The code below will assist you in creating one or more Raspberry Pi ad block service DNS servers.
Equipment List:
- 2 (suggested but you can do it with one) Raspberry Pi Microcomputers
- Raspberry Pi 3B+ (or better) are recommended (look at CanaKit (http://amzn.to/2vxgLLD))
- 1 USB Keyboard and USB Mouse
- 1 Device to test the configuration (Laptop/Desktop/Phone/Tablet)
- DD-WRT Capable Router (Optional)
- Suggested but not required
- Internet (Obvious yes?)
Software List:
- Raspbian OS
- This is the overall operating system of the Raspberry Pi
- Either option at https://www.raspberrypi.org/downloads/raspbian/ will work
- NOTE: If you get the CanaKit listed above they prepare your micro SD card with NOOBs typically
- Pi-Hole
- Don’t let the name deter you as you can rename it later if you choose
- While you could do much of what they do on your own it is really a nice package that makes it a lot cleaner and easier
- SSH Client (PuTTY or Unix/Mac Terminal)
- Windows: Download PuTTY from https://www.chiark.greenend.org.uk/~sgtatham/putty/
- OpenVPN (Optional)
- Optional but if you want to use this filter solution outside of your home this is suggested.
- DD-WRT (Optional)
- Optional but best solution for making it more difficult to get around the DNS filtering.
I like to build the Raspberry Pi and setup the Raspbian OS with the keyboard and mouse attached to the Pi only to the point of getting SSH available then doing the rest on my laptop or on my surface so that I can modify the configuration on more than one Pi at the same time. When you have the equipment you will need to start with the Raspberry Pi installation guide at https://www.raspberrypi.org/documentation/installation/installing-images/README.md If you choose to go with DD-WRT go to http://www.dd-wrt.com/wiki/index.php/Main_Page to get the basics setup
Setup SSH
- Assuming you have your Raspberry Pi setup make sure to go over to the menu and open up the Raspberry Pi Configuration from the Preferences menu
- Navigate to the Interfaces tab
- Select Enabled next to SSH
- Click OK
Get IP Address
- Open Terminal from the top left menu
- In Terminal run this code to get the IP address
hostname -I
or
ifconfig | grep 'inet' | grep -v inet6 | grep -v 127.0.0.1 | cut -d ' ' -f10
- ifconfig will provide your network interface information
- The first two grep commands will filter the information to show IPv4 only
- After the third grep you should be left with a valid IP address for your network (192.168.x.x is typical)
- The cut with -d delimiter of space should remove the remaining information to leave you with only the IP
Connect Via PuTTy
- With PuTTY open, type the IP address in “Host Name (or IP Address)” text box
- Type a descriptive name (ex. My Pi) in “Saved Sessions” text box
- On the left side click on “Data” under “Connection” and type “pi” in the “Auto-login username” text box
- On the left side click on “Session” and click the “Save” button then click the “Open” button
Connect Via Unix/Mac Terminal
Depending on your Unix choice you may need to search for Terminal.
On Mac it’s easiest to hold down the Command+Space keys to do a “Spotlight Search” and type Terminal
- Type this into Terminal (Change ipaddress to the IP address you received above and the username to the username you setup. If you did not setup a specific username the username should be “pi”)
ssh ipaddress -l username # OR ssh username@ipaddress
- The -l in this code is to define the username that we want is the pi user
The first time you connect you should see something like this below, type yes followed by the enter/return key to add it to your known hosts and you shouldn’t receive this message again.
The authenticity of host 'ipaddress (ipaddress)' can't be established. ECDSA key fingerprint is SHA256:7dNNX+60VcTn9QvJC8EI1044CLET5m5kMh1f7te3bGM. Are you sure you want to continue connecting (yes/no)?
Raspbian Template
The code below will:
- Update Raspbian/Debian
- Install some basic tools
- Set timezone, you may want to lookup your timezone name
- Get timezone list
ls /usr/share/zoneinfo/ ls /usr/share/zoneinfo/America/
- For example Detroit is the closest timezone name so the path is /usr/share/zoneinfo/America/Detroit so in the script below I use America/Detroit
- If you live in Paris the path is /usr/share/zoneinfo/Europe/Paris so in the script below you’d use Europe/Paris
- Get timezone list
Remove Default Applications – See Raspberry Pi – Remove Default Apps
# Switch to root user su # Usually not needed but will help apt-get to work dpkg --configure -a # Update Ubuntu apt-get update -y && apt-get check -y && apt-get autoremove -y && apt-get autoclean -y && apt-get clean -y # Install JQ, IPCalc, NMAP, Network Manager (nmcli), curl apt-get -y install jq ipcalc network-manager nmap curl net-tools # Install NTP Client apt-get --assume-yes install ntp -y # Set Time Zone - Change as needed timedatectl set-timezone America/Detroit
Create SSH Banner – See Debian/Ubuntu/Raspbian – Set SSH Banner
Get/Install Pi-Hole
Run the code below to start the installation of Pi-Hole, you will get some prompts in a Terminal User Interface (TUI)
curl -sSL https://install.pi-hole.net | bash
- The first three screens are informational, tap enter/return to go to the next screen
- On the 4th screen you are asked what DNS provider you’d like to use, I have a free account with OpenDNS so I choose OpenDNS
- Side Note: If you haven’t tried OpenDNS you may want to as it filters far more than you can image.
