Setting up Pi-hole as a recursive DNS server

 It's been a couple months since I set up an intel nuc computer as a network wide ad blocker using pi-hole software and it's been working great.  Internet speed is increased and the amount of internet queries blocked is around 15-20%.  There have been a couple of sites that I had to whitelist to get the app to work especially ad sponsered movie apps, but relatively few issues overall.

Being privacy minded, and trying out a few of the upstream dns servers and reading their privacy policies led me to question can any free dns servers really be trusted?  Although I am not going to dark web web-sites, I don't like the idea of big corporations tracking everything done online. One way they can use this data is to track your political views by what news web sites you go to. The algorithm then labels you as conservative or liberal, etc.

This got me to look into using my pi-hole server as a complete dns server solution, thereby eliminating the need for another dns server.  Turns out the pi-hole team had already thought of this and had written a procedure for setting up a recursive dns server using the same hardware as your ad-blocker.

Following this procedure https://docs.pi-hole.net/guides/unbound/  I was able to configure my pi-hole to be my full dns server solution.  It was fairly easy to configure and setup by installing "unbound" and copying the example pi-hole.conf file to "/etc/unbound/unbound.conf.d/pi-hole.conf" on my nuc computer.  After installation it just took rebooting the pi-hole server and configuring the IPV4 address in the pi-hole admin dashboard. Checking that your recursive DNS server is working properly can be done by going to https://dnsleaktest.com/ and running the extended test.  Its been a few weeks since I set this up and have had no issues and no noticable reduction in speed to access web sites.  

Overall, I'm completely satisfied with this solution and thankful that the pi-hole team and the "unbound" software developers have made it so easy to setup for those that might not attempt to do it otherwise.


Setting up a Pi-hole Ad blocking dns server

 Awhile back I came across this site https://pi-hole.net/   It was interesting to have a network wide ad blocker over having multiple ad blocking plugins on different browsers on different computers.  After some reading about it, I discovered it would also block ads on phones and in-app ads.  That made it more appealing since in my household we have 6 active computers, 4 phones, and 3 tablets.  To get the same kind of ad blocking I would need to install ad blockers on all the devices and even then the blocking would not be as effective as Pi-hole. It also speeds up your browsing by reducing downloaded ads and using a dns cache for frequent sites.

Pi-hole works by becoming your dns server for all the devices connected to your router.  It uses built-in ad blocking lists that can be updated and added to. After installation there is web based dashboard http://pi.hole/admin/ that shows all the addresses blocked and allows configuration of whitelists, blacklists, and all sorts of options.  During install you have the option of choosing between several free public dns servers to use as your internet dns. The choices are google, opendns, level3, comodo, dns.watch, quad9, cloudflare, or custom.  I tested a few of these and settled on quad9 for speed and consistency. It also blocks malicious sites which is nice if you have kids. After install you just need to configure your router to use your new pi-hole server for all DNS records.

First you must select the hardware you want to use.  The cheapest route is to use a raspberry pi.  I have an original raspberry pi B that met the minimum specs but I made a robot car out of it and so my choice was to use other hardware.  The sweet thing is this will run on any hardware that supports linux.  I had an intel nuc that was just collecting dust so decided to use it.  The installation was straight forward, download and install the linux distribution of your choice, it supports Ubuntu, Fedora, CentOS, Debian, and Raspberry piOS. In my case I downloaded ubuntu and used the dd command make a bootable usb stick and installed it onto my nuc. 

To install the pi-hole software, boot up your linux server and access a terminal or command prompt and type:

curl -sSL https://install.pi-hole.net | bash 

During the installation there are prompts for some information such as ip address to use for the new server and the public dns server to use.  This guide can help give more information if needed: https://www.smarthomebeginner.com/pi-hole-setup-guide/#Step_4_Pi_Hole_Installation

After install reboot your pi-hole and configure your router's dns server settings with the ip address of the pi-hole server that you assigned (i.e. 192.168.1.4) for ipv4. ipv6 can be configured with the address provided on the last installation screen.  Thats it! even though it seems complicated it literally took ten minutes once linux was installed to finish.  

The pi-hole dashboard will show when a new version of the pi-hole software is available.  To upgrade simply access your pi-hole server terminal and type: pihole -up

I've been enjoying all the stats and information on the dashboard and love to see all the blocked domains.  Enjoy! 

 

Changing default protocol to IPV4 vs IPV6 in Linux

Even though IPv6 is default on most systems now and has been for a number of years, it still seems to be more problematic than using IPV4.  It is interesting that a new router I bought had IPV6 disabled by default and the settings buried for turning it on.  That is why I prefer to have my web browser default to ipv4 first with the fallback to ipv6 within a second.

To configure this on Linux edit the /etc/gai.conf file using root priviledges, scroll down to where you see the following text and uncomment the precedence line.  Save the file and reboot.

#    For sites which prefer IPv4 connections change the last line to
#
precedence ::ffff:0:0/96  100

To test that its working properly go to https://ipv6-test.com/

It will show the default protocol and the fallback to ipv6 time.  The score should be 14/20 typically.

