- Joined
- May 13, 2023
- Messages
- 13
Hey Everyone! Decided to make a guide on how to leverage DNS blackholing or "blocking"/"filtering" on your network. I will cover a few different aspects and approaches and like most of my other guides an honest PRO and CON list on why or why you shouldn't utilize something like this to help protect your network.
Today we will be focusing on the open source software Pi-Hole and while this is what I will base this guide off of I will try my best to more importantly create an understanding as to what this is and why it can help you.
To get started a quick primer is in order.
So wait. What does this all mean? Its simple. Websites can contain harmful data. It could be drive by downloads of junkware. It could be malware spread through Ads on the site. Maybe you clicked a link and it opened more than one tab or window. So how can we fix this?
There are a few different ways. however all of them with pitfalls of some kind. However, DNS blackholing can help us by blocking the domain responsible for ADs or malware and a few extra benefits.
Such as?
We chose Pi-hole because we will be setting up a network level DNS blacklist. Which means we will be protecting and blocking DNS queries on every device on the network. From phones, tablets, PCs and even TVs network level DNS blackholes protects any network connected device regardless of make and OS.
Now that you have the gist of what we are talking about lets dive right into the cool stuff. If you have followed along so far great! thanks! Let's take a peek at some of the PROs and CONs to DNS blacklisting.
More importantly than ever we need to be considering these more obscure layers that we have long taken for granted. When we look at the threat landscape we see more and more web based infections and exploits with web browsers, extensions and web technologies such as Flash and Java being taken advantage of everyday resulting in more and more infections in the wild.
I think that if enough correct decisive information, suggestion and more importantly discussion is had about these topics we can have a good working knowledge of the threats that our PCs and Identities face everyday in a ever more connected world.
Now that's out of the way you should have a pretty good idea of what we are getting into. I will provide more information along the way as with my other guides. As with all my material I will update it as it becomes necessary or relevant so check back for a quick read to see if anything has changed. Feel free to PM me for more of an explanation. As always when posting on TPU I do so as myself and do not officially represent any company.
Today we will be focusing on the open source software Pi-Hole and while this is what I will base this guide off of I will try my best to more importantly create an understanding as to what this is and why it can help you.
To get started a quick primer is in order.
What is DNS Blackholing?
When we talk about DNS we kinda need to understand what it does. When you input something in your browser say www.google.com your computer needs to take the letters and words you just made and turn it into something the computer understands. So your computer takes google.com and asks other servers on the internet, DNS servers to help out. These servers have a big list. This list contains the names of websites and more importantly the corresponding IP address the numbers that PCs use as the street address for whatever you put in your browser. The list literally looks alot like this.
Code:
google.com 216.58.219.174So wait. What does this all mean? Its simple. Websites can contain harmful data. It could be drive by downloads of junkware. It could be malware spread through Ads on the site. Maybe you clicked a link and it opened more than one tab or window. So how can we fix this?
There are a few different ways. however all of them with pitfalls of some kind. However, DNS blackholing can help us by blocking the domain responsible for ADs or malware and a few extra benefits.
Such as?
We chose Pi-hole because we will be setting up a network level DNS blacklist. Which means we will be protecting and blocking DNS queries on every device on the network. From phones, tablets, PCs and even TVs network level DNS blackholes protects any network connected device regardless of make and OS.
Now that you have the gist of what we are talking about lets dive right into the cool stuff. If you have followed along so far great! thanks! Let's take a peek at some of the PROs and CONs to DNS blacklisting.
- Security awareness and mitigation
More importantly than ever we need to be considering these more obscure layers that we have long taken for granted. When we look at the threat landscape we see more and more web based infections and exploits with web browsers, extensions and web technologies such as Flash and Java being taken advantage of everyday resulting in more and more infections in the wild.
I think that if enough correct decisive information, suggestion and more importantly discussion is had about these topics we can have a good working knowledge of the threats that our PCs and Identities face everyday in a ever more connected world.