- On the 5th screen you are asked the protocols you wish to use (IPv4 and/or IPv6), by default both are selected. Tap enter/return to keep this option.
- On the 6th screen you are asked if the IP address the Pi is currently using is the IP you’d like to setup as a static IP. Tap the right arrow to select <No> and tap enter/return.
- Note: You should have a DHCP range that doesn’t include servers (i.e. The Raspberry Pi).
- Suggested range for your DHCP is to start at a number at least 10 higher than you think you’ll need for servers/printers. In my case I start the DHCP rather high at 128
- On the 7th screen you are asked to input your desired IPv4 address. Type in the IP you want with the proper CIDR. Most home networks are /24 so you would type something like 192.168.1.5/24 where the 192.168.1.5 would be the IP you want for the Raspberry Pi. Tap enter/return to continue.
- If you have 10 IP addresses for servers and printers choose an IP that is within that small range
- On the 8th screen you are asked to input your desired IPv4 default gateway. Typically the one on the screen is the correct IP, correct it and/or tap enter/return to continue
- On the 9th screen you are asked to confirm the settings, if correct tap enter/return to continue or tap the right arrow to select and go through the IP selection again.
- On the 10th screen you will see the IPv6 that will be used for the Raspberry Pi
- On the 10th screen you are asked if you want to install the web admin interface, this is recommended but not required. In most cases simply tap enter/return to continue.
- On the 11th screen you are asked if you want to log queries, this is recommended but not required. In most cases simply tap enter/return to continue.
- On the 12th screen (after it actually installs and configures) you are given completion information, it is suggested to copy all of this information but at least the password
| Configure your devices to use the Pi-hole as their DNS server │ │ using: │ │ │ │ IPv4: 10.211.55.7 │ │ IPv6: fdb2:2c26:f4e4:0:21c:42ff:feb5:19bf │ │ │ │ If you set a new IP address, you should restart the Pi. │ │ │ │ The install log is in /etc/pihole. │ │ │ │ View the web interface at http://pi.hole/admin or │ │ http://10.211.55.7/admin │ │ │ │ Your Admin Webpage login password is c-FNXvNE |
- NOTE: If you fail to write the password for the web admin interface you can run this command and set a new password
sudo pihole -a -p
- NOTE: If you fail to write the password for the web admin interface you can run this command and set a new password
At this point the basics are installed and ready to go.
Change/Modify Adlists
The filter is only as good as the lists that you feed it, as of this writing 118,348 are blocked with the preconfigured lists.
It is recommended that you only select lists that you trust, for your benefit and mine this is the list I use and how to get it.
sudo cp /etc/pihole/adlists.list /etc/pihole/adlists.list.original cd ~/ wget https://gist.githubusercontent.com/dkittell/4646d0ba073c90e58c920b5730e0bf5e/raw/238adcd4e46a3b7f408099f21e51120fbf030040/adlists.list wget https://gist.githubusercontent.com/dkittell/74dc56f832ea2b7da1c9cc9fcbb766ca/raw/9989b23784d7f2f32117893187e59f8a39197e49/filter_stats.sh sudo mv adlists.list /etc/pihole/ echo "sudo apt update -y && sudo apt upgrade -y && sudo apt autoremove -y && pihole -up && pihole -g && pihole status && sh filter_stats.sh" > ~/update.sh sh ~/update.sh
Get/Install OpenVPN
Similar to Pi-Hole PiVPN has put together a simple installer
curl -L https://install.pivpn.io | bash
- The first four screens are informational, tap enter/return to go to the next screen
- The fifth screen will ask you to select a user, in most cases you will only have one user. Select the user, tap enter/return to go to the next screen
- The sixth screen is informational, tap enter/return to go to the next screen
- The seventh screen asks if you want to enable unattended upgrades fo security patches, suggestion is to say yes, tap enter/return to go to the next screen
- The eighth screen asks if you want UDP or TCP, UDP is suggested, tap enter/return to go to the next screen
- The ninth screen will ask for a port number, suggestion is to keep the default port until you are more familiar with ports, tap enter/return to go to the next screen
- The tenth screen will ask you to confirm the port, tap enter/return to go to the next screen
- The eleventh screen will ask for encryption strength, suggestion is 2048 or 4096, tap enter/return to go to the next screen
- The twelfth screen will tell you to create the profile when done, tap enter/return to go to the next screen
- The thirteenth screen will suggest you reboot, it is suggested you reboot, tap enter/return to go to the next screen
- The fourteenth screen is information to say the machine will now reboot, tap enter/return to go to the next screen
When the Pi is done rebooting, run the PiVPN configuration to create the profile.
pivpn add
Make sure you tell OpenVPN to start at boot
sudo update-rc.d openvpn defaults
Last Updated on December 2, 2024