You're running Pi-Hole wrong! Setting up your own Recursive DNS Server!

a couple months ago i promised a brand

new tutorial on getting piehole up and

running as the ultimate do-it-yourself

dns server

and this is finally that video today i'm

going to walk through installing pihole

getting it set up as a recursive dns

server and eliminating the need to

forward your dns requests to third

parties like

google opendns or your internet service

provider

let's get started

[Music]

welcome back to craft computing everyone

as always i'm jeff

today's video is all about setting up

piehole as your own personal and private

dns server that you can host yourself

first up let's talk about what pihul

actually is it's a dns server that you

can host yourself

that blocks ads when you attempt to

visit web pages so for example if i

visit the webpage hackaday.com

you can see there are ads at the top and

side of the web page

but if we visit it through a pie hole

dns connection those ads disappear

in its standard configuration pihol is

what's known as a forwarding dns server

in that it only has a very specific list

of websites that it has the ip address

for resolution

and if it doesn't have that address it

will forward you on to the next dns

provider that you've configured

so if you type in the website

hackaday.com into your web browser that

request is forwarded onto pihole

since pihold doesn't know where

hackaday.com is since it's not an ad

serving website

it will forward that request onto the

next dns server that you've configured

that dns server will then forward back

down the ip address for hack a day

through piehole and into your pc

however while hackaday is loading it

also wants to load up a whole bunch of

websites that contain ads

when those requests go to pihole it is

in the adblock list and so they are

filtered out

everybody got that good because i'm not

saying it again

so by default pie hole runs great for

its advertised features

however there is a lot more power under

the hood with a little bit of tweaking

and that's what we're going to do today

we're going to set a pie pihol as what's

called a recursive dns server

that is essentially what you forward on

your request from pihole to such as

google and

opendns when you ask pyhol where is

hackaday.com

if it doesn't know the answer it will

actually seek out what's called the

authoritative domain

server of hackaday.com and get the

answer from them directly

on the very first request of a website

this will take a little bit longer than

usual

however pihl will also cache that

information for future use so the next

time you visit the website

it loads much much faster what's more

rather than sending all of your dns

requests to a third party

you're going to be getting your

information directly from the ip server

itself

and cutting out the middleman entirely

so not only will the third party dns

servers no longer be able to compile a

complete list of your internet browsing

history based off the websites that you

visit

you're also going to be safer from dns

spoofing such as serving up a fake

website when you try to visit your bank

so with all the introductions out of the

way let's go ahead and get to building

our piehole server

first up i'm going to create a new

virtual machine inside of proxmox

however you can run this on a raspberry

pi or on your own hypervisor of your

choice

i'm going to go to create new virtual

machine i'm going to number it number

410

i'm going to name it homelab dash pie

hole dash

ftl go ahead and click on next under os

we're going to select the ubuntu 20.04

live server iso

now again ubuntu 2004 server is my linux

distro of choice

this isn't the time for that argument so

use what you like i'll use what i like

the commands are the same click on next

under hard drive i'm going to go and

give this thing

40 gigabytes no real reason for that i

just have lots of space on the server

and i'm going to select my local server

for storage click on next

under cpu i'm gonna give this four cpu

cores which is again

way more than enough but i have lots of

headroom

click on next i'm gonna give this four

gigabytes of ram

click on next i'm gonna leave network

settings at default click

on next and then click on finish once

that's been created i'm going to open up

the console and we'll go ahead and get

ubuntu installed

for the installation we're going to

leave pretty much everything at the

default so english as our main language

we're not going to read the release

notes we're going to verify that we have

a us language keyboard

i'm going to leave this at dhcp for

right now we're going to give our server

a name so home lab dash

pihole ftl pick a username

i usually go with administrator on a lot

of my servers give it a password

and we are going to install openssh

server because that will make the

installation easier later on

so go ahead and check that box and click

on done

click on done again and now we just wait

for the installation to complete

once ubuntu is back up and running we're

going to go ahead and log in it with the

credentials you set up during

installation

and the only thing we need to do here is

find out the ip address

so we can ssh into the box so i'm going

to type in ipspace address

and listed right here is my ip address

so 192.168.1.99

and that's all i need so i'm going to go

ahead and exit out of this session

now that we have the ip address go ahead

and log into the server over ssh with

the ssh terminal of your choosing

in this case i am using putty but again

you can use whatever you'd like

this isn't the place for that argument

if i could type today that would really

help things out

first things first we're going to

install pi hole exactly as we usually

would

and there's a handy little script right

here that you can get off either the

github or pi hole websites

so i'm just going to copy that i'm going

to type in sudo

paste in that script and then hit enter

and pi-hole will automatically install

itself and while we're waiting on this

to happen it's a good time to introduce

today's video sponsor

lenode a lot of my audience watches for

the home lab content like you all are

doing right now

but not everyone has the finances or

wants to dedicate an entire room to

setting up their own home lab

i mean just think about what i've gone

through here i added two 20 amp circuits

to my house plus an air conditioner

dedicated for my rack

not everyone wants the noise of a full

data center in their garage

