Questions for Setting Up Pi-Hole(s)

General
1

Hi everyone-

I’m new to the world of Raspberry Pi, and am having fun learning about all the possibilities. I am interested in building a pi-hole, and after doing a lot of research, I have some questions I would appreciate your help in answering. I am hoping to building a pi-hole for myself, and maybe two or three more for family members who live far from me. So, here are my questions:

  1. What is the recommended capacity for the Micro SD card? 16 or 32GB?
    a. For my pi-hole, I may want to allow for logs & analytics, but the pi-holes for family members will not need that extra capacity (since they will not have logs, etc)
    b. Should I still enable the web interface and logs on my family member pi-holes? They won’t be using the functions.
  2. If I set up a pi-hole on one of the Micro SD cards, with all mods, could I simply copy that card to other cards to save time (assuming all builds should have web interface & logs)
  3. What kind of card is best for preventing the Micro SD cards from wearing down? Is there something I can do to prevent this, especially for family members’ pi-holes?
    a. I read someplace that a solid, dedicated power source (not a USB2 to USC-C cord) is very important for preventing wear-down
  4. Does the pi-hole software update? Is it automatic, or does it require manual updating on-site?
  5. Is it possible to access a pi-hole remotely?
    a. Let’s say a family member is having issues with their pi-hole, and I need to see what’s going on without flying across the U.S.
  6. How do I set a proper Static IP Address?
    a. In a TWiT video (https://youtu.be/rp8mi1oAvAg?t=166), Fr. Ballecer suggested that a pi-hole’s ip address be set up outside the scope of a router’s DHCP server.
    b. In others videos, they just kept Static IP Address as their router
    c. Can someone provide a guide or tutorial of how to find a proper Static IP Address?
  7. If I have the pi-hole going to a DNS service, such as 1.1.1.1, and then have my router’s primary DNS going through the pi-hole (and eventually 1.1.1.1), should I set my router’s secondary’s DNS to the same DNS (1.1.1.1) or another DNS (1.0.0.1)?
  8. Are there any patches, or additional steps I should take for Google Wifi?
    a. I have a Netgear Nighthawk, but my family members have Google, and I saw someplace that there may be issues.
  9. Any other recommendations for added privacy settings?

Thanks for the help. Sorry if some of this stuff is super noob or too long. I’ve tried to research as much as possible, just have a few snags during my planning and I’d appreciate your help. Also, sorry if some of my writing is a little off – I have dyslexia & dysgraphia.

Wishing you all a great day.

1 Like
2

You can use any. I have some raspberry pi devices (with Pi-hole installed) running on 8gb.

On a 16gb there is plenty of space for the logs. With v3.3 the logs get cleaned/purged at defined intervals. Starting with V4.0+, Pi-hole no longer uses the same logging method:

See What's New With FTLDNS?

I'd still leave this on for troubleshooting purposes. If you set-up the devices for your family members, allow yourself remote access for any eventual troubleshooting .

You could, however there are a few things to keep in mind:

  1. your SD cards have to be identical, as in capacity/sectors/cylinders or card #1 slighlty smaller than #2 and #. If your card #1, the one you'll end up cloning (let's call it master) is slightly bigger than card #2 or #3, cloning will fail.
    Initially you have to create an image 1:1 of the master card. That image is saved as-is from the card (partitions, files, settings, SIZE). Then you'll have to "etch" that image onto the slave #2, #3 SD. It won't let you write it if master image size is 1000.1MB and the slave size is 1000.0MB
  2. You are setting up Pi-hole on your network, with your network configuration (IP's, Gateway). If your family members' network settings/parameters are different, all your pre-defined settings will fail when they plug it in on their network.

Any well established brand will work.

This can be debatable but overall, the best combo is to use the power source that comes with the raspberry.

It's not automated. The admin page will inform you if an update is available and one can update it from the command line (hence the remote access thing I was telling you above).

Yes. It would require a little bit of setup (port forwarding on the local - where Pi-hole resides- gateway).

Follow this guide:
https://www.raspberrypi.org/learning/networking-lessons/rpi-static-ip-address/

That is indeed a good idea to avoid any possible conflicts. It's not mandatory however. You can set-up the ip on the raspberry and use address reservation from the router also (for the particular MAC address of the raspberry).

