Back to Portfolio
πŸ“Œ Project Overview

This documentation details the complete setup of a Pi-hole DNS sinkhole on a Raspberry Pi to block advertisements, trackers, and malicious domains across an entire home network. This project demonstrates practical skills in Linux system administration, networking, DNS configuration, and cybersecurity hardening.

🎯 Project Objectives

βš™οΈ Technical Specifications

Hardware Raspberry Pi Zero 2 WH
MicroSD Card (16GB+)
Power Supply (5V/2.5A)
Software Raspberry Pi OS (Debian-based)
Pi-hole v5.x
NetworkManager
Network Config Static IP: 10.0.0.153
Gateway: 10.0.0.1
DNS: Cloudflare (1.1.1.1)
Access SSH enabled
Web interface: http://10.0.0.153/admin
mDNS: raspberrypi.local

πŸ”§ Installation Process

1Initial System Preparation

After flashing Raspberry Pi OS and enabling SSH, connect from your workstation:

# Discover Raspberry Pi on the network sudo nmap -sn 10.0.0.0/24 # Connect via SSH (default password: raspberry) ssh pi@10.0.0.153

2System Update and Security

First, secure the system and update all packages:

# Change default password passwd # Update system packages sudo apt update && sudo apt full-upgrade -y sudo apt autoremove -y # Install essential tools sudo apt install -y curl git htop vim net-tools

3Configure Static IP Address

⚠️ Important

Modern Raspberry Pi OS uses NetworkManager instead of dhcpcd. If you see dhcpcd.service not found, use the NetworkManager method below.

Method 1: NetworkManager (Recommended for newer Pi OS)

# Open network configuration interface sudo nmtui # Navigate: Edit a connection β†’ eth0 β†’ IPv4 Configuration β†’ Manual # Set: # Address: 10.0.0.153/24 # Gateway: 10.0.0.1 # DNS servers: 1.1.1.1, 8.8.8.8 # Restart networking sudo systemctl restart NetworkManager # Verify IP configuration ip -4 addr show eth0

Method 2: dhcpcd (Legacy method)

# Edit DHCP configuration sudo nano /etc/dhcpcd.conf # Add the following lines: interface eth0 static ip_address=10.0.0.153/24 static routers=10.0.0.1 static domain_name_servers=1.1.1.1 8.8.8.8 # Restart DHCP client sudo systemctl restart dhcpcd

4Verify System Resources

Ensure sufficient disk space and system health:

# Check disk space (should have 1-2GB free minimum) df -h # Clean up if needed sudo apt-get clean sudo apt-get autoremove -y sudo journalctl --vacuum-size=100M # Check system status uptime free -h

5Install Pi-hole

Run the official Pi-hole installer:

curl -sSL https://install.pi-hole.net | bash
πŸ“‹ Installation Wizard Choices
  • βœ… Network interface: eth0 (or wlan0 for Wi-Fi)
  • βœ… Upstream DNS: Cloudflare (1.1.1.1) - fast and privacy-focused
  • βœ… Blocklists: Use default StevenBlack list
  • βœ… Admin Web Interface: Yes
  • βœ… Web Server: Lighttpd (default)
  • βœ… Logging: Enable query logging
  • βœ… Privacy Mode: Show everything (can adjust later)

6Configure Router DNS

Point your router's DHCP server to use Pi-hole as the DNS server:

  1. Access your router admin panel (usually http://10.0.0.1)
  2. Navigate to DHCP settings
  3. Set Primary DNS to: 10.0.0.153
  4. Save and reboot router (or renew DHCP leases on devices)
βœ… Result

All devices on the network will now use Pi-hole for DNS resolution, automatically blocking ads and tracking domains without any per-device configuration.

πŸ–₯️ Web Interface Configuration

Access the Pi-hole admin dashboard at:

http://10.0.0.153/admin # or http://raspberrypi.local/admin

Setting/Changing Admin Password

pihole -a -p # Enter new password when prompted

Key Dashboard Features

πŸ“Š Results and Performance

πŸŽ‰ Immediate Impact
  • βœ… Network-wide ad blocking active across all devices
  • βœ… Mobile apps, smart TVs, and IoT devices protected
  • βœ… Reduced bandwidth consumption
  • βœ… Faster page load times (no ad resources loaded)
  • βœ… Enhanced privacy (blocked tracking pixels and analytics)

πŸ“Έ Project Screenshots

Pi-hole installation process - network detection Pi-hole installation - upstream DNS selection Pi-hole installation - blocklist configuration Pi-hole installation - web interface setup Pi-hole admin dashboard showing blocked queries Query log showing DNS requests and blocks Statistics and analytics dashboard Additional Pi-hole configuration Network statistics Blocklist management Pi-hole performance metrics Advanced settings configuration Network-wide protection overview Mobile device ad-free browsing Mobile device DNS config

πŸ”’ Security Hardening (Optional)

Enable HTTPS for Web Interface

sudo apt install lighttpd openssl -y sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 \ -keyout /etc/lighttpd/server.pem \ -out /etc/lighttpd/server.pem

Install Fail2Ban for Brute-Force Protection

sudo apt install fail2ban -y sudo systemctl enable fail2ban sudo systemctl start fail2ban

Update Pi-hole Blocklists

# Update gravity (blocklists) pihole -g # View available commands pihole -h

πŸ§ͺ Testing and Verification

Test DNS Resolution

# From any device on your network nslookup google.com 10.0.0.153 # Should return a response (DNS working)

Test Ad Blocking

# Watch queries in real-time pihole -t # Or visit test pages: # https://pi-hole.net/pages-to-test-ad-blocking-performance/

Monitor Query Logs

Check the Query Log in the web interface to see which domains are being blocked in real-time. You can whitelist or blacklist domains as needed.

πŸ› Troubleshooting

DNS Not Working

Cannot Access Web Interface

Some Sites Breaking

πŸ’‘ Key Takeaways

πŸš€ Future Enhancements