Voozh

While I don't run a network of my own, as a family member who manages all that, I've always been interested in network security; it's really fascinating to me, along with its components: encryption, encoding, and radio signals. I've heard of Pi-hole many, many times, but I'd never actually known how to install it, so when I finally decided to give it a try, I was shocked by how easy the setup was. And during my foray into Pi-hole, I learned about DNS-over-HTTPS, aka DoH, and why it's important, so I set it up, too. After doing so, I have zero regrets: my internet speed is the same, if not faster, and I also get secure routing. Here's how I installed Pi-hole, set up DoH, and the benefits of both.

👁 The Raspbian boot up logo on a OnePlus 11

5 reasons a Pi-hole isn’t enough to protect your home network

The humble Pi-hole is great for ad blocking but it's only part of a well-designed home network protection system.

By Joe Rice-Jones

What is Pi-hole

Pi-hole is a really useful tool, and it's really easy to set up

First off, Pi-hole is a program often installed on Raspberry Pis — specifically, a DNS server —that blocks certain traffic. This is useful, say, for restricting your young children's access to YouTube if you don't want them watching age-inappropriate videos. It's a really powerful tool, and it's popular for good reason; I didn't think it could live up to the hype, but I'm honestly frustrated at myself for not trying it sooner.

Pi-hole is also popular because it allows you to block ads network-wide. Using it, you can block ads, adult content, and malware automatically, entirely from a web dashboard. It's quick, snappy, and, as it's designed for a Raspberry Pi, uses very few resources. Despite this, it's on par with enterprise-grade tools in terms of functionality, which is really impressive. Plus, it's open source, which is a huge plus.

To install Pi-hole is really simple. First, you open a terminal and a web browser. Then you go to the Pi-hole webpage, copy the command shown, and input it into the terminal. Finally, you click Enter and follow the dialogs that appear. It's really, really simple to do, which is another benefit on top of the pile. It really is a no-hassle experience.

DNS-over-HTTPS

It was really easy to set up using a terminal and the WebGUI

Speaking of no-hassle, setting up DoH was super quick and easy, too. I followed the tutorial on the official Pi-Hole documentation, which included updating my apt repositories and installing the dnscrypt-proxy package. Then run:

sudo systemctl edit dnscrypt-proxy.socket

Ensure it's not using a port already in use by other services. Then edit the /etc/dnscrypt-proxy/dnscrypt-proxy.toml file and set the server_names property to the DoH DNS servers you prefer. Next, run the command:

sudo pihole-FTL --config dns.upstreams '["127.0.0.1#5053"]'

Lastly, you restart dnscrypt-proxy.socket, dnscrypt-proxy.service, and pihole-FTL.service, using systemctl.

Just to double-check that the setup worked, you should check the status of each of those, and then in the WebGUI, go to Settings > DNS and under "Upstream DNS Servers", uncheck all the boxes for public DNS servers, ensure the IP Address and Port are in the text box, and click "Save". Now, DoH is completely set up and ready for you to use!

Why is DoH so important?

DoH is a critical part of security in your home network

You may already know what a VPN is and does, but if you don't, a VPN is a program designed to tunnel traffic, such that you can access one network, in many cases, the internet, through a computer on a different network, often in a different country, while encrypting your traffic. This is useful because it lets you hide your traffic from your ISP and anyone snooping on your network. However, VPNs are often very slow, and that can be problematic for some.

Deals

Networking deals: save on routers, switches, and Pi kits

Explore deals and discounts on home networking gear - save on routers, switches, Raspberry Pi kits, Ethernet cables, Wi-Fi extenders, and firewall appliances. Find offers to build a faster, more private home network with accessories for Pi-based DNS blockers and encrypted DNS setups.

Deals Explore Storage & Networking Deals

However, since HTTPS already encrypts traffic, a more suitable alternative is to encrypt DNS over HTTPS. Then all the ISPs can see are the IPs and ports of the destination sites, which are often used by multiple pages (especially sites protected by Cloudflare against DDoS), making it nearly impossible to determine your traffic. And this is exactly what DoH does: it encrypts your DNS requests as just another HTTPS webpage request, making it almost completely impossible for your ISP to track you.

Some people may not care about online security — your neighbors and parents likely don't worry about their online activitybeing tracked — but as a tech person, I know that privacy — the little of it you can still get — is very important. And given that the speeds didn't seem to drop at all, I don't know why I didn't try this sooner.

Pi-hole

OS: Linux
Price model: Free

Pi-hole is a network-wide ad blocker that supports DNS-over-HTTPS and comes preinstalled with blocklists for ads, malware, and trackers. It runs on the Raspberry Pi or your server and uses very few resources.

See at Github

DoH is a godsend for network security

Setting up DoH was one of the best uses of my time towards improving my network. Pi-hole means I don't get ads, and DoH means that my ISP can't see my traffic. I highly recommend it — if you're setting up a new network, or want better security on your current one, certainly set it up!

URL: https://www.xda-developers.com/pi-hole-encrypted-privacy-upgrade/

⇱ Encrypting DNS queries through Pi-hole is where the real privacy happens, and it only took 10 minutes