Send all the ads to your Pi-hole with Bind9
Now I know that many websites need ad revenue to survive and that ads can serve a useful purpose, but many websites have abused our trust by showing drop down, pop ups, push outs, flashing, annoyances; often with tiny close buttons seemly deliberately designed so that you click on the ad in error. The ad networks have hosted malware and other nasty content; not to mention tracking you wherever you go. As I give back in other ways such as providing free content, answering forum questions, and paying many content creators on Patreon, I am happy to block this torrent of ads with a clear conscience.
While I have been using the excellent AdBlock Plus browser extension for many years, this current adventure started when I saw this video on the Linus Tech Tips channel.
Doing some research showed that while the Pi-hole was primarily aimed at the Raspberry Pi platform (hence the name), it could also be installed on Ubuntu.
The only problem I could see was that the server I wanted to install it on was already running Bind9 as a local DNS server, which would conflict with Pi-hole as they would both want to use port 53. Some more research was required.
This wasn’t the answer, but it had some clues.
My final configuration is described below. The resulting process is to insert Pi-hole between the Bind9 service and the external DNS server, which works perfertly except that the Pi-hole GUI reporting shows all of the queries coming from ‘localhost’ rather than the actual clients.
The original configuration looked like this:
clients(port 53) -> bind9(port 53) -> external DNS (eg: 18.104.22.168)
The final configuration is:
clients(port 53) -> bind9(port 5353) -> Pi-hole -> external DNS
I’m assuming that Bind9 has already been installed and the clients are configured to use it. There are many tutorials on this if you need help.
Install dnsmasq. Expect to see some errors during installation; these will be corrected in the next step.
sudo apt install dnsmasq
Edit dnsmasq configuration to change the port setting to 5353 and restart the service. Once the port has been changed the service should start without any errors.
sudo nano /etc/dnsmasq.d/01-localoptions.conf
^X and save
sudo systemctl restart dnsmasq
wget -O basic-install.sh https://install.pi-hole.net
chmod +x basic-install.sh
change Pi-Hole password (leaving blank removes the password)
pihole -a -p
Change the Pi-Hole listening interface to local devices only
pihole -a -i local
Edit bind9 configuration to use Pi-Hole
sudo nano /etc/bind/named.conf.options
127.0.0.1 port 5353;
^X and save
Use a client to browse to a site known to have ads to check that they are being blocked. Note that you may need to flush the browser cache. If everything is working correctly you should see few, if any, ads. There may be blank areas where an ad would have been.
One problem I did have was that while everything worked properly on all of my Ubuntu, MacOS, and iOs devices, my Windows 10 machine was still showing all of the ads without any change. I checked, rechecked, checked again, flushed DNS, rebooted, with no effect.
Finally after much puzzling I found the solution.
Avast has a feature called Real Site (aka Safe Site) that protects you from hackers hijacking your DNS, but it seems in this case it was seeing Pi-hole as malicious and restoring the ads. Disabling this in the Avast GUI corrected the issue.