Today we're following up on ad and bad-blockers with a supplemental section on the Pi-hole!

In the last entry of the Privacy Cookbook we talked about hostfiles. They're easy to compile and install on Windows, MacOS and Linux and you can use them as well with DNSCloak on iOS.

However, there are better ways to do this, one of which would be with nextDNS but even then that is still not entirely in your own hands.

One beautiful solution is the Pi-hole and the best way is to run it is on a Raspberry-Pi (too easy, right? hahahaha).  

Seriously though, Pi-Hole is a DNS sink-server which blocks ads and malware based on DNS resolution. It has a light touch and can be installed via the Raspberry-Pi and that is where you should start by installing said  Pi:

Having received the Pi you then need to install the OS.

Here you have a couple of alternatives, just select the most suitable one  for you and proceed with the  install:

Now once the OS is running ok, start the terminal and enter:

curl -sSL | bash

That should install the Pi-hole on your Raspberry Pi

There are alternative installation methodologies available as 'piping to bash' is problematic as it doesn't allow you to see code that will run on your system. Therefore, we provide these optional installation methods which allow code review before installation:

Option 1:

Clone your repository and run as follows:

git clone --depth 1 Pi-hole
cd "Pi-hole/automated install/"
sudo bash

Option 2:

Manually download the installer and run as follows:

wget -O
sudo bash

Follow the instructions prompted on the screen and Pi-hole will guide you  through the setup process. NB Please don't use cloudflare (avoid as much  as humanly possible anywhere) as the DNS when asked, a better (safer,  more secure, more private) choice during setup would be DNSwatch, for  instance.

Record your Pi-hole IP address and password and there you now have a Pi-hole!

Log on to your router’s configuration page and locate the DHCP / DNS settings. Note: make sure you adjust this setting under your LAN settings and not on your WAN.

Find  static DNS and exchange the DNS with the IP address for your  Raspberry-Pi. Some routers may require you to provide 2 DNSs, but here  you can enter the one from your Raspbery-Pi twice....simple!

You can also review the full 'how to' at

Now go to pi.hole/admin on your browser

Login --> Settings --> Blocklist

There are already some pre-selected entries here and whilst these are great, please look to add any of the lists we posted in Chapter 3 on 'Ad and bad traffic blocking' to make it even more powerful.

One final tweak/addition is to add uBlock Origin for a perfect solution.

Pi-hole a DNS based blocker so websites delivering ads from the same host are not blocked. I honestly use it for protection from malware, fake news and ransom ware type websites and it serves it's purpose well.

Basically, uBlock Origin overcomes the need for a per site filter/blocker.

Please note Ublock Origin has a CNAME blocking solution, read more here.

If  you would like to host a pi-hole 'on the go' so to speak, digitalocean  has a one click solution which combines Pi-hole with an OpenVPN:

OpenVPN + Pihole Hosting | DigitalOcean Marketplace 1-Click App
OpenVPN + Pihole - A VPN and malware protection for Road Warriors

However, unlike other websites we do not provide referrals for digitalocean so this is an introduction but not a recommendation.

That said, we will be covering VPN solutions in our next chapter. We will look at OpenVPN with and without Pi-hole, AdGuard Home, WireGuard with and without blocking solutions, Shadowsocks and other options, self hosted or from an provider.

But for now we're focused on ad blocking and the use of hostfiles.

A couple of final points before we move on.....Pi-hole also has white and blacklists where you can manually add domains, you can even extend this with powerful regex and Wildcard blocking and a Query Log! How good is that?!?

Here you can see every connection made to and from your network and you  can manually block or unblock these queries. Talking of stats, the Pi-hole will also provide you with an audit log where you can keep track of the most queried domains, you can white and blacklist from this page to a central page.

There is a Privacy Mode whereby even when the Pi-hole is on your own Pi and no-one else can access it, you might still choose to hide the IP or have every query anonymized, so no more stats! Your call!.

Please note: your ISP or DNS provider can still log your traffic, so the Pi-hole is not an anonymizer, it is a ad-blocker!

This all takes a lot of fine tuning until it's perfect, but it is well worth the effort when it comes to privacy and having to endure less ads!

In the next Privacy Cookbook entry we will cover AdGuard Home, another open source blocker, with a few more options than the Pi-hole. We cover AdGuard Home setups on a Raspberry-Pi as well as a hosted solution. Stay tuned as  we explain why we personally use AdGuard Home and favour it over the Pi-hole.

PC out! :-)

We publish a daily dose of decentralization here every day (UTC+8), for additional daily updates follow us on Mastodon, Twitter, Telegram or Element(Matrix). Please like & share all our output. We rely on User-Generated Content so why not write for us and since we try to avoid ads and sponsorship, why not donate to help us continue our work - all major cryptos accepted. You can contact us at and at