Pihole update: how to retain my dnsmaq settings (dhcp, interaface etc.)

Perfect place for all of your DHCP server configurations! Makes the install so much easier when you don't have to set up a router to hand out the Pi-hole addressing.

:smile:
You seem to be figuring out where this project is leading to...?
It will be a "1 box does it all"

So far this is on the box:
nxfilter including shallalist to block apps and porn and...you name it.
PIHole
Privoxy (see the wpad entry's in dnsmasq.) Privoxy includes all Adblock pro filters.
Moboticz
DHCP
Time server.

All is needed to put your router on 192.168.1.1 and stop dhcp on your router. and....
BOOM Bye bye ads. trackers

Ergo the reason why I would like Pihole update to leave lighttpd alone.
There is more websservers running.

Quite impressive! And really once we get some more changes out from our code, you could probably do it on a Zero. The problems you run into with the Raspberry Pi's are the really quite poor networking performance, but there are a number of other card computers we run on. Are you looking at adding on a GPS unit for PPS timekeeping? (I've done a couple and they are quite fun, the new uBLOX 8 is amazing and very inexpensive.)

Understand the request to look out for lighttpd, and we are looking at how best to solve that issue. Its not quite as easy as the 3 way swap that dnsmasq allows us to do!

Good luck and please keep us updated!

I really like the pihole. Very impressive.
Tried someting similair myself with windows sinkhole dns, but that was a disaster.

Will keep you posted.
About time server. Just running the build in fake HW clock of the rasp to keep costs low.
During boot it just updates correct time from internet and then starts acting as time server.
Network seems to be fine in smaller test scenarios.
It only does DNS and small webservices. Pi seems to be fast enough so far.
Worst case I need to move to better hardware, but so far not needed.
For the second dns server I just cloned eth0 to eth4 with this trick:
sudo ip link add link eth0 address fe:06:19:80:36:cc name eth4 type macvlan
sudo ip link set up dev eth4

to do:
Privoxy getting adblock pro rules import to work in Jessie with cron.
PBX? perhaps
Real firewall? and set privoxy as transparent.
Real router (like ddwrt) ?
Real https filtering (very difficult as there is a valid ssl cert needed.)

Also installed:
Samba (so I can edit blacklist , etc.very easy)
shellinabox (try it!!, no more screen needed on your rasp)
raspcontrol
rpimonitor

Any requests?:slight_smile:

I'd say at the minimum put in a $4USD DS3231 TXCO RTC, you'll appreciate it. And move as much as you can to systemd, learn to love it, because it's got some neat tools.

I've been reading up on IncrediblePBX, since I have an OBi 100 thats going EOL soon. And I actually wrote the Arch Arm Linux packaging for RPIMonitor so I'm quite familiar with that package. Good to see that it's coming back into active development.

Perhaps a simple include in your lighttpd.conf template is all that is needed?
If you just give it a fixed name and check for existence during pihole -up?
This way the update can create the file if not existing or leave alone when it is there?

It's conflict resolution, and port sharing/contention that we have to work out.

@jeren1
Would you mention sharing your steps and config files on these?

So far this is on the box:
nxfilter including shallalist to block apps and porn and...you name it.
PIHole
Privoxy (see the wpad entry's in dnsmasq.) Privoxy includes all Adblock pro filters.
Moboticz
DHCP
Time server.

Hi Duceduc,

I need to do a full restore of my system today, as with the latest pihole -up all my config went banana's and my raspberry is not responding anymore. :frowning2:

I do have a backup of the sdcard that will be replaced tonight.
Seems latest pihole version replaces a lot of conf files that confilts with some of my settings.
Can you let me know what config files you need?

@Jeroen1
Thanks for the reply. I was reading your posts and noticed you have install a few clients to stop ads. I wanted to redo my rpi3 setup and tighten up blocking ads. Currently I have just pihole installed and added a tons of ad lists, but I still see ads on sites I frequent most. some users say to install ublock along side with pihhole which I have done. However, if I am on a mobile device, ublock cannot be install.

I am interested in following your setup as you mentioned in one of your posts.

Sorry to hear your rpi is down. Hope you will get it up and running soon.

That's is why I use backups.
(If fact it's just a script I found somwhere on the net called rpi-clone.
Always run that before doning updates and stuff.
That script just copies all to a blank sd card.