Thats it, now using a more proven and reliable protocol first with the newer and less proven protocol as backup.

keyboard and mouse update

Another aspect of having a great computer system is the peripherals one chooses.  Specifically the mouse and keyboard.  I prefer mechanical keyboards to membrane ones.  Mechanical keyboards have several benefits over membrane keyboards, they are faster by registering when multiple keys are pressed at the same time (n-key rollover), last longer up to 70 million key presses, and the keys have a more tactile feel.  You can also replace keycaps and customize buttons or lighting on most mechanical keyboards.    If you are unsure of what type of keyboard you are using right now, its probably a membrane keyboard.  Most PC manufacturers do not include mechanical keyboards with their systems since they are more costly.
Probably the greatest keyboard ever made was the IBM M series keyboard M series.   This keyboard used a buckling spring design that offered tactile feedback with the side effect of being quite noisy.  If you can live with the noise some people love this keyboard and you can still get a clone of it here Unicorp
I like the feel of the M series keyboard but it is a bit noisy for my taste.   My favorite keyboard that I own is a Corair K63 which uses cherry red switches.   Cherry switches are made in germany and considered the best switches for mechanical keyboards cherry switches. They come in red (light) brown (medium) blue (tactile) black (heavy) and a few other colors and activation force.   I love cherry reds, light and fast.  The only drawback to the Corsair K63 is that because it has unique media keys it would sometimes cause linux to hang at boot.   This was enough of an annoyance for me to look for a new mechanical keyboard that would work well in linux.  That led me to the logitech romer-g keyboards.   Since Corsair has an exclusive contract with cherry, logitech had no choice but to find another source for their switches.  They chose a company called Omron which makes high quality mouse switches Omron switches.  The swiches logitech designed with omron puts the led in the center of the switch opposed to the top edge in cherry switches.  They also claim 70 millon key presses opposed to cherrys 50 million.   After some research i ended up buying a Logitech keyboard with Omron Romer-G swtiches and I must say I have been completely satisfied with the lighting, tactile feedback, and speed of the keys logitech g413.   I also like how it has a usb port in the keyboard to plug in a usb stick or other devices.

As a seperate purchase I was looking for a new mouse that would be comfortable and fast with customizable lighting and buttons.  I saw a nice no-name chinese gaming mouse on amazon.com and decided to give it a try.  Although it wasn't too bad, it felt cheap and didn't fit my hand well causing hand fatigue while using it for extended periods.  I decided to keep searching for a better mouse, and ended up finding this one pro mouse
And while it looks simple it has a very fast sensor and programmable buttons and lighting.  I made the forward button the windows key, and the resolution button a page down button for faster shortcut keys and web use.  The lighting options allow changing colors, intensity, and patterns.   Another nice thing about this mouse is that the button and lighting customizations can be saved to internal memory in the mouse, so that you can use it in other OS's or plug into other computers and keep your settings without additional softare needed.

Overall I believe the a mouse and keyboard are the items that you tend to interact with more often than any other part of a PC and it is very important to get the right components.  Cheap items tend to be that...cheap.  Paying for higher quality components offer more features and tend to last longer which may not make them more expensive in the long run.  

Time to refresh a pc

I put together a pc back in 2014 that was a small ITX build.  I picked all the components which were pretty high-end at that time.  Gigabyte Z97N motherboard, I5-4690 3.5ghz CPU, Nvidia GTX970 GPU, 8G ram, Samsung 256G SSD, and slot DVD-RW drive.   It's been a good reliable pc however one thing always bothered me.  I had picked a new case from eVGA called the Hadron Air shown here: Hadron Air  I thought it looked good and was a very small case with a built in 80plus gold power supply.  What I didn't know at the time was that it is a 1U size server type power supply like this: 1U power supply.  This is probably a good reliable power supply but since it's made to be in a noisy server room its not good for a pc that is near your ears.  This power supply puts out a high pitch whine due to the tiny fan it uses.  Most times I could ignore it but sometimes it just bothered me like having ringing in my ears.

I did some research and the consensus was there is no quiet 1U power supply unless its low wattage, and since I couldn't fit a regular ATX power supply into the Hadron Air case I had no other choice but to replace the case.

After some research I decided on this case from Thermaltake: ITX Case.  One thing that sold me was the large 200mm fan which is slower moving making it very quiet and the dust filters on the input in front and on bottom.  I combined that with a super quiet 430W ATX power supply also from Thermaltake: power supply.  I decided to update my ram at the same time so I bought 16G ram from patriot: viper ram.

It only took about an hour to install the power supply and move the other components into the new case and connect/cable tie the cables.   This new case was a pleasure to work with since all four sides are removeable allowing access to anything with ease.  I then installed the new ram, and fired it up for the first time.   I was and still am amazed how quiet it is.  I had to verify the case fan and power supply fan were really working because I couldn't hear them.  The only fan noise I can hear is coming from my nvidia geforce.   I also like the layout and airflow of this case, its just an overall well designed case.

Overall, I'm happy I finally decided to do this upgrade as it makes using this pc a much more pleasent experience and I didn't want to replace the whole thing just because of noise. I also learned that size does matter, at least when it comes to fans.