- Advantages to DNS blackholing
- Protection against malicious domains
- Protection against further infection
- Protection against data collection
- Faster web experience
- Disadvantages to DNS blackholing
- False positives can block legitimate sites
- Unpleasant browsing experience when things are blocked
- Page load failures can be hard to diagnose
Now that's out of the way you should have a pretty good idea of what we are getting into. I will provide more information along the way as with my other guides. As with all my material I will update it as it becomes necessary or relevant so check back for a quick read to see if anything has changed. Feel free to PM me for more of an explanation. As always when posting on TPU I do so as myself and do not officially represent any company.
Installation
To run this we need a device, a PC or a appliance like a raspberry PI or similar embedded computer. We need this unit to run 24/7 to act as our network's DNS server. Below I will outline some of the methods we can accomplish this and there respective installation instructions. Most units will need to run linux specifically the debian code base.
- Linux
For this one, I will be instructing you on installing pi-hole on Ubuntu Server 17.04. The machine is a simple 512mb RAM single core machine with 20GB of disk space. Nothing fancy, and it doesn't need to be. I will be posting all instruction via terminal or command line for those more familiar with the term.
Now since we will be using Ubuntu, let me link you to a install guide. It's a bit out of scope to cover in this guide but feel free to ask questions and I can try to answer the more specific ones.
Things we need to accomplish:
Set a static IP
Set DNS servers
Install PI-Hole
After we have Ubuntu or Ubuntu Server installed lets make sure its all updated. In terminal run the following command.
now that we have a list of updates needed lets install them.
Now that the OS is fully patched, lets make sure the IP is static. We need to do this so that if there is a power outage your new server doesn't get a new IP address from your router. If it does your router wont know where to send DNS "lookups" and the internet will just stop working. Fear NOT! this isn't too painful!
First, we need something to edit text with. I think a program called Nano is good for most users, so lets give that a try. In terminal type:
once that is done, for good measure lets do the following.
now lets get to configuring! Type the following:
You will get a print out that will look a little like this
At the end we will want to add values that work with your network. This example assumes you are using the 10 IP scheme. Go ahead and add this to the bottom of the document. HINT: Use arrow keys and "Enter/Return" to navigate also in Nano the carrot (^) refers to the CTRL key. so to save for example using the image above ^O would be the key combo CTRL+O and to exit CTRL+X.
After you have typed or pasted it in. We will save and exit nano. We then need to make sure the changes have stuck so we need to restart the networking service so it picks up the changes. If you are using a VNC/RDP/SSH client to access this you will probably lose connection and need to reconnect using the IP you specified in the "address" field.
After it completes we need to make sure that the changes stuck. Go ahead and type the following to bring up the connection stats.
You should get a print out like this. note that MY personal server is 10.0.0.19 instead of 10.0.0.250.
congrats! The network config is done! It seems like a lot but its not a lot once you get a knack for it! Lets go ahead and install pi-hole now.
According to the official documentation it's as simple as running this in a terminal
Your done! Move on to the next sections, to learn how to configure and start using your new Pi-Hole Server!
Now since we will be using Ubuntu, let me link you to a install guide. It's a bit out of scope to cover in this guide but feel free to ask questions and I can try to answer the more specific ones.
Things we need to accomplish:
Set a static IP
Set DNS servers
Install PI-Hole
After we have Ubuntu or Ubuntu Server installed lets make sure its all updated. In terminal run the following command.
Code:
Sudo apt-get updatenow that we have a list of updates needed lets install them.
Code:
sudo apt-get upgradeNow that the OS is fully patched, lets make sure the IP is static. We need to do this so that if there is a power outage your new server doesn't get a new IP address from your router. If it does your router wont know where to send DNS "lookups" and the internet will just stop working. Fear NOT! this isn't too painful!
First, we need something to edit text with. I think a program called Nano is good for most users, so lets give that a try. In terminal type:
Code:
sudo apt-get install nanoonce that is done, for good measure lets do the following.
