. Apparently its unbound issue, but still have to sort that out
I dont know what happened, but its working fine again. I guess unbound was tripping. Nvm me lol
Been using pi-hole since 2016 and I’ve had to make but a handful of exceptions over he years. I guess it’s a case by case thing.
Most things just work, and I have 3.5 million domains blocked. When something doesn’t work you can go into the query log to see what was blocked, and whitelist it from there. I seldom have to do this. Some apps are written to fail completely if they can’t send their telemetry, but most just work without the ads.
Important? Depends on who you ask, but annoying? Yes absolutely. I’ve found with both Pihole and Adguard Home that deal links posted on Slickdeals are broken. But those also redirect several times and it can be a bit cumbersome to whitelist all the domains.
I also found out recently that one (or more) of my blocklistsnin AGH was blocking Steam from uploading games saves. So I had to remove some.
deleted by creator
Hmm, any idea where? I’ve poked around quite a bit in general and haven’t found anything that looks like it would do that. But I’m happy to be wrong! :)
deleted by creator
Depends on what lists you add to pihole (or adguard).
The default lists for both are primarily advert or tracking related, and very safe to keep. The only time I whitelist is when I’m following some kind of shopping deal that uses a tracker. Most linux related things are free from that.
Yes, but first go check which list you want to use since they’re a good starting point to understand a kind of level of tolerance and expectations around your experience.
There’s lots of lists around here’s a small sample:
https://arstech.net/pi-hole-blocking-lists-2023/Be prepared for a bump in time outs as you work through things you might need (I blocked by accident a bunch of needed Microsoft services that I need to use during my job).
I haven’t edited my white list in months, maybe over a year. It’s going very well. I’ve been running pihole on ubuntu for more than 5 years as two virtual machines. I’m happy.
About two years ago I played a shitty mobile game called Idle Miner Tycoon and its pseudo-multiplayer system wouldn’t work. It turns out that Pi-hole was blocking a domain the game used. While I did whitelist the domains I ended up not playing the game anymore.
I’m using AdGuard, which is pretty similar. I had issues with my Sonos speakers. The devices couldn’t find the speakers until I set a few servers on the whitelist.
Apart from that, all’s good.
Good, Sonos is shit anyway.
Why would a speaker even need an app in order to be configured when a webapp should be fine? And why would that app need GPS location data in order to do so? It is on my network, it should just find the devices on my network. I don’t need to be able to access it when I am on the other side of the world. It is a speaker.
And most importantly, why would the app on the computer have LESS functionality than the mobile app?
Sonos is the embodiment of enshittification.
The speaker I have sounds great, but I agree the software is utter garbage.
Any alternatives you could suggest?
Yesterday I couldn’t download stuff from Ansible gateway because my lists blocked the object storage URL but there’s a query log in both tools that makes troubleshooting easy and Adguard has a disable protection button that can disable filtering and can disable it for a set amount of time so you don’t forget to turn it back on
Been running it 7 years with a combined adlist of 1,089,320 domains.
It’s really rare that I run into a site that won’t load or function correctly (like once maybe twice a year). The most noticeable really is the ad results in Google, but I’ve moved away from that to DuckDuckGo anyway.
In the few cases that you do want to use a blocked doman; you can open pihole and either whitelist the domain with one click right out the query log, or disable pihole blocking entirely for 5sec-30min with one or two clicks.
If you really want to, you can group clients and adlists so some clients have much stricter blocking than others do. You can even leave some devices completely free of blocking while still using pihole to log their traffic.
By far one of the noisiest blocked domains is Nvidias driver telemetry. If you don’t strip it out using NVSlimmer, it’ll constantly retry its phone home, spamming the pihole with dns requests (not enough that it can’t handle, but enough that it’s VERY noticeable in the dashboard)
Could you point me at where to find a list of domains for Nvidia telemetry?
events.gfe.nvidia.com is the main one that gets spammed if it fails.