To effectivly block ads on a mobile device :using pi-hole + nxfilter + privoxy including the add-blocklists (easylist)
Also you need to use a descent DHCP server (on same raspberry) to tell your mobile devices where to get the wpad.
Just redirecting all traffic through privoxy on the respberry makes it slow, so in wpad.dat you create exclusions.

It was a lot of work getting the all streamlined and there is not such easy thing as "send me the config files" as all is related. When updating pihole a lot off stuff breaks currently and I need to figure out what pihole -up does with my system and why it fails.

I am planning to share my sdcard image in the near future. Would that be an option?

@Jeroen1
That would be great. I will probably pick up another rpi and and use your image for the initial setup. In the meantime, I will study up on your setup. I have never heard of nxfilter.

Just to mention this:
To effectively block them you will only need Pi-hole. It will be fast and lightweight. There might be some special scenarios that need the proxy server on top, but that will obviously slow down the connection by a ton. Pi-hole ships its own DHCP server (see the Settings page on the web interface), so no need for additional software here.
I don't use a proxy server and experience an extremely fast (up to my full broadband speed of > 1GBit) Internet access.

I know:)
I use dnsmasq to send out dhcp and wpad.
My setup uses:
mxfilter to filter catagories (porn etc.) , enable google safe search etc. using pihole as upstream DNS server. Pihole cannot do catagories, nor can it interact with an AD dns server if you have the need for that. NXfilter can.
DHCP sends out a very intelligent wpad file to proxy /not proxy sites.
Privoxy filters out many more you can not filter on dns level: lots of unwanted java crap for example.
I can send you a privoxy logging and you will be amazed how much more is blocked in addition to PIhole blocking. It also does element hiding, removing annoying cookie banners

You can read the forums: using pihole in combination with local adblock/ublock is recommanded.
My setup does all that centrally, so also on mobile devices. Because I combine privoxy with the adblock pro rules.
That is why I combine all this.
An intelligent proxy.pac makes sure there is almost no speed loss.

It is not a competation about what product is best. It's very easy to combine them into 1 small box and have the best of multiple worlds.
If you are happy with pihole (and you should as it is a superp lightweight product) just continue to use it as you are doing now
My posts are just informatical.

What does all the options do? :slight_smile:

http://www.iana.org/assignments/bootp-dhcp-parameters/bootp-dhcp-parameters.xhtml

Thanks load of stuff to read!

Just match the first numbers to the options, everything after the , is the configuration information.

interface=eth0
except-interface=eth1
except-interface=eth4
except-interface=wlan0
-Stop servring DHCP or DNS on any other nic than eth0
bind-interfaces
-Stop servring DHCP or DNS on any other nic than eth0
I have another DNS server running on the same box, so this is to make sure I can start DNS on eth1 etc.

address=/wpad.noads.local/192.168.1.2
address=/wpad/192.168.1.2
-Make sure your machines can find the wpad host (wpad=for auto proxy config): ping wpad=> result 192,168.1.2

dhcp-range=set:red,192.168.1.100,192.168.1.199,255.255.255.0,365d
dhcp-option=tag:red,6,192.168.1.4,192.168.1.2,208.67.222.222,8.8.8.8
dhcp-option=tag:red,option:router,192.168.1.1
-The DHCP scope: range, gateway and option6 dns servers your client should receive. (See the backups in option6 if pihole goes down, your cliets will fallback to )
I needed the tag, but normally you do not need that.

dhcp-option=19,0
dhcp-option=42,0.0.0.0
dhcp-option=44,192.168.1.2
dhcp-option=45,0.0.0.0
dhcp-option=46,8
-WINS and Time server
option 19: Windows clients and Samba.
option 44, 45 46 netbios/WINS

all-servers
-query all DNS upstream servers, so not failover: Use ony if you have the same upstream DNS company

txt-record=wpad,"service:wpad:!http://192.168.1.2:80/wpad.dat?"
srv-host=wpad.tcp.wpad,wpad.wpad,80
srv-host=_wpad._tcp.192.168.1.2,wpad.192.168.1.2,80
dhcp-option=252,"http://192.168.1.2/wpad.dat?"
-Multiple rules to accomplish the same result: where can your clients find wpad.dat
Seems overkill, but this seems to work for all devices (apple, windows)
Offcourse you need to have http server running to serve this file.

Jeroen

Can you share these lists?