Pi-Hole

[Pic0o]

Pi Rasperry Pi-Hole config quide:
Howdy and welcome to another thread.  I have a history of not being a fan of advertisements and do not run those banners on this site.  Besides a security concern, I think advertisement gets really creepy online.
Pi-Hole is an Operating System with dns capabilties and use of adblocking lists.  The added benefit of the request being denied even without plugin-based web browsing, is pretty handy.

Before you install, be sure if you are using a RaspberryPi or whatever device, that your user password is one of your own.  You do not want to go default with your LAN traffic.  If you wanna log a fun time, you can use one of these for short-term logging a little CTF monitoring style.  Logs are configured to purge after a few days on your standard Pi-Hole install. Please be sure to update your OS image with latest patches via said package manager.  In my case I set the primary network connection to a static address.  I have the service connection IP address details to use the actual router as DNS server.  Since all your other network DNS will be set to the fixed IP Address you bound to your Pi-Hole installed device.
SSH is likely disabled.  I like to administer my SSH session by serial to usb in the case of my Raspberry Pi installs.

Follow the install guide and advisory on their site about the bash | pipe install.  Quick comes at a trade off when you do not review the install process part for part.  If you go for the easy install and read the disclaimer, you can run the single line install:

curl -sSL https://install.pi-hole.net | bash

This thread is for administering and keeping yours updated, as with my configuration I ran into update issues using just the one connection.  Details ahead cover enabling a second connection to fetch updates, since you will have the primary network connection with a set IP address that handles DNS requests handed off from your router / main DNS device on your network.

To do updates to the OS and Pi-Hole local web services device / OS, I disable the service network connection to resolve conflicts of web requests to get out locally.  All the LAN clients will be fine getting pages.  In this case, I suspect the localhost calls in the Pi-Hole logs relate to my network layout and the device being bound to serve back to itself.  When logged into the [deviceIP]/admin configuration page I would also get failures to resolve list update servers.

Having plugged in a second USB NIC or using Wireless as an update connection, I ran the following commands to handle my network adapters.  Turning off the static address service NIC. In most cases likely eth0 as shown below

sudo ifconfig eth0 down

Do some pings and the like to see they should now resolve.  Do your updates etc for the OS.  In my case, Raspbian on a Pi 3.

Once those finish, load up the Web Admin panel for your Pi-hole install. Get your ip address for the active network connection with:

ifconfig

Connect to that IP address in a web browser and add '/admin' into the address bar at the end of the IP Address without the quotes around the path.

Login with your admin password to the admin panel and you should now be able to see updates are pending.  You need to start with the FTL update.  To do this, return to your SSH session.  As I mentioned I am working with serial over USB, but you can enable SSH over network if you so desire.  One more service for a network heavy component, so choose of your own accord in concern to security to conveinence.
On that SSH console, run:

pihole -up

Wait for the updater to get and deploy the new FTL version.  You will likely also be treated to the Web Interface and Pi-Hole version also being to current revisions.  Great!  Almost updated and running live AdBlocking again.
Still on your console, seeing the update completed you want to turn back on the main network connection we disabled for updating.

sudo ifconfig eth0 up

Overviewing network setup above:
Main Internet router will be your DNS server on the Pi-Hole device.  Manually set client DNS or change your DHCP server to set client DNS to the static address of your Pi-Hole install. (192.168.0.1 default-ish router)  Check your current IP config to get details if you do not know current network base configuration.
On the Pi-Hole install, set the primary network adapter to an address in that subnet (say 192.168.0.10)  Make sure DHCP server /or/ router will not also try to assign that address in it's pool.  The Pi-Hole DNS primary will be set to your local router (as above default-ish router 192.168.0.1)

I hope to have avoided huge gaps or inflected confusion in this thread. Jolly adblocking.  Even if you like making money from it, you have to know it is a vulnerable vector and kind of a shaky market.  I'm not here to tell you what to do, I'm sharing details to help block them on places that run them without respect to visitors.

[Pic0o]

Wild. So I saw a bunch of ipmac-binding errors for the Pi-Hole devices on my network in the firewall.  Turns out my issue with the pihole unable to get filter updates without a second NIC, got fixed by adding a DHCP reservation on that server.  It's definitely not what I expected to resolve the failed dns lookups on the pi-hole itself but I figured it was worth sharing.

I am also looking to use Pi-Hole devices for quick on the fly network building.  These things can totally serve DHCP out if you so choose.  Should be a fun way to setup quick test networks. :)

[Pic0o]

Recounting if your Pihole has an issue getting gravity lists or updates in the OS and web interface for pihole.  Check your router / firewall logs for ip mac binding errors.  Since the device is likely setup with a static IP, you may want to be sure to add a rule if you see it in the logs.
Updates should then work.

Oh cool.  Conditional Forwarding is a setting in the PiHole admin settings.  If your Pi-Hole is not working as a dhcp server, your device names will not all be able to be read from your router.

Quote

If not configured as your DHCP server, Pi-hole won't able to determine the names of devices on your local network. As a result, tables such as Top Clients will only show IP addresses.

One solution for this is to configure Pi-hole to forward these requests to your home router, but only for devices on your home network. To configure this we will need to know the IP address of your router and the name of your local network.

Accurate in my instance.  Yay updated interface!

[Pic0o]

I love these damn things.  As I mentioned, depending on your network configuration, you may need to add an ipmac-binding so your Pi-Hole gets updated blocklists and allows you to get OS updates on the same network adapter.

 

When you are SSH'd into one of them ( Remember I use serial over USB as to not have SSH running on a network adapter for the Pi-Holes ), 3 commands are your friend and can also be thrown into a single bash script to save you time on updates.  I am running Raspbian, so change you apt-get to relevant package manager, IE: pacman if you are on team Arch / Manjaro.

	sudo apt-get update && sudo apt-get upgrade -y
	sudo pihole -up
	sudo rpi-update
	

 

* The first line checks for, then installs new packages.

* 2nd line updates your Pi-Hole software

* 3rd line will check for Raspberry Pi firmware updates and install those.  You need to an should restart after the rpi-update runs.

( Optional ) You could add a reboot command at the end, but I like to confirm all went well before I reboot.

 

If you want all 3 to run, pop those 3 lines into a bash / text file and you can run that file to have your script push out these updates.
Details on how to execute a bash file script at link and quoted below

Quote

1. Set execute permission on your script:
   chmod +x script-name-here.sh
2. To run your script, enter:
   ./script-name-here.sh
   OR
   sh script-name-here.sh
   OR
   bash script-name-here.sh

[Pic0o]

Oh hey.  I guess you should not add rpi-update to your regular patch cycle.  Haha I have anyways.  No woes so far 😛
Quote from the updater too below:

 

Quote

WARNING: 'rpi-update' updates to pre-releases of the linux
kernel tree and Videocore firmware.

'rpi-update' should only be used if there is a specific
reason to do so - for example, a request by a Raspberry Pi
engineer.

DO NOT use 'rpi-update' as part of a regular update process.