Creating a solution to ad blocking can be frustrating and costly if you’re not approaching it the right way. Running a DNS server with Pi-hole on a Raspberry Pi is an easy first step toward securing your entire network and all your connected devices, but combining Pi-hole with Tailscale, a mesh VPN that uses WireGuard, further secures your network while also enabling remote access, allowing you to access your home network and devices from anywhere. Using Pi-hole and Tailscale together means you can use Pi-hole ad blocking from anywhere and with any of your devices, as long as they’re connected to Tailscale.

The result is a network that blocks ads and trackers, provides visibility into connected devices, and enables secure remote access without the need for complex VPN setups.

Here’s how I got there.

Why you should use a DNS server

Hosting your own is much more secure than relying on your ISP

A DNS server translates domain names into corresponding IP addresses for your devices. Typically, ISPs run DNS servers, but they don’t block ads. Pi-hole runs between your home network and a DNS server, filtering through requests and blocking blacklisted domains (typically ads, trackers, and spam) before the requests actually leave your network.

You can easily host your own DNS server with Pi-hole and enforce ad blocking at the network level, protect all your connected devices seamlessly, and gain some insight into your network, including which devices are communicating with which domains. It’s a necessary layer of security and privacy that you can’t expect your ISP to take for you.

Assigning a DNS server incorrectly or using the wrong IP can temporarily disrupt internet access on your devices. Always double-check your settings.

Set up Pi-hole

It'll take less than 10 minutes

I ran Pi-hole on a spare Raspberry Pi 4, but if you don’t have one lying around, you can also run Pi-hole on an old PC. That said, a Raspberry Pi is a good, low-power option for running a dedicated DNS server consistently. Before I began, I ensured SSH was enabled, upgraded the Raspberry Pi, and then rebooted it.

The official Pi-hole installer is straightforward and guides you through the configuration process. If you haven’t already set a static IP address for your RPi, you can set one afterward or configure a DHCP reservation. I chose Cloudflare as my upstream DNS server and, since I already had Tailscale installed, chose Tailscale as my interface.

Once everything is set, you should be able to log into Pi-hole’s web interface via http://

Configure your network to use Pi-hole

Don't forget to set a static IP address if you haven't already

To make Pi-hole work for all devices on your network, you have one of three options:

  1. Point your router’s DNS settings to Pi-hole (make sure you’ve set a static IP address first).
  2. Use Pi-hole as a DHCP server
    1. Disable DHCP in your router’s settings and add Pi-hole as the DHCP server.
  3. Manually change your device settings
    1. If you can’t change either option, you can manually set your devices to Pi-hole’s DNS server address, but you’ll have to do it for each device, which can be tedious.

Changing the DNS at the router level affects all devices, and you may experience temporary internet access loss.

Install Tailscale

It'll likely take much less than 10 minutes

Tailscale is exceptionally straightforward to install on a Raspberry Pi using the installation docs and took less than 30 seconds. Here’s how I integrated it with Pi-hole

  1. Install Tailscale on the Raspberry Pi (and any other devices you want to connect remotely).
  2. In Pi-hole Settings → DNS, choose tailscale0 as your interface.
  3. Set Tailscale DNS to point to your Pi-hole:
    1. In the Tailscale admin panel, go to DNS settings, click “Override DNS servers option.” Add the Pi-hole machine’s Tailscale IP.

At this point, test to make sure the ad blocking is working correctly. You can use Pi-hole’s query log to confirm it is blocking queries.

Enjoy a much more secure network (and remote access to it)

Combining Pi-hole and Tailscale will give you smooth, network-wide ad blocking, secure remote access, and detailed insights into your network. Instead of relying on browser extensions, every device, including IoT gadgets, benefits from the same protection. The setup is low-maintenance, especially when running on a Raspberry Pi, and both Pi-hole and Tailscale have intuitive interfaces. The setup took me around an hour to get up and running efficiently. There were some minor hiccups with setting up the interface, but for the most part, it took no time. Overall, the combination is an efficient, low-cost way to take control of your network, block unwanted content, and access your devices remotely, all without complex VPN setups or exposing sensitive services to the open internet.