I care about my own information security and I don't want to put up with such flow of ads.
The first and the simplest step of the fight is AdBlock plugin in the browser.
Ths second step is custom hosts file. In this manner you may protect a few PCs, but it is difficult to cover each device in your network. Also, large hosts file can affect performance.
The third step is your own DNS server that will filter all requests from each device. The solution is Pi-hole.
As a platform for the Pi-hole I choosed a small device NanoPi NEO3 with 4 ARM cores (Cortex-A53 up to 1.3GHz) and 1 GB RAM (DDR4) on Ubuntu Core 18.
Installation process is quite simple
- Download and flash a special version of Ubuntu (Ubuntu 18.04.3 LTS in my case) to microSD.
- Update Ubuntu and all packages:
sudo apt-get update
After upgrade I got Ubuntu 18.04.5 LTS.
sudo apt-get dist-upgrade - Change timezone:
sudo timedatectl set-timezone Europe/Moscow
- Change password of "pi" and "root" users:
passwd
sudo passwd root - Install Pi-hole.
- Set IP of Pi-hole as preferred DNS server in config of DHCP server.
After those steps Pi-hole works well, but I was worried about 2 things
- SoC temperature was quite high (64°C)
According to the datasheet "Max Conjunction Temperature" of Rockchip RK3328 is 125 °C.
Load and frequency of CPU are minimal, therefore limiting the frequency won't help.
My kit does not have a fan, so I opened bottom part of the box and the temperature reduced to 49-52°C. Perfect.
- DNS over HTTPS
Pi-hole does not have built-in support of DoH (DNS over HTTPS) and DoT (DNS over TLS), but you can configure it manually in 2 minutes.
Now all DNS requests from any of my devices are secured.
Some interesting things
- NanoPi NEO3 can't boot from USB drive, only from microSD card (16GB minimum).
- Radiator on SoC NanoPi NEO3 is 30 x 35 mm. The board has 2Pin JST ZH 1.5mm connector for fan.
- Ubuntu Core Ubuntu 18.04.5 LTS + Pi-Hole 5.1.2 + cloudflared leave about 60% free memory (1GB total).
- Use suitable power adapter, device consumes about 1A.
- On "Query Log" page Pi-hole shows latency of each DNS query. That could help to choose fastest/closest DNS service. For me, it's Cloudflare with 8-30 ms in DoH mode.
Finally, this small box blocks about 12 - 19% of DNS requests. I think that's a lot.
Great guide! I have done the exact same setup (mostly). I got pi-hole running with no issues but ran into an issue setting up DNS over HTTPs and can't figure it out. The page you referenced I used and could not get to actually run after installing. I setup the system with Friendlycore and had to install nano for some of the commands as it was not natively part of the OS. Any tips or tricks to getting DOH running on this?
ReplyDeleteHello,
DeleteWhere did you stop?
1. Did you install the "cloudflared" package (https://docs.pi-hole.net/guides/dns/cloudflared/#amd64-architecture-most-devices)?
2. On "Configuring cloudflared to run on startup" step you need "nano" editor. My advise is to use "Automatic way" (https://docs.pi-hole.net/guides/dns/cloudflared/#automatic-way)
3. On the last step you need to configure the Pi-hole from web (https://docs.pi-hole.net/guides/dns/cloudflared/#configuring-pi-hole).
I'm glad to help.
This comment has been removed by the author.
DeleteThanks for the reply, I tried the steps again and got it working today. Unsure what was tripping me up yesterday other than not having Nano installed but I seem to be up and working via your check command above. This page from Cloudflare was also a good find for validating the settings: https://cloudflare-dns.com/help/
Delete