from Hacker News

Pi-hole v6

by tkuraku on 2/18/25, 6:31 PM with 304 comments

  • by andy_xor_andrew on 2/18/25, 7:10 PM

    I set up pi-hole recently after hearing about it for years. I was kind of surprised at a lack of really basic features (imo):

    There isn't any kind of "dry run" or "phantom" mode, where requests are not actually blocked, but appear marked in the log UI as "would be blocked". This is super important because I want to see all the things my home network is doing that would be blocked before I actually hit the big red button. I want to fix up the allow/denylist before going live.

    It's also not possible (or not clear) how to have different behavior for different clients. For my "smart tv" which I begrudgingly have to allow on my network occasionally for software updates, I want to treat it with the strictest possible list. But for my phone, I don't want that same list. There's a concept of "groups" so perhaps this is user error on my part, but the UI does not make this clear.

  • by LeoPanthera on 2/18/25, 6:52 PM

    I've been using AdGuard Home, which does pretty much the same thing, but is slightly better polished, with things like support for DoH and OSs other than Linux.

    https://github.com/AdguardTeam/AdGuardHome

  • by Mossy9 on 2/18/25, 6:36 PM

    Pi-hole is such a great tool. I've been running it for a few years on a raspberry pi zero, and am constantly astonished by the sheer amount of cruft it blocks for me.

    Congratulations to the team for the release - happy to support you via Patreon!

  • by _fat_santa on 2/18/25, 7:03 PM

    Pi-hole is a killer application and I've loved it since I got it setup. One other app I highly recommend to run on your Pi in addition to Pi-hole is Nginx Proxy Manager[1].

    [1]: https://nginxproxymanager.com/

  • by seanp2k2 on 2/18/25, 7:21 PM

    I’ve been happy with AdGuard Home on two Pi4s and a little home server for years now: https://adguard.com/en/adguard-home/overview.html

    I have some scripts to sync config between them and a Jenkins job if I want to pause blocking on them for a bit.

    It looks like https://github.com/mattwebbio/orbital-sync and https://github.com/lovelaze/nebula-sync can sync configs with Pi-hole 6 now, but it’s quite a bit of code for what looks like just a few HTTP requests to get the config from one using the teleporter feature, then restore it on the others using the same.

  • by jccalhoun on 2/18/25, 7:28 PM

    I've been using Technitium for a couple years and been pretty happy with it https://technitium.com/dns/

  • by eamag on 2/18/25, 6:52 PM

    Want to highlight https://nextdns.io/ as a similar service, very happy with it

  • by zymhan on 2/18/25, 6:58 PM

    > The web interface has been completely overhauled with settings split into Basic and Expert modes. This allows users to customize their experience based on their comfort level and needs.

    This sounds helpful for setting up a Pi-Hole for family or friends that aren't DNS admins by day.

  • by Sohcahtoa82 on 2/18/25, 8:43 PM

    I love PiHole.

    I run my PiHole on a small cloud VM that I use for several projects, but put it behind a VPN that's configured to only forward DNS lookups, then VPN into it from my phone. So many advantages behind this setup.

    - Since only DNS lookups are tunneled, I don't have to worry about tunneling ALL my traffic and paying egress fees

    - Blocks ads in ALL apps, not just my browser

    - If it's acting up, I can just disconnect from the VPN to disable PiHoling

    - Don't have to expose my home IP address and open a port for the world to start banging on

  • by TriangleEdge on 2/18/25, 9:14 PM

    I have a script update my hosts file to route domains to 0.0.0.0 and ::0 . I get the domains from https://github.com/StevenBlack/hosts.

  • by unsnap_biceps on 2/18/25, 6:49 PM

    Does anyone know if pihole is ever going to add DoH or similar support natively? I've had such troubles with cloudflared awhile back that I gave up on DoH, but would love to encrypt those queries.

  • by plg on 2/18/25, 7:24 PM

    love pi-hole

    we block all meta and X properties from our home network, also ads

    and it's self hosted on our own metal

    it's a wonderful life

  • by wkyleg on 2/18/25, 8:32 PM

    In my experience Pi hole is a very worthwhile investment. People who used my internet when I had one would remark how much faster it was. Everything in general seems faster, even things that you wouldn't think of. I typically use Brave for browsing which has good ad blocking capabilities, but this adds a whole additional layer.

    The only reason I don't use one now is that I travel a lot more so it's irrelevant, and I have to work enough on tools with Google/Vercel/other analytics that it is just very inconvenient.

    Regarding smart TVs, I have found that it's better to just use an Apple TV or Kodi box and never connect to them internet though. Having said, I gave my TV away because I never used it, so this might not be as up to date. A Pi hole will block ads on smart TVs though.

  • by ProllyInfamous on 2/20/25, 6:24 PM

    I make these suggestion during all conversations about PiHoles:

    Use Class A2 SDmicro cards (they'll last significantly longer... particularly if you keep logs). There are additional 3rd-party installations which can write into RAM, but IMHO it's easier for most new users to just buy better NANDs.

    Set up more than one physical Raspberry Pi, running multiple versions of PiHole software on multiple IP addresses.

    Have your main DHCP router auto-issue DNS information for your "most permissive" PiHole, with a minimal list of choice URL-blocks (e.g. pagead2.* , doubleclick). Individual clients can then manually change DNS server to 2nd (3rd... 4th...) PiHole(s) which are each more-restrictive.

    This allows non-technical users to still browse somewhat ad-free, but also won't block banking/govt/etc for novices. As a failsafe, teach users to enter your router's IP as DNS x.x.x.1 [should they ever need to bypass local filtering, entirely].

