Getting started in the homelab

date:

tags: homelab pi-hole raspberry pi

categories: Homelab

This post is focused on where I got started with my homelab many years ago. My lab started with a Raspberry Pi Model B+ in 2014. I installed Raspbian and hooked up a small monitor and battery and had a mobile Linux station. After upgrading to a beefier “server” system in 2017 I decided to repurpose that Pi into a network-wide ad blocker. This was accomplished with the Pi-hole open-source project. This software filters out advertisements by acting as your network’s DNS server and will send DNS requests to known advertising domains to /dev/null or a DNS blackhole.

Installing pi-hole

There are multiple ways to install pi-hole and multiple platforms where you can install. Whether you install on a physical system or a virtual machine or a container, you will use pi-hole as your network DNS server.

I will be installing pi-hole on a Raspberry Pi as I have used the same Pi for years and the whole setup is simplified with a bash script written by the maintainers of the pi-hole project.

Installing with Git and bash

If you do not have git installed visit: https://git-scm.com/book/en/v2/Getting-Started-Installing-Git

Once git is installed, use git clone to download the pi-hole project.

1
2
3

git clone --depth 1 https://github.com/pi-hole/pi-hole.git
cd "pi-hole/automated install/”
sudo bash basic-install.sh

There are other options if you follow the official documentation.

During the installation, you will want to pick your upstream DNS provider. This is where pi-hole will look for DNS requests that are not on the block list. I have taken a slightly different approach and will be configuring cloudflared on my Pi in order to leverage DNS over HTTPS which will encrypt DNS requests to the upstream DNS server. Since I will be doing that, during the pi-hole installation I select 127.0.0.1#5053 as my upstream DNS provider which is another way to direct traffic to your local system through the loopback network interface.

Next you must configure your network to use Pi-hole

Once you have installed the pi-hole software ensure that you open the proper firewall ports for clients to send DNS requests to your pi-hole system. On Raspbian, I am using UFW and I recommend you enable this and then open the following ports to use pi-hole. You can skip port 80 if you do not want to utilize the web interface.

1
2
3
4
5
6
7

# Run as root or prefix with sudo
ufw enable
ufw allow 80/tcp
ufw allow 53/tcp
ufw allow 53/udp
ufw allow 67/tcp
ufw allow 67/udp

On most home networks your router would utilize DHCP to handle network clients. You will need to configure your router to offer the pi-hole as the DNS server for DHCP clients.

Configuring DNS over HTTPS

After you configure your router to point clients to your pi-hole, you are good to go but if you would like to encrypt your DNS requests, you can use a DNS provider like Cloudflare to contact their public DNS server over HTTPS.

There is a good guide on the official documentation on how to configure DNS over HTTPS with pi-hole and cloudflared. Stay tuned for a future post where we can automate that installation.

comments powered by Disqus