Code:
sudo apt-get autoremovenow lets get to configuring! Type the following:
Code:
sudo nano /etc/network/interfacesYou will get a print out that will look a little like this
At the end we will want to add values that work with your network. This example assumes you are using the 10 IP scheme. Go ahead and add this to the bottom of the document. HINT: Use arrow keys and "Enter/Return" to navigate also in Nano the carrot (^) refers to the CTRL key. so to save for example using the image above ^O would be the key combo CTRL+O and to exit CTRL+X.
Code:
auto eth0
iface eth0 inet static
address 10.0.0.250
netmask 255.255.0.0
gateway 10.0.0.1
dns-nameservers 8.8.8.8 4.2.2.2After you have typed or pasted it in. We will save and exit nano. We then need to make sure the changes have stuck so we need to restart the networking service so it picks up the changes. If you are using a VNC/RDP/SSH client to access this you will probably lose connection and need to reconnect using the IP you specified in the "address" field.
Code:
sudo /etc/init.d/networking restartAfter it completes we need to make sure that the changes stuck. Go ahead and type the following to bring up the connection stats.
Code:
ifconfig -aYou should get a print out like this. note that MY personal server is 10.0.0.19 instead of 10.0.0.250.
congrats! The network config is done! It seems like a lot but its not a lot once you get a knack for it! Lets go ahead and install pi-hole now.
According to the official documentation it's as simple as running this in a terminal
Code:
sudo curl -sSL https://install.pi-hole.net | bashYour done! Move on to the next sections, to learn how to configure and start using your new Pi-Hole Server!
- Unix systems
CentOS and RHEL (RedHat) are supported by default on all current releases and can be installed using the same command linux releases use.
Code:
curl -sSL https://install.pi-hole.net | bash- Configuring your machines
Assuming our router is still handing out DNS we will need to manually configure our windows machine to use the Pi-Hole as our new DNS server manually.
Thankfully this is not very painful. Later we will get into disabling your routers DNS services and using the Pi-Hole exclusively.
With windows there are several ways we can go about doing this. I use the following method which doesn't vary much between OSs.
First lets right click on your network interface be it the wifi or ethernet icon and select "Open Network and Internet settings"
Next click on "Change adapter options"
You might be greeted with multiple adapters. For most people we will have 1 to 3. The main two will be the wifi adapter and the built in ethernet. For other systems you may have more than 1 of either. I'll let you use your discretion but we will be applying changes to the main adapters you use.
After you have picked one out lets right click on it and select "Properties" we will get the configuration menu for that adapter.
Highlight "Internet Protocol Version 4 (TCP/IPv4)" (Note the process is the same if you are using an ipv6 network) and click "Properties" once again.
Next we will come to the manual configuration page for our adapters IP and DNS servers. For this we will just be modifying DNS. Find DNS toward the bottom it will be the second set of configuration options. click the radial "Use the following DNS server addresses" in the first field we will enter the Pi-Hole IP address we configured before. In my case once again its 10.0.0.19. In the second field you can leave it blank or enter another DNS server of your choice such as public providers like Quad9, google or openDNS.
Finally click "Ok" and "Ok" again to save your changes.
Thankfully this is not very painful. Later we will get into disabling your routers DNS services and using the Pi-Hole exclusively.
With windows there are several ways we can go about doing this. I use the following method which doesn't vary much between OSs.
First lets right click on your network interface be it the wifi or ethernet icon and select "Open Network and Internet settings"
Next click on "Change adapter options"
You might be greeted with multiple adapters. For most people we will have 1 to 3. The main two will be the wifi adapter and the built in ethernet. For other systems you may have more than 1 of either. I'll let you use your discretion but we will be applying changes to the main adapters you use.
After you have picked one out lets right click on it and select "Properties" we will get the configuration menu for that adapter.
Highlight "Internet Protocol Version 4 (TCP/IPv4)" (Note the process is the same if you are using an ipv6 network) and click "Properties" once again.
