Pi-hole is a collection of software that provides a DNS server with ad-blocking. It was originally designed for the Raspberry Pi, but these days can be deployed via a script on a number of Linux distributions. They now also offer a container image, so I decided to give it a shot on my home network.

Deploying the container is very straightforward. You can pick it up on Docker Hub. For full ad-blocking capabilities, you need to open port 53 for DNS and 80 and 443 for http. I assigned a dedicated IP address to my pi-hole container so I wouldn’t have to deal with proxying.

There are a few ways to set up your router or DHCP software to work with the pi-hole. I point all DHCP clients to my router for DNS, and then my router fetches DNS information from the pi-hole. This way my router can continue servicing DNS queries from its cache if I need to restart my home server for some reason.

I found that any other configuration that included a fallback DNS server didn’t work–even though DNS secondary servers are only supposed to kick in when the primary is not accessible, it seemed that many queries were random.

One issue I ran into was I observed a small but noticeable delay when accessing websites after using the pi-hole for DNS. It turns out that by default the pi-hole container directs all blocked DNS queries to the local 127.0.0.1 address, and attempting to connect to a local server and timing out was the source of delay. This was pretty easy to work around but it took me a while to find the solution: in the configuration file pihole-FTL.conf, add or modify the line BLOCKINGMODE=IP. This directs all traffic to the pi-hole IP address where it is immediately rejected.

I’m very happy with pi-hole so far, and the container fits perfectly into my home network configuration. One thing I wish the pi-hole would manage is local domains. I still define my local domain names with dnsmasq on my router, and I think this would be a big value-add if it could be managed from the pi-hole GUI.