This will answer your question:

I don't know that. A pretty standard configuration for the LAN should be included. Shouldn't differ too much from your Nighthawk, or any router for that matter. See if you can find the gateway model number manual and go through it to get an idea of how things looks from a configuration perspective.

You could use Unbound with Pi-hole.

https://discourse.pi-hole.net/t/ftldns-and-unbound-combined-for-your-own-all-around-dns-solution/10222?u=ramset

Have fun and happy tinkering !!!

No problem. We're a FUN community.
Your writing was just fine :slight_smile: Didn't noticed a thing being off :slight_smile:

4 Likes
3

Here's what has worked for me:

  1. Micro SD card size - 16 GB works fine, but 32 GB is only a few bucks more. Get the bigger card, $13 at Amazon.

  2. You can clone, but the SSH certificate gets cloned as well and you might not want that, and they will both be set up for the same IP address. Best to do a clean install on the second, then exchange any white or black lists through teleporter (on the PiHole admin web page under settings).

  3. With the bigger cards, you write a section of memory less frequently. Many people have run years on a microSD without any problems.

  4. You can run "pihole -up' and it will update your software.

  5. If you install OPEN VPN (Redirecting...) you can access remotely and securely.

  6. On your router, put in the Pi's MAC address and assign it a static IP address. How to do this depends on the router. I have my LAN on the range 192.168.0.100-150, and my primary PiHole is 100, the secondary is 150. You can also use the PiHole as your DHCP server and bypass the router for this function. If you do that, the PiHole automatically puts itself as the DNS address.

  7. All the DNS entries on your router should point to the PiHole or be blank, otherwise some of the requests will go directly to the third party DNS server and bypass your PiHole. On some routers, just put the PiHole IP in the first DNS slot and leave the second blank. I have run across a router that requires two DNS slots filled, so I just put the PiHole IP address in both.

  8. I can't speak to Google WiFi.

  9. Privacy - use one of the non-logging DNS providers (Cloudflare at 1.1.1.1 is one). You can encrypt your DNS requests to the third party DNS provider (Redirecting...), but your ISP is going to see the requests to the websites anyway, so that's not a huge privacy gain. You can run "unbound" as your local DNS resolver (Redirecting...) and your Pi will talk directly to the root servers and authoritative servers, completely bypassing third party DNS. Again, your ISP will see the requests to the website anyway (I use this method).

5 (more info) For remote access I have found it easiest to use Skype to call the remote user (my sister 1500 miles away), and then she shares her screen with me and I walk her through the steps to do what needs to be done. Very easy to do, and you don't have to do any hardware or software tinkering on their Pi or network. You can probably do this with other software that actually gives you actual remote access, but I have found Skype to work well.

2 Likes
4

Thanks a lot RamSet & jfb! This is really helpful. You have no idea how excited I am to try this out. And thanks both of you for being so nice. When I encounter the negativity elsewhere, it's so refreshing to have helpful folks like you. Have a great day!

2 Likes
5

You will find that all the guides are well written. Follow them verbatim and you'll have no problem. I'm one small step above nooby myself, and I have set up about 8 of these with little difficulty. Usually I have to wrestle with routers more than PiHole.

And the best part - if you screw it up, you just start over with no worries.

Set up your Pi with Raspbian Stretch with VNC server and SSH enabled, that will allow you to remote in. I put VNC viewer on my Mac, and use that to get to the Pi desktop (easier for me to find files and such), or I SSH from the Mac terminal to remotely log in and just run terminal commands. I have two Pi's running in parallel (primary and backup). The primary is a 3B+ on ethernet to the router, and it's on a UPS. The backup is a Zero W in my office away from the router, wireless, and also on a UPS. Once you get them setup, they just work and you don't have to do much with them.

I started out basic, using PiHole and a third party DNS. Then I got my routers to talk to it properly so the whole home network was on it. Then I updated to the beta branch of FTLDNS, then put in unbound as my local resolver. Then I added block lists. Then I edited the hosts file on my Pi (/etc/hosts) to show the names of all the connected clients. (Sooner or later I'll finish setting up OpenVPN.

6

I have Google Wifi and it works fine with pi-hole. Only issues I had was with a Circle device. Loads of retransmits. I bought a new wifi-mesh (netgear orbi) with Circle compiled into the router node and no more issues.