Next we will come to the manual configuration page for our adapters IP and DNS servers. For this we will just be modifying DNS. Find DNS toward the bottom it will be the second set of configuration options. click the radial "Use the following DNS server addresses" in the first field we will enter the Pi-Hole IP address we configured before. In my case once again its 10.0.0.19. In the second field you can leave it blank or enter another DNS server of your choice such as public providers like Quad9, google or openDNS.
Finally click "Ok" and "Ok" again to save your changes.
OSX like Windows is very simple. We will use System Preferences for this example.
First click the "System Preferences" icon in your dock. If settings is not in your dock simply click the magnifying glass icon in your tool bar and search for it. The system preferences icon will look like a grey gear cog.
Once the system preferences panel opens up find and click on "Network"
After you click on network the interface configuration screen will open. Thankfully OSX makes this easy in all of its current supported editions the in use interfaces have a green dot next to them so no guess work!
From here we select the interface we want to modify by clicking on it in the left hand pane. Next we will then click the "Advanced" button inside the right hand pane to modify that specific adapter. We dont need to mess with IPs here unless you know what you are doing. We just need to modify DNS.
After you click "Advanced" click on the "DNS" tab on the top bar. This will allow us to add a new DNS address. Single or double click in the DNS box on the left hand side, alternativly you can press the '+' button towards the bottom. Next enter the IP address we configured earlier for the Pi-hole. In my case it is 10.0.0.19.
Thanks it! Now click "Ok" on the current screen followed by "Apply" on the previous screen which should no longer be grayed out to save the settings.
Congrats you are now using your Pi-hole on this machine!
First click the "System Preferences" icon in your dock. If settings is not in your dock simply click the magnifying glass icon in your tool bar and search for it. The system preferences icon will look like a grey gear cog.
Once the system preferences panel opens up find and click on "Network"
After you click on network the interface configuration screen will open. Thankfully OSX makes this easy in all of its current supported editions the in use interfaces have a green dot next to them so no guess work!
From here we select the interface we want to modify by clicking on it in the left hand pane. Next we will then click the "Advanced" button inside the right hand pane to modify that specific adapter. We dont need to mess with IPs here unless you know what you are doing. We just need to modify DNS.
After you click "Advanced" click on the "DNS" tab on the top bar. This will allow us to add a new DNS address. Single or double click in the DNS box on the left hand side, alternativly you can press the '+' button towards the bottom. Next enter the IP address we configured earlier for the Pi-hole. In my case it is 10.0.0.19.
Thanks it! Now click "Ok" on the current screen followed by "Apply" on the previous screen which should no longer be grayed out to save the settings.
Congrats you are now using your Pi-hole on this machine!
For linux most users generally use something based off of the Debian code base. Namely Debian, Ubuntu and Mint. To that end the setup is similar, so in our example we will configure a static DNS server using Ubuntu 18.04. Please not depending on release version and flavor some steps will differ slightly but generally these 3 main distributions are close enough for you to contextually navigate the menu system.
First at our desktop lets click our network icon to reveal our network adapters. In recent debian distributions like those mentioned above this is very easy. Like OSX is will indicate what adapter is in use. Even further in Linux' case is will only show the adapters currently in use. Click on the type of connection you have and then click "Wired or Wireless Settings" after the menu expands.
It should automatically select the settings page for the adapter selected. If not you can manually choose it by clicking on the adapter you would like to modify on the left hand pane. Next we will click the gear cog next to the adapter we chose. To make it even more clear Ubuntu will even tell you if this adapter is "Connected" meaning online so its less confusing.
After you click on the gear cog that adapters configuration can now be modified. Click the "IPv4" tab along the top of the window. Next we will turn off automatic DNS by flipping the switch too "Off" above the DNS field. After that is done we can enter the IP address of our DNS server. In my case it is 10.0.0.19.
Now we can continue by hitting Apply at the top right of the window! Congrats! you have set the DNS server to your Pi-hole on Linux!
First at our desktop lets click our network icon to reveal our network adapters. In recent debian distributions like those mentioned above this is very easy. Like OSX is will indicate what adapter is in use. Even further in Linux' case is will only show the adapters currently in use. Click on the type of connection you have and then click "Wired or Wireless Settings" after the menu expands.
