The idea is to have a way to block advertisement and trackers on my entire network. uBlock Origin is a great browser plugin that blocks those things on webpages, but I am lazy and want a solution that works for my laptop, phone, and guest’s devices as well. And that’s what PiHole tries to do.
I have an old Raspberry Pi 3 B+ that is now unused. Here is how I set it up to use PiHole.
System set up
This part is setting up a new computer, not much to discuss here:
- follow the installation instructions, with the AArch64 thingy.
- update the system
- user configuration
alarmpass to something better
rootpass to something better
- system configuration
- set up ssh
- allow only ssh keys
- disable root login
- generate and enable a new ssh key
- change GPU memory to 16 MB
- set up hardware RNG (I like randomness)
rng-toolsand configure it:
$ cat /etc/conf.d/rngd RNGD_OPTS="-o /dev/random -r /dev/hwrng"
- entropy increased from ~3700 to ~4000
- can read from
/dev/randomat ~71 MB/s:
$ dd if=/dev/random of=/dev/null bs=1024 count=500000 iflag=fullblock 500000+0 records in 500000+0 records out 512000000 bytes (512 MB, 488 MiB) copied, 7.19274 s, 71.2 MB/s
- set up time and timezone
systemd-timesyncd.serviceas an NTP client
- time zone:
timedatectl set-timezone America/Sao_Paulo
- move to permanent location
- set up fixed IP address with systemd-networkd
- set up
Some nice commands to run after everything is in place, just because:
$ uname -a Linux alarm 5.8.0-1-ARCH #1 SMP Sun Aug 9 00:03:44 UTC 2020 aarch64 GNU/Linux $ lscpu Architecture: aarch64 CPU op-mode(s): 32-bit, 64-bit Byte Order: Little Endian CPU(s): 4 On-line CPU(s) list: 0-3 Thread(s) per core: 1 Core(s) per socket: 4 Socket(s): 1 Vendor ID: ARM Model: 4 Model name: Cortex-A53 Stepping: r0p4 CPU max MHz: 1200.0000 CPU min MHz: 600.0000 BogoMIPS: 38.40 Vulnerability Itlb multihit: Not affected Vulnerability L1tf: Not affected Vulnerability Mds: Not affected Vulnerability Meltdown: Not affected Vulnerability Spec store bypass: Not affected Vulnerability Spectre v1: Mitigation; __user pointer sanitization Vulnerability Spectre v2: Not affected Vulnerability Srbds: Not affected Vulnerability Tsx async abort: Not affected Flags: fp asimd evtstrm crc32 cpuid $ free -h total used free shared buff/cache available Mem: 899Mi 76Mi 41Mi 0.0Ki 781Mi 808Mi
And this system needs almost 19 seconds to boot:
$ systemd-analyze Startup finished in 7.670s (kernel) + 10.919s (userspace) = 18.590s graphical.target reached after 10.904s in userspace
It takes roughly 3 times longer than my 5-year old x86_64 laptop.
Following the instructions in ArchWiki:
- install pihole-server:
yay -S pi-hole-server
- install php things:
pacman -S php-sqliteand enable the necessary extensions
php-cgifor the web interface
60.0to minimize writes to the SD card
- set up DoH for DNS over HTTPS:
$ yay -S cloudflared
- add some IPv6 entries in
- in the web settings page:
- disable all DNS servers and use
- enable DNSSEC
- disable all DNS servers and use
I have a very low quality modem/router from my ISP. It randomly resets the admin password, hopefully it will retain my custom DNS/DHCP configuration. The only configuration needed is to set the Raspberry Pi as the only DNS server in the DHCP settings. This was the most “complicated”/boring part of the setup, mainly because I had to reset the modem to log in.
My thoughts so far
My SD card is slow as hell. It takes forever to update something and/or move data in it. Maybe I got used to my laptop with a good SSD and everything slower became a headache? Or maybe the combination of a medium quality, old SD card plus a Raspberry Pi is indeed slow.
The fan I added to the rasp is very noisy. That is annoying and I will probably turn it off. I should monitor the temperature under high load to see if it needs active cooling. It shouldn’t need, but I have a 3D printed case, so air circulation is limited.
AArch64 support is still crappy. This is the most disappointing thing I noticed. Years of product in the market and yet no decent support. I expected more from the Raspberry Foundation.
PiHole is more efficient than I previously thought. Usually I have two or three devices connected to my network, and the Pi shows the total RAM usage is about 150 MiB (~15% of the total). The load average is below 0.1. I’m impressed.
It took me about two days to set this thing up. Well, not exactly whole days: a more precise description would be around 2.5 evenings, with some breaks. Was it worth it? Using a Raspberry for something is better than using a Raspberry to collect dust in a shelf. So, probably worth it, although I wouldn’t recommend buying a rasp for this.