this post was submitted on 12 Mar 2025
1 points (100.0% liked)

Selfhosted

46653 readers
1259 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
1
Which case is Pi-hole for? (sh.itjust.works)
submitted 3 months ago by someacnt@sh.itjust.works to c/selfhosted@lemmy.world
6 comments fedilink hide all child comments
 

Recently saw a post regarding pi-hole, and I am considering to try it out. I am wondering if it would fit my usecase, so I want to ask about specifically what it solves.

I heard pi-hole blocks ads at DNS resolution level, so it does not block e.g. youtube ads. For me and my family who mostly watch youtube with handful of blog surfing, what value would it bring? Most blogs do not seem to contain much ads, so I am not sure ad-blocking helps much there.

Given the praise pi-hole is getting, I guess there are more to it than limited blocking of ads. I would love to learn more about this topic, as I am blind on the networking stuff. Thanks in advance!

top 6 comments
sorted by: hot top controversial new old
[–] mac@lemm.ee 0 points 3 months ago (1 children)

You can also set it up to point at unbound for either recursive resolving of DNS, or resolving over HTTPS/TLS, as right now most DNS traffic is sent over unencrypted connections, meaning your ISP can see all of the domains you are resolving.

[–] superglue@lemmy.dbzer0.com 1 points 3 months ago (1 children)

Can't the ISP pretty easily tell what website you are going to anyways? After all they are the one that ultimately connect you to the destination so they know the IP. Would just be one more step for them but they could figure out which domains resolve to that IP.

[–] mac@lemm.ee 1 points 3 months ago

DNS logging is the simplest way they'd track you, so you'd limit that

Reverse DNS lookups would be less precise as well as it'd just point to an IP owned by some cloud provider, so they'd have a hard time there

But yes a privacy respecting VPN is better, however I don't love browsing on a vpn as I hate captchas and like being able to access services I host on my local net

[–] Xanza@lemm.ee 0 points 3 months ago* (last edited 3 months ago) (1 children)

Two things. 1, unless you specifically need to run the software on a Pi, I recommend using AdGuard Home over Pi-Hole. It's more actively maintained (not to imply that Pi-Hole isn't actively maintained), and is going to be more of a setup once and forget type of solution.

2, the value in running a software like this is to be able to monitor your network traffic for suspicious activity, block ads, and access to malware, porn, warez, gambling, crypto, etc (especially if you have children). You can use custom blocklists like Hagezi's threat intelligence feeds (TIF) which instantly decreases your attack vector while interfacing with the clear-net. The TIF blacklists block malware, cryptojacking, scam, spam and phishing. Blocks domains known to spread malware, launch phishing attacks and host command-and-control servers.

I very highly recommend using the Hagezi TIF lists. You can setup AdGuard very easily (mine runs off my Synology NAS), and you can easily force your entire network to use it by changing your DNS server in your router configuration page to your AdGuard Home instance IP (in my case, it's my Synology NAS IP from within my network).

Takes a few minutes to setup, and you're done. From there you can use the web-ui to change settings, update blacklists, and even see what your network traffic looks like: https://x0.at/D-aY.png and you can even block access to services directly: https://x0.at/QlbJ.png

[–] themadcodger@kbin.earth 1 points 1 month ago (1 children)

I've had AdGuard Home running in various places, but always struggled with getting it to show which device was making the call while also being protected while away from my local network. Just keeping the house secure wasn't a problem, but routing my traffic while out always seemed to cause problems. Moreso on the synology.

What's your use case look like?

[–] Xanza@lemm.ee 1 points 1 month ago

but always struggled with getting it to show which device was making the call

This depends on how you have your devices setup to use your DNS. For e.g, in my home I have my Phone and PC setup to use the IP of my AdGuard server. In AdGuard, I have them as named devices. All other devices on my network use the router as DNS, so all other requests that are not coming from my PC or Phone indicate "router" as the name.

What’s your use case look like?

Home based server running AdGuard forwarded through a caddy reverse_proxy to a domain. Using DoH/3 so even when remote I use my own DNS. Works great.