Pi-hole on Raspberry Pi: Block Ads Network-Wide at Home

/Posted by / 0

Imagine blocking ads, trackers, and malware domains on every device in your home — smartphones, smart TVs, laptops, and even IoT gadgets — without installing any software on those devices. That is exactly what Pi-hole does. Running as a network-wide DNS sinkhole on a Raspberry Pi, Pi-hole intercepts DNS queries and blocks requests to known advertising and tracking domains before they ever reach your devices. This guide walks you through the complete Pi-hole setup from hardware selection to advanced configuration.

Table of Contents

What is Pi-hole and How Does it Work?

Every time a device on your network tries to load a webpage, app, or smart TV interface, it first performs a DNS lookup — translating domain names like ads.google.com into IP addresses. Normally, these queries go to your ISP’s DNS server or a public resolver like Google (8.8.8.8) or Cloudflare (1.1.1.1).

Pi-hole sits between your devices and the internet as a DNS resolver. When a device queries for an ad domain (e.g., doubleclick.net or facebook.com/tr), Pi-hole checks its blocklist database and returns a null response instead of the real IP address. The ad server is never contacted — no ad loads, no tracking pixel fires, no bandwidth is wasted.

What Pi-hole Blocks

  • Banner, video, and pop-up ads on websites
  • In-app advertisements on Android and iOS apps
  • Smart TV ads (Samsung, LG, Android TV)
  • Tracking pixels and analytics beacons
  • Telemetry from Windows, Android, iOS
  • Known malware and phishing domains
  • Cryptomining scripts

What Pi-hole Cannot Block

Pi-hole blocks at the DNS level — it cannot block ads served from the same domain as content (e.g., YouTube’s ads come from youtube.com, so blocking youtube.com would break YouTube entirely). For YouTube ad blocking, you need a browser extension like uBlock Origin in addition to Pi-hole.

Choosing the Right Hardware

Pi-hole is extremely lightweight — it uses about 50-100MB of RAM and minimal CPU. Almost any Raspberry Pi model works well:

  • Raspberry Pi Zero 2 W: Cheapest option; handles 100+ devices easily if the network traffic is typical residential usage
  • Raspberry Pi 3B+: Excellent for most homes; wired Ethernet is preferred over Wi-Fi for reliability
  • Raspberry Pi 4 or 5: Overkill for Pi-hole alone, but ideal if you run Pi-hole alongside other services (VPN, home assistant, etc.)
Recommended: Raspberry Pi 5 Model 2GB RAM — An excellent host for Pi-hole with enough headroom to also run Unbound (recursive DNS), a VPN server, or a local dashboard. Future-proof and energy efficient.
Recommended: Raspberry Pi 5 Model 4GB RAM — Choose the 4GB model if you plan to stack multiple services: Pi-hole + Unbound + WireGuard VPN + Uptime Kuma on a single Pi. More RAM means more services without slowdowns.

Other Hardware Needed

  • microSD card (16GB minimum): 32GB recommended; Pi-hole’s database grows over time with query logs
  • Ethernet cable: For wired connection to your router — far more reliable than Wi-Fi for a DNS server that your whole network depends on
  • Power supply (5V/3A for Pi 4, 5V/5A for Pi 5)
  • Case (optional but recommended): Protects the Pi from dust in the always-on server role

Installing Pi-hole on Raspberry Pi

Step 1: Prepare Raspberry Pi OS

  1. Download and install Raspberry Pi Imager from raspberrypi.com/software
  2. Flash Raspberry Pi OS Lite (64-bit) — no desktop needed for Pi-hole
  3. In Imager, before flashing: click the gear icon → set hostname (e.g., pihole), enable SSH, set username/password, configure Wi-Fi if not using Ethernet
  4. Insert SD card, boot the Pi, and SSH in: ssh [email protected]
  5. Update the system: sudo apt update && sudo apt upgrade -y

Step 2: Set a Static IP Address

Pi-hole must have a static IP address — if its IP changes, all devices on your network will lose DNS resolution. Set a static IP either through your router’s DHCP reservation (easiest) or directly on the Pi:

sudo nano /etc/dhcpcd.conf

Add at the bottom (replace with your network details):

interface eth0
static ip_address=192.168.1.100/24
static routers=192.168.1.1
static domain_name_servers=127.0.0.1

Use 192.168.1.100 as an example — check your router’s gateway IP first (usually 192.168.1.1 or 192.168.0.1).