Just use NVSlimmer to strip it out entirely. (grab that and the latest driver package from Nvidia, repeat for updates)
Does a similar utility exist for Linux, though?
On my Windows system I’m using NV Cleanstall to prevent installing telemetry and other unnecessary bits in the first place. Quite the nice tool as well
Not that I’m aware of, but I haven’t looked for one either.
I manually added a handful of domains, and not a single one of them has been pinged so far. We’ll see
My most frequent issue is that links created through an email service provider like ConvertKit will get blocked by PiHole.
I’m a small business owner and so I get a lot of other people’s newsletters, on purpose. I like seeing what mentors and colleagues are doing with their businesses. But a link to their website, a blog post, anything really will almost always be blocked by PiHole if it’s sent via an ESP. This kind of “tracking” (email clicks from a small biz I know and trust) is something I am totally fine with.
It’s easy to disable for 1 minute to click through, but sometimes I forget that the PiHole is active and I can’t figure out why the links aren’t working.
For things like that, ie tracking that you’re ok with; just take a look at which domain is being linked to in the email and add them to your piholes whitelist. You may have to do this a few times as you discover new ESPs but pretty soon you’ll have a good list of them and won’t see them blocked anymore.
Better than having to remember to disable the whole pihole every time.
I don’t manage our PiHole, so easier said than done. I’m the non tech spouse (although not clicking ads or on TikTok all day, lol) but I can’t bug my spouse in the middle of the day to whitelist something for me. I can easily disable it myself and it takes 10 seconds. I could learn how to whitelist, but TBH I have enough tech to keep up with for the business already.
DNS blocking is heavily dependent on the blocklist(s) you use. It’s entirely possible to block >95% of crapware, and break companies’ ability to track you without compromising usability.
Having used both for a lot of years, I’d say look instead at AdGuard Home. It is also FOSS but supports more out of the box; including certificate management, the ability to use encrypted DNS both upstream and downstream without need for third party software (cloudflared), the ability to use adblock filter syntax (lists are 200k lines instead of 2 million lines, but actually block more), and so on. PiHole has some improvements pending in the next version, but it’s not there yet in comparison, imho.
I’d also strongly suggest you check out Hagezi’s DNS blocklists, as they’re pretty much set and forget. They’re intended to be used as your only block list, and do an excellent job (see testing in the Discussions on their GitHub). Use the Normal list if you don’t want to deal with false positives occasionally, and the Pro++ list if you don’t mind getting your hands dirty (whitelisting occasionally) and want to block every last scrap of annoyance and anti-privacy crapware on the web. Both will significantly improve your online experience.
Just added Hagezi to my little snitch mini blocklists, had no idea that existed. Thank you!
No problem!
Do you know the Hagezi lists compare to oisd.nl? The latter have also been great for me, with no false positive that I can remember.
Even Hagezi’s most basic list blocks a lot more than OISD, and still no false positives. See a comparison (run over the top 10,000 websites) here.
Thanks! I’ll try out the lists when I get the chance :)
Just make sure you have port 53 and 80 open. I recently had some problems myself trying to get Pi-Hole up and running. I already had dnsmasq taking up port 53 for a wifi hotspot, which conflicts with Pi-Hole’s own DNS. Aside from that, hosting any websites can also conflict with Pi-Hole’s frontend.
If you aren’t using your Pi 3 for anything yet then I already assume this shouldn’t be a problem though.
Good luck and have fun setting up your Pi-Hole!
The only one I ever found in 2 years of pihole use was cdn.cookielaw.org… a good percentage of sites won’t display with it blocked. Most other stuff is fine.
When I first installed pihole I went overboard with blocklists and broke nearly everything… don’t do that :p
What’s your definition of overboard? I currently have a good one million domains blocked, and only had to whitelist a few for some devices, not even network-wide
If you use the default blocklists you might have no problem at all, if you go full bonkers with blocklists you might have to keep an eye on it sometimes and will mantain a whitelist of a handful of domains.
It is very painless.