It should automatically select the settings page for the adapter selected. If not you can manually choose it by clicking on the adapter you would like to modify on the left hand pane. Next we will click the gear cog next to the adapter we chose. To make it even more clear Ubuntu will even tell you if this adapter is "Connected" meaning online so its less confusing.
After you click on the gear cog that adapters configuration can now be modified. Click the "IPv4" tab along the top of the window. Next we will turn off automatic DNS by flipping the switch too "Off" above the DNS field. After that is done we can enter the IP address of our DNS server. In my case it is 10.0.0.19.
Now we can continue by hitting Apply at the top right of the window! Congrats! you have set the DNS server to your Pi-hole on Linux!
Configuration
- Router config (general)
While its all fine and dandy to have your Pi-hole setup and your machines configured what about phones or smart TVs? Thats right! These devices can have add blocking as well but to do this we will need to disable DNS on your router so that only the Pi-hole will handle the web lockup requests. If your router is allowed to do it, it will just send the lookup request to whatever DNS server it uses, generally the ISPs which offer no filtering, or even worse they cant modify your requests!
However this isn't something that can be globally covered. Thankfully it is generally easy as long as you know what to search for. Below I have included some links to popular router manufacturers DNS change procedures. You may need to search for your model of router so you can get the login information and model, generally on a sticker at the bottom.
Netgear
Linksys
D-Link
TP-Link
General
Please note that the router may need to be rebooted after. Some of the links only describe how to change the DNS servers. DO NOT change the DNS server to your Pi-hole! Just disable DNS by turning the service off. If a button or drop down is not easily accessible that provides this refer to your manual.
However this isn't something that can be globally covered. Thankfully it is generally easy as long as you know what to search for. Below I have included some links to popular router manufacturers DNS change procedures. You may need to search for your model of router so you can get the login information and model, generally on a sticker at the bottom.
Netgear
Linksys
D-Link
TP-Link
General
Please note that the router may need to be rebooted after. Some of the links only describe how to change the DNS servers. DO NOT change the DNS server to your Pi-hole! Just disable DNS by turning the service off. If a button or drop down is not easily accessible that provides this refer to your manual.
- Settings
Best practice for the most part like anything network infrastructure related is to not touch it unless absolutely necessary. These services are configured from the box to just run and never stop and Pi-hole is based on the same principles. From Linux to the DNS mechanisms used there is generally no need to intervene. These services are much simpler than you think with your router or configurations creating most of the problems users encounter.
However in cases like Pi-hole where security is the focus it isn't a terrible idea to set some of these configurations from the get go. All of these general options in the release of Pi-hole used in this guide (4.0) are all available in one place.
Start by logging into your Pi-hole using the username and password you configured when you installed it. You can get to this page by typing the IP address of your Pi-hole into your browsers URL bar. Alternatively if your PC is already set to use the Pi-hole you can get to it by typing Pi.hole and login that way.
Now that you are logged in lets click on "Settings" in the left hand pane. Afterwards clock the "DNS" tab at the top of the right hand pane. This is the page where we can configure how Pi-hole handled DNS requests.
For the most part you will want your settings configured to the following.
- Listen only on interface eth0 where "eth0" is the name of your link. Its ok if the name is different.
- Never Forward non-FQDNs
- Never forward reverse lookups for private IP ranges
- Use DNSSEC
When using DNSSEC it is important to know you need to use a compatible DNS provider, thankfully Pi-Hole includes a few which they go over in the description.
However in cases like Pi-hole where security is the focus it isn't a terrible idea to set some of these configurations from the get go. All of these general options in the release of Pi-hole used in this guide (4.0) are all available in one place.
Start by logging into your Pi-hole using the username and password you configured when you installed it. You can get to this page by typing the IP address of your Pi-hole into your browsers URL bar. Alternatively if your PC is already set to use the Pi-hole you can get to it by typing Pi.hole and login that way.
