Pi-hole is an excellent whole-home, self-hosted ad blocker and DNS filtering tool. For an easy way to install Pi-Hole see my post on installing Pi-hole using Docker.
Pi-hole intercepts every request for a website from your home network (including any devices on WIFI) and checks whether the website is on a “bad list” (ad engine, malware, adult site, etc.). If it is, then the site is blocked. If it isn’t, the request is forwarded to a filtered or unfiltered name server which you specify (such as Google’s, OpenDNS or Cleanbrowsing.org’s). Your upstream DNS provider can be unfiltered (like Google’s 8.8.8.8) or filtered (like Cleanbrowsing’s Family Filter 185.228.168.168). The result is a very ad-free (and if you choose, filtered) browsing experience both on mobile and desktop without having to install any software on any devices.
There are free “upstream” DNS providers that provide free filtering for malware and other harmful sites but don’t provide (at least on free accounts) very many options to white list sites that you may want to allow on your network. For example, Cleanbrowsing blocks reddit on its Family Filter (for good reason, IMO, as reddit contains a lot of objectionable material). Still, if you want to block adult sites, but permit reddit in order to access the tech forums, you won’t be able to do that through the Pi-hole admin interface or the free Cleanbrowsing Family Filter.
In addition, Pi-hole’s admin interface only allows you to specify upstream DNS providers for every request, so at least as of the current version there is no way to send different domains to different upstream DNS providers.
What to do? If you whitelist the domain using Pi-hole’s white-list settings, the domain will still be blocked as it is only whitelisted on the local Pi-hole name server, not on the upstream provider. Pi-hole will see the domain, not check it against it’s block lists (i.e., gravity lists) and send it on to the upstream provider only for the upstream provider to block the domain.
By manually editing a configuration file on your Pi-hole server, you can send certain domains to any upstream DNS provider you want, rather than the default upstream provider in your DNS settings. That way you can effectively whitelist as many domains as you wish.
Here’s an example. On your Pi-hole server, open a new configuration file named “bypass_upstream_dns.conf” (or any other name you wish provided you use .conf as an extension), in the /etc/dnsmasq.d/ directory. If you installed Pi-hole using my Docker instructions, the etc directory is located in the directory where your docker-compose.yml file is located.
vi etc/dnsmasq.d/bypass_upstream_dns.conf
Now simply specify the domain you wish to white list and the IP address of an unfiltered name server (in this example, Google’s) using the following format:
#Domains to be allowed regardless of upstream DNS i.e, they are sent to google dns instead of cleanbrowser dns server=/reddit.com/8.8.8.8
Exit and restart your Pi-Hole server. Using docker-compose this would be:
docker-compose down; docker-compose up -d;
Credit for this trick goes to this thread in the pi-hole forums.
Avoiding Browser Plugins with KeePassXC KeePassXC is a popular free open source password manager. As…
If you've had a Gmail account for years, like I have, at some point you…
Here's a little trick I use to back up my Raspberry Pi without having to…
I try to keep my email inbox fairly clean but I do subscribe to some…
I was recently faced with the dreaded prospect of re-installing Windows 10. While the standard…
I just released a new open source project on github called Uproot. What is Uproot…