Step 3: Install Pi-hole

Run the official Pi-hole installer:

curl -sSL https://install.pi-hole.net | bash

The installer presents a series of prompts:

  1. Network interface: Select eth0 (wired) or wlan0 (Wi-Fi)
  2. Upstream DNS provider: Select Cloudflare (1.1.1.1) or OpenDNS — you can change this later; if adding Unbound, this doesn’t matter
  3. Blocklists: Accept the default (StevenBlack Unified Hosts list)
  4. Admin web interface: Yes — install Lighttpd web server
  5. Log queries: Yes (for the dashboard statistics)
  6. Privacy mode: Choose level 0 (show everything) to get full dashboard stats

After installation completes (~5 minutes), the installer displays your Pi-hole admin password. Save this immediately.

Step 4: Access the Admin Dashboard

Open a browser and navigate to http://192.168.1.100/admin (replace with your Pi’s IP). Log in with the password shown after installation. You’ll see a real-time dashboard of DNS queries, blocked domains, and network statistics.

Configuring Your Router to Use Pi-hole

For Pi-hole to block ads on all devices, you need to make it the DNS server for your entire network. There are two methods:

Method 1: Router-Level DNS (Recommended)

  1. Log into your router’s admin panel (usually 192.168.1.1 or 192.168.0.1)
  2. Find the DHCP settings or LAN settings
  3. Change the Primary DNS to your Pi-hole’s IP (e.g., 192.168.1.100)
  4. Set Secondary DNS to a public resolver as fallback (e.g., 1.1.1.1) — optional but recommended
  5. Save and restart the router

All devices that connect to your Wi-Fi will automatically use Pi-hole as their DNS server. New devices don’t need any configuration.

Method 2: Per-Device DNS

If you can’t access your router settings, configure each device manually:

  • Android: Settings → Wi-Fi → Long press your network → Modify → Advanced → IP settings: Static → DNS 1: your Pi IP
  • iPhone: Settings → Wi-Fi → tap your network → Configure DNS → Manual → add your Pi IP
  • Windows: Network settings → adapter properties → IPv4 → Preferred DNS server

Managing Blocklists and Whitelists

Default Blocklist

Pi-hole ships with the StevenBlack Unified Hosts list covering approximately 100,000 domains. This blocks most advertising and tracking with very few false positives.

Popular Additional Blocklists

Add these in Pi-hole admin → Group Management → Adlists:

  • oisd.nl (big list): https://big.oisd.nl/ — 600,000+ domains, carefully curated with minimal false positives
  • Hagezi Multi Normal: https://raw.githubusercontent.com/hagezi/dns-blocklists/main/adblock/multi.txt
  • URLHaus (malware): https://urlhaus-filter.pages.dev/urlhaus-filter-hosts.txt
  • Phishing Army: https://phishing.army/download/phishing_army_blocklist.txt

After adding lists, go to Tools → Update Gravity to rebuild the blocklist database.

Whitelisting Domains

Sometimes Pi-hole blocks legitimate services. Common whitelisting needs in India:

  • Certain payment gateways (Razorpay, Paytm) — if checkout breaks, check Pi-hole logs
  • CDN subdomains used by legitimate apps
  • Corporate VPN domains

To whitelist: Pi-hole admin → Whitelist → Add domain or regex pattern.

Recommended: HAT DIY PCB Prototyping Board for Raspberry Pi Zero — Add custom hardware extensions to your Pi-hole server. Useful for adding status LEDs, a small display showing block counts, or hardware buttons for quick pause/resume.

Using the Pi-hole Admin Dashboard

The Pi-hole dashboard provides comprehensive network visibility:

Key Metrics to Monitor

  • Queries today: Total DNS lookups from all devices
  • Blocked today: How many queries were blocked (healthy range: 15-25% for typical households)
  • Domains on blocklist: Total blocked domains after gravity update
  • DNS queries over last 24h: Timeline graph showing query and block patterns

Query Log

Go to Query Log to see every DNS request in real time with client IP, domain, and whether it was blocked or allowed. This is invaluable for debugging — if a website or app stops working, check the query log to find what Pi-hole is blocking.

Top Blocked Domains

The dashboard shows the most frequently blocked domains. Common top entries include Google Analytics, Facebook trackers, and various ad network subdomains. In Indian households, expect to see Jio telemetry, various UPI app analytics domains, and regional ad networks in the top blocked list.

Advanced: Adding Unbound for DNS Privacy

By default, Pi-hole forwards your DNS queries to an upstream resolver like Cloudflare or Google — meaning those companies still see every domain you query. Unbound is a recursive DNS resolver that queries authoritative DNS servers directly, eliminating the middleman entirely.