Now that you are logged in lets click on "Settings" in the left hand pane. Afterwards clock the "DNS" tab at the top of the right hand pane. This is the page where we can configure how Pi-hole handled DNS requests.
For the most part you will want your settings configured to the following.
- Listen only on interface eth0 where "eth0" is the name of your link. Its ok if the name is different.
- Never Forward non-FQDNs
- Never forward reverse lookups for private IP ranges
- Use DNSSEC
When using DNSSEC it is important to know you need to use a compatible DNS provider, thankfully Pi-Hole includes a few which they go over in the description.
Pi-hole can be used to block Ads and malicious domains on a network level instead of per device when configured to be your network DNS server like outlined above. Additionally with DNSSEC supported DNS filtering providers like Quad9 not only are your queries being filtered with the Pi-hole you are also filtering content at the DNS provider level. This helps ensure and additional level of protection if you wish.
- Updates
Black list additions are easy way to include and even exclude domains that your Pi-hole filters. This can help alleviate problems or offer further protection. Now while the default lists for Pi-hole are automatically updated for you below I will show you how to whitelist blacklist and add additional lists as you please, just note incorrect configuration can lead to inaccessible web pages or network outages.
The first is to find good lists. While there are a TON available I prefer to use the Wally3K lists. wally3k is a part of the Pi-hole team and contributes curated lists to the community.
I prefer the Ticked Lists since they are curated lists of domains that generally don't cause false positives. While other lists even those not by wally3k can give you more blocked domains they can also block legitimate traffic and functions.
First login to your Pi-hole using your configured IP address or by navigating to Pi.hole if your machine is already configured to use it. Next we will go to settings on the left hand pane and then click the "Blocklists" tab on the right hand pane which will allow us to modify blocklist management.
At the bottom of the list we can add our own lists like the ticked list or our own single domains. In cases like the ticked list we can copy all of them and simply paste the entire list. In some cases the list is a URL to a text document. In these cases we can just post the url to the text list since pi-hole is smart enough to parse it.
After you are done just hit "Save and Update" and it will immediately add the new domains to the black list and incorporate them into the built in 24 hour update pi-hole already does. Pretty nifty right?
The first is to find good lists. While there are a TON available I prefer to use the Wally3K lists. wally3k is a part of the Pi-hole team and contributes curated lists to the community.
I prefer the Ticked Lists since they are curated lists of domains that generally don't cause false positives. While other lists even those not by wally3k can give you more blocked domains they can also block legitimate traffic and functions.
First login to your Pi-hole using your configured IP address or by navigating to Pi.hole if your machine is already configured to use it. Next we will go to settings on the left hand pane and then click the "Blocklists" tab on the right hand pane which will allow us to modify blocklist management.
At the bottom of the list we can add our own lists like the ticked list or our own single domains. In cases like the ticked list we can copy all of them and simply paste the entire list. In some cases the list is a URL to a text document. In these cases we can just post the url to the text list since pi-hole is smart enough to parse it.
After you are done just hit "Save and Update" and it will immediately add the new domains to the black list and incorporate them into the built in 24 hour update pi-hole already does. Pretty nifty right?
Usage
- Examples of sites before and after
Test was done in google chrome with no adblock plugin enabled and DNS set to google 8.8.8.8. Test website is ooklas speedtest.net. Pi-hole is using default lists in addition to the wally3k ticked lists. No other domains have been manually black or white listed.
- Basic how-to view logs and trouble shoot odd problems
Odd issues due to mis-configuration can occur that make your browsing experience less enjoyable. Thankfully troubleshooting isn't too difficult. Here I will explain some basic troubleshooting techniques that can be used to restore the browsing behavior you want.
First and foremost is reading the query log. This will allow us to see a list of what is being blocked or if it is being blocked. To check the log just login to your Pi-hole using the IP you configured or the default DNS redirect. Once you have done that in the left hand pane click on "Query Log" and you will be presented with a log of the recent DNS queries. Please take note there can be a lag time so attempt to access the site again if you don't see it again so it pushes to the log a bit quicker. This will let you see what the Pi is doing with it.