rather than hosting your own personal

cloud let lenode host it for you

if it runs on linux it'll run on the

node and that includes the software in

today's video tutorial

you can set up your own ad blocking

recursive dns server

or set up your own personal vpn tunnel

so you can browse the web securely

wherever you're at from any device

linux makes it easy to deploy and manage

your own cloud services

with solutions starting from a single

shared cpu to massive multi-core virtual

machines

with shared cpu plans that start at as

little as five dollars per month

and scaling up to as high as you need to

go you'll be able to find a hosting plan

that fits your needs

install your favorite server apps and

services from scratch or start with one

of the many pre-configured one-click

installs from the lenode app marketplace

even if you do host your own servers you

can use lenode to keep a backup of your

systems off-site

visit lenode.com craft computing and

receive a 100

60-day credit when starting a new

account and get your home lab up and

running today

that's lenode.com craft computing and

now

back to the piehole installer we're

pretty much going to use nothing but the

default settings in the installer itself

so it lets us know that it will

transform our device into a network-wide

ad blocker but

we're gonna do just a little bit more

than that so go ahead and click on ok

first thing it'll ask you is to set up

an upstream dns server this is so the

dns forwarder inside of pi hole can work

now for right now we're just going to

select google however later on we will

be removing that entry and letting pi

hole get its own dns

by default right now pihole comes with

the stevenblock adblock list and that's

pretty much all you need to move forward

so go ahead and click on ok

we're going to block ads over ipv4 and

over ipv6 so again go ahead and click on

ok

and then it's going to ask if you want

to convert your dhcp address into a

static address i'm going to go ahead and

click on yes because this is only going

to be a temporary solution for me

you can also click on no and assign it a

new dhcp address

or set it whatever static address you

want do you wish to install the web

admin interface

of course i do yes you want to install

the web server and require php modules

of course also yes

do you want to log queries now this will

keep a comprehensive list of all of your

dns requests

however that kind of spits in the face

of the privacy aspect of it

for my use case i'm going to go ahead

and select yes because i don't care if

my dns queries are logged on my own

server but if that's a concern of yours

click no if you selected that you want

to keep logs there are four different

modes the default is show

everything which keeps a record of a

client and what website they tried to

access

there's hide domains there's hide

clients and domains and then there's

anonymous mode

again for my use case i'm going to show

everything

and after about 60 seconds or so pie

hole should be completely installed and

we can bring it up inside of a web

browser

and installation is now complete now the

one thing you need to take note of is

how do you actually access the web

interface

so for most people it's going to be the

ip address forward slash admin

there's also a password right here that

you need to take note of

or you can reset the password from the

ssh session you're in right now

if you do want to set up a custom

password for the pi hole web interface

the command is hole dash a dash

p and then whatever your password will

be so i'm gonna type in password

one i know nice and secure once the

password has been set it's a good idea

to try to log into the web interface to

make sure it's correct

so i'm gonna go to 192.168.1.99

forward slash admin if pihul is up and

running correctly you should see this

interface right here

i'm going to go down to the login tab

and then i'm going to enter the password

that i set inside the terminal so

password1

if that's successful you'll have a bunch

more options here on the left hand side

and you know you have admin access

and now for the secret sauce that

transforms this standard ad blocking

installation of pi-hole

into a full recursive dns server and for

that we're going to install unbound

now down in the video description i will

have a link to the full written tutorial

over on the pi hole website

i do recommend definitely clicking on

that as you're going to want to get in

on that copy pasta action

so first up we're going to go ahead and

update our app repository so

sudo apt update

once that's done we're gonna install

unbound so sudo

apt install unbound

and yes i would like to continue once

inbound has been installed

the fun part starts we actually need to

write our own configuration for unbound

to actually work

lucky for us there is an example

configuration file on the pi hole

website

so again you're going to want to go down

there and copy that but for right now

let's go ahead and create that

configuration file first

so i'm going to go up to this directory

right here and copy that from the pi

hole website

i'm going to do sudo nano and then paste

that directory in that will create that

configuration file for us and next i'm

going to copy this configuration file

right here so

copy that and then paste it in with all

of that pasted in there i'm going to hit

ctrl

x to exit i'm going to hit y to save and

i'm going to hit enter to confirm the

file name

now part of that configuration file was

actually to change the dns port inside

of unbound from 53 to

5335 now why would we do something like

that when all of the clients on your

network are expecting port 53

well pihul is already listening on port

53

and you can't listen on the same port

with two different services

so the way your network will be set up

now is pihole will be your dns server

that all of your clients communicate

with

and since it's on port 53 there's no

configuration change you need to make on

the clients

pyhol will then forward those requests

to unbound via port 5335 as a standard

dns request on a secondary port

from there unbound goes out to the

internet and finds the authoritative

domain server you were looking for

forwards that request back to pi hole pi

hole strips out all of the advertiser ip

addresses out

and feeds you the end client a clean ip

address

so we're going to go back to our pi hole

main page here i'm going to go to

settings

i'm going to click on the dns tab up at

