pi-hole adblocking in 5 minutes on debian 8.4
install debian 8.4, setup a root password and first user
login to debian and run updates
Set your IP to a fixed IP that you will use as your pihole. You only need one ethernet adapter as this dns server will sit on the network just as any other device.
[raw]super su[/raw] into root
run
[raw]pihole command [/raw]
Make note of your ip’s used during the setup.
–add additional sources if needed
Reboot the machine.
Now goto your browser and try to reach the machine at
http://ipofmachine/admin
You should see the admin panel, if not someting went wrong.
Now goto your router, and configure it to point at the new DNS server that is availabe on your network.
Confirm piHole is working by verifying the stats are updating in the admin panel.
Customize your adblock lists by copying the default adlists.default to adlists.list. adlists.default will be regenerated automatically, so only the changes in adlists.list will remain saved.
Uncomment the lines of additional lists like xxx that you like.
Run [raw]pihole -g[/raw] to update your adblock lists.
Now setup DNS on WAN https://community.ubnt.com/t5/EdgeMAX/Change-WAN-DNS-Server/td-p/977885
Enable DNSCrypt https://github.com/pi-hole/pi-hole/wiki/DNSCrypt
Install necessary system packages and reboot
sudo apt-get update
sudo apt-get -y install build-essential tcpdump dnsutils libsodium-dev
sudo apt-get -y install locate bash-completion
sudo reboot
Build DNSCrypt from the sources
mkdir -p dnsproxy
cd dnsproxy
wget http://download.dnscrypt.org/dnscrypt-proxy/dnscrypt-proxy-1.6.1.tar.gz
tar -xf dnscrypt-proxy-1.6.1.tar.gz
cd dnscrypt-proxy-1.6.1
sudo ldconfig
./configure
make
sudo make install
Configure the system
Preparing resolv.conf:
sudo mv /etc/resolv.conf /etc/resol.conf.ORIG
sudo nano /etc/resolv.conf
Then paste and save the following:
nameserver 127.0.0.1#40
nameserver 127.0.0.1#41 (if adding a second resolver)
Lock resolv.conf file
sudo chattr +i /etc/resolv.conf
Starts DNSProxy in daemon mode automatically
sudo nano /etc/systemd/system/multi-user.target.wants/dnscrypt-proxy.service
sudo nano /etc/systemd/system/multi-user.target.wants/dnscrypt-proxy-backup.service (if adding a second resolver)
And paste this content:
[Unit]
Description=Secure connection between your computer and DNS resolver
After=network.target network-online.target
[Service]
Type=forking
Restart=always
RestartSec=5
PIDFile=/var/run/dnscrypt-proxy.pid
ExecStart=/usr/local/sbin/dnscrypt-proxy –daemonize \
-a 127.0.0.1:40 \
-R dnscrypt.eu-dk \
-E \
–edns-payload-size=4096 \
-p /var/run/dnscrypt-proxy.pid
[Install]
WantedBy=multi-user.target
Change the port to 41 and use a different resolver on the backup
Then reboot the RPI
sudo reboot
Test DNSCrypt
sudo journalctl -u dnscrypt-proxy
You should have a similar output:
Feb 26 22:13:43 raspberrypi dnscrypt-proxy[6130]: [INFO] + DNS Security Extensions are supported
Feb 26 22:13:43 raspberrypi dnscrypt-proxy[6130]: [INFO] + Provider supposedly doesn’t keep logs
Feb 26 22:13:43 raspberrypi dnscrypt-proxy[6130]: [NOTICE] Starting dnscrypt-proxy 1.6.1
Feb 26 22:13:43 raspberrypi dnscrypt-proxy[6130]: [INFO] Ephemeral keys enabled – generating a new seed
Feb 26 22:13:43 raspberrypi dnscrypt-proxy[6130]: [INFO] Done
Feb 26 22:13:43 raspberrypi dnscrypt-proxy[6130]: [INFO] Server certificate #808464433 received
Feb 26 22:13:43 raspberrypi dnscrypt-proxy[6130]: [INFO] This certificate is valid
Feb 26 22:13:43 raspberrypi dnscrypt-proxy[6130]: [INFO] Chosen certificate #808464433 is valid from [2015-09-11] to [2016-09-10]
Feb 26 22:13:43 raspberrypi dnscrypt-proxy[6130]: [INFO] Server key fingerprint is 164E:1AD6:4356:777D:2019:F2F9:D389:2DDB:BC75:8AF0:9172:8E0C:A874:10C7:3BE8:423B
Feb 26 22:13:43 raspberrypi dnscrypt-proxy[6130]: [NOTICE] Proxying from 127.0.0.1:40 to 77.66.84.233:443
The last line is important and should look something like the above!
Change your DNSMasq config
Change DNS resolver in DNSMasq config
sudo nano /etc/dnsmasq.d/01-pihole.conf
Edit this section and point to dnscrypt-proxy
# Add other name servers here, with domain specs if they are for
# non-public domains.
server=127.0.0.1#40
server=127.0.0.1#41 (if adding a second resolver)
Reboot your Pihole
sudo reboot
suggested hardware :
Voila!