Installing Unbound

sudo apt install unbound -y

Create the Pi-hole configuration file:

sudo nano /etc/unbound/unbound.conf.d/pi-hole.conf

Add the recommended configuration from the official Pi-hole documentation (pi-hole.net/documentation/guides/unbound/). The key settings: listen on port 5335 on localhost, enable DNSSEC validation, set cache sizes.

Configure Pi-hole to Use Unbound

  1. Pi-hole admin → Settings → DNS
  2. Uncheck all upstream DNS providers
  3. In Custom 1 (IPv4), enter: 127.0.0.1#5335
  4. Save settings

Now your DNS chain is: Device → Pi-hole (blocks ads) → Unbound → Authoritative DNS servers directly. No DNS provider sees your complete browsing history.

Performance Tuning and Reliability

Keeping Pi-hole Updated

pihole -up

This updates Pi-hole, the admin interface, and FTL (the DNS engine). Run it monthly or when new versions are announced.

Automated Gravity Updates

Pi-hole automatically updates its blocklist database weekly. To update manually:

pihole -g

SD Card Longevity

Pi-hole writes DNS query logs to the SD card continuously. To reduce writes and extend SD card life:

  • Reduce logging level: Settings → Privacy → Anonymous mode (only logs aggregate stats)
  • Or move the database to a USB drive: add a tmpfs for /var/log in /etc/fstab

Backup Pi-hole Configuration

Regularly backup your Pi-hole settings (blocklists, whitelist, custom DNS):

Pi-hole admin → Settings → Teleporter → Backup. Store the exported .zip file somewhere safe — restoring a fresh Pi-hole from teleporter backup takes under 2 minutes.

Recommended: 18650 Battery Holder Development Board for Raspberry Pi — Pi-hole is critical infrastructure for your home network. A UPS board keeps it running during power cuts, preventing DNS failures that would break internet access for all devices.

Frequently Asked Questions

Will Pi-hole slow down my internet browsing?

No — Pi-hole actually speeds up browsing by blocking ads before they load. DNS queries are resolved locally in microseconds rather than milliseconds. The Pi-hole dashboard will show your query response time; on a Raspberry Pi, average DNS response is typically 1-5ms for cached domains vs 20-50ms for upstream queries. The net effect is faster page loads because ad requests are immediately sinkholes rather than waiting for timeout.

Can Pi-hole block ads on YouTube?

Pi-hole cannot block YouTube’s ads because YouTube serves ads from the same domain (youtube.com and googlevideo.com) as video content. Blocking these domains breaks YouTube entirely. For YouTube ad blocking, use the uBlock Origin browser extension on desktop, or YouTube Revanced on Android (which patches the YouTube app to remove ads at the app level).

What happens if my Raspberry Pi goes offline?

If Pi-hole goes offline, devices configured to use it as DNS server will fail to resolve any domain names — internet access effectively stops. Solutions: (1) Set a secondary DNS (your router’s IP or 1.1.1.1) as fallback in router DHCP settings, (2) Add a UPS to keep the Pi running during power outages, (3) Set up a second Pi-hole on another device for redundancy.

How many devices can Pi-hole handle?

Pi-hole on a Raspberry Pi 4 or 5 can handle thousands of DNS queries per second — far beyond what any home network produces. Even a busy household with 50+ connected devices (smartphones, smart TVs, IoT devices, laptops) generates at most a few hundred queries per minute during peak usage. Pi-hole will never be the bottleneck; your internet connection speed is always the limiting factor.

Does Pi-hole work on mobile data (4G/5G)?

Pi-hole only works when your device is on your home Wi-Fi network (using your router’s DNS). On mobile data, your phone uses your carrier’s DNS and Pi-hole has no effect. To extend Pi-hole’s protection to mobile devices, set up a WireGuard VPN server on your Raspberry Pi — when connected to the VPN, all DNS traffic routes through Pi-hole regardless of location.

Protect Your Entire Home Network Today

Pi-hole on a Raspberry Pi is one of the most practical and impactful projects you can build. A single afternoon of setup protects every device in your home from ads, trackers, telemetry, and malware domains — permanently and automatically. Once installed, it requires minimal maintenance: update gravity weekly, check the dashboard occasionally, and whitelist any legitimate domain that gets accidentally blocked.

Get your Raspberry Pi and start building at Zbotic.in — India’s trusted source for Raspberry Pi boards and electronics components. Fast shipping to all major Indian cities.

Tags: , , , , , , ,

Related posts

Add comment

Your email address will not be published. Required fields are marked