the top i'm going to uncheck the two

google dns servers that we set up during

the installation process and scroll down

to upstream dns servers

i'm going to check the box on custom 1

ipv4 and type in 127.0.0.1

pound 5335 sorry

i'm old once that is done go ahead and

scroll all the way to the bottom of the

page and click on

save and with that your pi hole server

should now be up and running as a full

recursive dns server with everything set

up and ready to go let's go ahead and

test pi hole both as an ad blocker and

as a recursive dns server

so as you can see on the left side i

have my pi hole logging and on the right

hand side

i have msn one of the most notorious ad

heavy websites in existence like

why would anyone come here this is an ad

at the top this is an ad in the middle

this is an ad right here mixed in with

some news headlines but most of them

sponsored

over here is topics for you which are

all ads honestly it's just

terrible so let's see if we can fix it

just a little bit

i'm going to bring up my network

interfaces we're going to open up my

ethernet connection i'm going to go down

to properties

i'm going to go to ipv4 connections and

then down at the bottom i'm going to say

use the following dns server address and

i'm going to type in the ip address of

my pi hole server so 192.168.1.99

hit ok and close we're going to open up

a new tab and i'm going to go to msn.com

again

now this website is not a great example

again because microsoft likes to host a

lot of their own ads

but as you can see a good number of them

have gone away it's no longer asking me

to switch to edge chromium from firefox

in a banner up at the top

there's no ads right here in the center

although the logo for add choice is

still right there

and this big large video player is now

also gone

now let's see what happened inside a pie

hole down here at the bottom of our log

history you can see a bunch of requests

that say forward it on to localhost

5335.

that is pi hole responding saying i

don't know what the dns is asking for

i'm going to forward this on to unbound

so unbound can find the actual domain

route

as we scroll up a little bit you see a

bunch of results that are starting to

say okay

cached those are websites that pihl has

actually

cached the data of so it knows the ip

address directly and can serve that

query directly to the client

rather than forwarding that query off to

unbound and having unbound find the

domain root off on the internet

pihul can respond to that request

directly which is exactly what a

recursive dns server does

you can also see a bunch of requests

that are being blocked and that is pi

hole saying that is part of my ad

repository

you're not allowed in so there you go an

ad blocking and recursive dns server all

in one very tidy package

but for home lappers there's one more

very important feature that i'd like to

draw your attention to

and that's that pi hole can now respond

to local dns queries now pihole could

kind of always do this and i've used it

for this purpose before

but before you had to go into the pie

hole hosts file

and manually add in the ip address of

any local dns queries you wanted to

respond to

now there's actually a dedicated tab

just for local dns

so if i go down here to the local dns

tab and dns records

i can create dns records based off

internal services that i run

in my server stack that is pretty cool

with that

i think you have everything you need to

get up and running with pi hole as a

recursive dns

server ad blocker and even a local dns

authority

if you have any questions or comments

about this video go ahead and leave them

down below and i will do my best to

respond

on your way down there make sure to drop

this video a like and subscribe to craft

computing if you haven't done so already

follow me on twitter at craft computing

to keep up with my daily shenanigans

and if you like the content you see on

this channel and want to help support me

in what i do consider joining the

patreon or float plane links are also

down in the video description

as a bonus you'll get exclusive access

to the discord server where you can chat

with myself and join the ever-growing

community over there

and it gives you an opportunity to pick

my brain without blasting me with

twitter dms

that's gonna do it for me in this one

thank you all so much for watching and

as always i will see you

in the next video cheers guys

[Music]

today's beer is from fry geist beer

culture and it is the elf schneider

hoppy german style hefeweizen ale

6.0 percent they are out of st louis

missouri

and appear to possibly be a gypsy brewer

as it says on the side brewed and canned

by urban chestnut brewing company st

louis missouri for fry geist

so uh using someone else's facility to

brew your own beer

it's got kind of an interesting smell to

it um

let me see if there's any hint about

what hops they're using fried ice was

founded in 2009 with a mission to revive

germany's lost artisanal ales we now

offer bold american influence

american brood twists on our homeland's

most popular beer styles

generous editions of cascade and mosaic

cops gives this german style hypervison

ale its

tropical fruity notes an extra burst of

american style bitterness

okay so cascade and mosaicops i thought

i smelled mosaic but

those cascades were kind of throwing me

for a loop that is definitely an

interesting beer

i think i like it but i'm not quite sure

yet

this reminds me kind of like doing a

shandy though with uh

like grapefruit soda and a lager but

it's an ipa and a hypovision

like it's definitely tropical but it's

much more of like a melon

kind of tropical it's not citrusy uh

it's very interesting

yeah your brain tells you ipa and then

there's that

rich banana kind of like flavor from the

german malt

that just kind of carries the back of

the flavor but i'm also missing some of

those

quintessential hepa vise and spices and

and and taste that are usually so

predominant in half

beers um it's a little conflicting it's

it's weird i'll say this one is

interesting um

i'm not disappointed in it it's not a

bad beer but it's not

it's not doing it for me either um if it

is being called a half i'd prefer it be

a little bit more towards the heifen and

a little bit less americanized

however it's not quite americanized

enough for me either

as the hop flavor just really isn't

quite

there to be fair it's a fine drinkable

beer

i just don't think this one's for me

you