From this page we can search for the URL if you don't feel like manually clocking through pages using the search field at the top right. You can also whitelist or blacklist a specific URL from the log page.
After you have white listed or black listed your URL to speed up the change (delegation) we can do the following procedure.
While logged into the Pi-hole clock on "Settings" in the left hand pane then select the "System" tab in the right hand pane. Fine the button "Restart dnsmasq" and click it.
The DNS service controlling the Pi-hole will now restart and flush.
Next we can flush the Operating Systems DNS cache (Windows).
Finally we can flush the independent cache of our browser.
Chrome:
In the URL bar type the following
Next press the button labled "Clear Host Cache"
Firefox
First and foremost is reading the query log. This will allow us to see a list of what is being blocked or if it is being blocked. To check the log just login to your Pi-hole using the IP you configured or the default DNS redirect. Once you have done that in the left hand pane click on "Query Log" and you will be presented with a log of the recent DNS queries. Please take note there can be a lag time so attempt to access the site again if you don't see it again so it pushes to the log a bit quicker. This will let you see what the Pi is doing with it.
From this page we can search for the URL if you don't feel like manually clocking through pages using the search field at the top right. You can also whitelist or blacklist a specific URL from the log page.
After you have white listed or black listed your URL to speed up the change (delegation) we can do the following procedure.
While logged into the Pi-hole clock on "Settings" in the left hand pane then select the "System" tab in the right hand pane. Fine the button "Restart dnsmasq" and click it.
The DNS service controlling the Pi-hole will now restart and flush.
Next we can flush the Operating Systems DNS cache (Windows).
- Open a Command prompt as Administrator.
- Type the following command into the prompt and press enter
Code:
ipconfig /flushdnsFinally we can flush the independent cache of our browser.
Chrome:
In the URL bar type the following
Code:
chrome://net-internals/#dnsFirefox
If you have manually added a domain to the white or black list and run into issues do not got into the query logs and white or black list it to correct the problem this will not work.
Instead in the Pi-hole control panel in the left hand pane navigate to the offending list by clicking "Whitelist" or "Blacklist" from the menu.
From here we should easily be able to see the offending URL both the white and black list display information similarly so the process is the same. Find the offending domain and delete the entry manually using the trashcan icon to the right of the entry.
You can use the methods of refreshing the DNS cache described in the previous spoiler tag to regain access or blocking of the domain in question.
Instead in the Pi-hole control panel in the left hand pane navigate to the offending list by clicking "Whitelist" or "Blacklist" from the menu.
From here we should easily be able to see the offending URL both the white and black list display information similarly so the process is the same. Find the offending domain and delete the entry manually using the trashcan icon to the right of the entry.
You can use the methods of refreshing the DNS cache described in the previous spoiler tag to regain access or blocking of the domain in question.
Comparison vs Adblockers
When it comes to DNS Blackholing you may not know you are already using one. Thats right! Ad-Blockers such as AdBlock, ublock Origin, Adblock plus and other extensions are already very popular and widely used. So what makes Pi-Hole and other services different?
Well the first and probably most obvious is that ad blockers generally use "element blocking" in conjunction with DNS blocking. This means that while adblockers also DNS block they can also interact with your browser and stop the actual ad code from loading. This helps prevent big voids of nothing from showing up in a website. Like a big white box where an ad was supposed to be.
The second is Adblockers allow you to block new ads in real time. This is usually done by right clicking on an ad and telling it to block it. It follows up with a few questions to make sure its getting it right and then you're done.
The third is that adblockers depending on author will only allow you to block using a few definition lists. Sometimes one and sometimes several, however generally they only start with one or two lists. You have to add the rest.
The last and probably biggest difference is while adblockers add the ability to block ad elements, they unfortunately do not help protect entire networks. Since adblockers work on a per browser model each device needs to be setup with one. This can also be impossible to do on some devices.