    I use sequential IP addresses [192.168.0.6, x.x.x.7, x.x.x.8, x.x.x.9] so it's easier to explain/teach my networks ad-blocking capabilities. YES, I understand that Pi-Hole allows different clients to follow different rulesets, but if you can afford to buy redundant hardware it's just so much easier to change the client DNS server information when a specific website isn't working correctly [due to erroneously blocked host].

  • by kmfrk on 2/18/25, 7:05 PM

    Lots of great memories using Pi-hole and messing with RPi. I eventually ended up putting my devices on Tailscale and managing DNS through it, eventually using Mullvad VPN as the exit node.

    Pretty good interface, and most people just have to connect using the app. Having a virtual network between devices with dedicated IPs is pretty nice too.

  • by lanthade on 2/18/25, 8:51 PM

    The big feature miss for me in this announcement is baked in support for configuration sync between servers. Redundant DNS is common and it would be nice if pi-hole supported this oob. Making it even better would be an ability to see stats across all synced servers from one location.

  • by urbanporcupine on 2/19/25, 11:34 AM

    I am a beginner and never used Pi-Hole before.

    I checked that Pi-Hole can run on Raspberry pi zero as per the GitHub. But would you recommend to use Raspberry Pi 5 2 GB or 4 GB RAM instead of Raspberry Pi zero. I don't have any Raspberry Pi and I intend to make a new purchase.

  • by unethical_ban on 2/18/25, 7:58 PM

    Slightly off topic, but it annoys me that protonvpn does not allow split tunnel of DNS to an internal host. It calls this DNS leak protection, which is a good default. But I want to run my own DNS server and I know what I'm doing, and the Proton GUI won't let me.

  • by Netcob on 2/18/25, 9:18 PM

    Finally a REST API!

    I've been waiting for this - I wanted to play around with blocking distractions on various rules, but controlling pi-hole remotely was a huge pain and often didn't work until now.

  • by dmacvicar on 2/19/25, 7:44 AM

    I do something similar to Pi-Hole using plain dnsmasq.

    I use two old PINE64 (one with FreeBSD, one NetBSD to make it more fun), and the Ansible configuration downloads https://github.com/ShadowWhisperer/BlockLists and creates a file dnsmasq can use. Which lists from the repo to use is defined as a variable.

    Works very well and I feel I can understand what is going on.

  • by RandomDistort on 2/18/25, 8:28 PM

    Not sure if this is the right place to ask, but I've got a semi-obscure DNS question.

    I'd like to use Cloudflare's Zero Trust DNS filtering with DoH by running a DNS proxy on my network.

    I can get this to work great with github.com/adguardTeam/dnsproxy (running on a Pi 4B) but what I would really like is to have different devices (based on their IP on the network) get their queries forwarded onto a different DoH upstream.

    Is this possible in a simple way?

  • by ConanRus on 2/18/25, 7:38 PM

    We’ve integrated a new REST API and embedded web server directly into the pihole-FTL binary. This eliminates the need for lighttpd and PHP"

    oh noes!

  • by mrbluecoat on 2/18/25, 8:33 PM

    5+ year development cycle. Impressive! https://pi-hole.net/blog/2023/10/09/pi-hole-v6-beta-testing/

    Any details on what HTTPS support provides, other than a TLS connection to the admin dashboard?

  • by eellpp on 2/19/25, 4:48 AM

    Have used pi hole for over 5 years and very happy with it. Most times I use it via phone to manage kids devices to block/unblock access etc and this also works quite well . Thank you very much

  • by miningape on 2/18/25, 8:18 PM

    Ha! I bought a Pi5 as a Christmas present for myself, I've only done some basic setup and gotten sidetracked by other projects - but setting up pi-hole is near the top of my list of sh*t to get done

  • by sizzle on 2/19/25, 7:16 AM

    Will it block YouTube ads?

  • by ncrmro on 2/18/25, 7:50 PM

    Nice.

    I wish pihole or adguard would add support for change DNS records based on the query subnet. I believe this is called DNS views.

    That way my local devices and wireguard devices can get the correct IP for internal services.

  • by kayson on 2/18/25, 7:14 PM

    I wish pfblocker-ng was as easy to use and polished as pihole. It seems silly to run an extra DNS resolver if I'm already running one on pfsense, but the interface makes it tempting

  • by Havoc on 2/20/25, 1:14 AM

    Can it do native dns over http yet? Without hacky unbound proxy I mean.

    That’s why I switched to affairs home but wouldn’t mind switching back

  • by TZVdosOWs3kZHus on 2/19/25, 7:39 AM

    Came here to give a big THANK YOU to everyone making this project possible.

    I am using Pi-Hole for about 8 years and can't imagine a world without it.

    Another big THANK YOU to all list maintainers out there. You're doing an incredibly useful service to the community.

  • by opengears on 2/19/25, 10:44 AM

    if you are on openwrt i can recommend checking out unbound and adblock as alternatives (running directlly on your routers without the need of a raspberry pi)

  • by issafram on 2/19/25, 1:13 AM

    FINALLY. that dev branch was out there forever

  • by nirav72 on 2/18/25, 9:17 PM

    Still no wildcard domain support for local DNS.

  • by jedisct1 on 2/18/25, 7:16 PM

    I just use dnscrypt-proxy directly.

  • by bangaladore on 2/18/25, 6:52 PM

    Ironically their website has been hugged to death.

  • by peme969 on 2/19/25, 4:38 AM

    noice