Scott Helme has a detailed procedure of how to configure Raspberry PI to act as a DNS resolver with DNS-level “content-blocking” for a network. It is a great weekend project, fun and useful. The hardware cost is around 100 CAD on Amazon.
- Content filter on DNS level, including ads and known nasty sites.
- Reduced web traffic. Depends on sites you visit, but 40% is a reasonable expectation.
- Upstream DNS queries are directed over https, so you get some extra privacy.
- Pages load faster, take a look at the example.
- Pi-Hole has a nice admin interface, so you get insight into DNS chatter on the network.
Here are network requests for a home page of a popular news site using default (no filtering) DNS resolver. In total it took 395 requests, 5.3 MB and six minutes to load.
Now if I switch to the DNS resolver on Raspberry PI:
Total of 143 request, 2.7MB to load, and 20.75 seconds. Take a look at all the lines in red with failed status, this is where the domain got blocked by the pi-hole on the Raspberry.
That’s ~ 50% less data and 17 times faster.
When using VPN
Note that this setup does not provide benefits for devices that use VPN. If a device, say a smart phone, uses VPN then all web traffic from the phone is directed via an encrypted connection to a server of your VPN service provider. VPN providers often use their own DNS servers. Some of these provide content-blocking service similar to the one described in this article. You may want to check if your VPN service includes filtering of known bad sites, trackers, and ads. Do not disable your VPN, simply use in-browser filtering tools.
It took me a weekend to set it up, and it works fine. Here are just a few tips that may save you some time.
- Get a Raspberry PI starter kit and an extra micro SD card of 32 GB.
- Format the extra SD card to FAT32 on your desktop or laptop. This SD card will be used to install minimal version of Raspbian Linux. The SD card in the kit comes with a full-blown desktop installation.
- Download NOOBS LITE from
- Compare the signature (SHA256) of the file with the one listed on the site. Continue only if signatures match. If signatures differ, try downloading again. If the problem persists ask for help, do not continue.
- Extract the zip file to a directory and copy all files to the SD card. Do not copy the top directory, just all files and directories below it.
- Follow the quick-start guide from your kit to assemble the unit. Use this new SD card, instead of the one from the box, to boot the Raspberry PI.
- Connect the Raspberry PI to your wireless network and select Raspbian Lite for the operating system; wait for the download to finish.
- There is no GUI in Raspian Lite, login with defaults
- Change the password by typing passwd; choose a strong one and write it down.
- Enable SSH by typing sudo raspi-config, select Interfacing Options, select SSH, choose OK and Finish.
- Write down MAC and IP addresses of wired and wireless adapters by
- Now you can SSH to the Raspberry PI from a laptop or desktop by
ifconfig eth0 ifconfig wlan0
This completes the setup phase. Continue by following instructions from Scott Helme’s site.