We all know how ads can be annoying and blocking them typically involve installing an ad-blocker on each device, browser, ... In this guide I'll show you how you can block ads on most device (iPhone, Mac, Android, Windows, ...).
Pi-Hole is a general purpose network-wide ad-blocker that protect your network from ads & trackers. It's main advantage over browser's ad-blocker is that it block ads on any type of software.
- A VPS (near you or in the country you want to be)
- Know the basics of Linux
- Some 30 free minutes in your schedule
There is plenty of VPS provider, I've personally chosen Hetzner but Linode is also really good ! (you can use my Hetzner link to get $20 cloud credits)
It takes no time to install Wireguard on Linux thanks to angristan.
curl -O https://raw.githubusercontent.com/angristan/wireguard-install/master/wireguard-install.sh chmod +x wireguard-install.sh ./wireguard-install.sh
Go read the README to learn how to use the script.
All you need is running this simple command:
curl -sSL https://install.pi-hole.net | bash
During the setup you will be able to choose the interface for Pi-Hole to listen to, choose wg0.
sudo apt install unbound
You might have to configure Unbound for it to be fasttttt.
vim /etc/unbound/unbound.conf.d/pi-hole.conf server: verbosity: 0 interface: 127.0.0.1 port: 5335 do-ip4: yes do-udp: yes do-tcp: yes do-ip6: yes prefer-ip6: no harden-glue: yes harden-dnssec-stripped: yes use-caps-for-id: no edns-buffer-size: 1472 prefetch: yes prefetch-key: yes minimal-responses: yes cache-min-ttl: 300 cache-max-ttl: 86400 serve-expired: yes msg-cache-size: 50m rrset-cache-size: 100m num-threads: 1 so-reuseport: yes so-rcvbuf: 4m so-sndbuf: 4m private-address: 192.168.0.0/16 private-address: 169.254.0.0/16 private-address: 172.16.0.0/12 private-address: 10.0.0.0/8 private-address: fd00::/8 private-address: fe80::/10
You can finally restart unbound.
sudo service unbound restart
As you use Unbound, you will have to disable Pi-Hole DNS cache as well as redirecting to the right DNS server instead of using Cloudflare, ...
vim /etc/pihole/setupVars.conf WEBPASSWORD= BLOCKING_ENABLED=true ADMIN_EMAIL= WEBUIBOXEDLAYOUT=traditional WEBTHEME=default-dark PIHOLE_INTERFACE=wg0 IPV4_ADDRESS= IPV6_ADDRESS= QUERY_LOGGING=true INSTALL_WEB_SERVER=true INSTALL_WEB_INTERFACE=true LIGHTTPD_ENABLED=true CACHE_SIZE=0 DNSMASQ_LISTENING=single PIHOLE_DNS_1=127.0.0.1#5335 DNS_FQDN_REQUIRED=true DNS_BOGUS_PRIV=true DNSSEC=false REV_SERVER=false
And finally you can repair Pi-Hole using:
You can now go on your Pi-Hole dashboard: http://ip/admin.
And check that your settings are correctly configured.
Dashboard > Settings > System > FTL Information >>> DNS cache size should be = 0.
Dashboard > Settings > DNS > Upstream DNS Servers >>> Custom 1 (IPv4) = 127.0.0.1#5335 >>> Everything else should be unchecked.
Dashboard > Settings > DNS > Interface listening behavior >>> Listen only on interface wg0.
And that's pretty much it!
All you have to do now is to generate a config client for your Wireguard server, install it on any device and once the connection will be established, you can say bye bye to ads and hello to anonymity.