TEKHaus Podcast - EP001 - Stick it in Your PiHole

TEKHaus Show Notes

Episode #: 1

Date: 05/16/19

Hosts: Geoff Farinha & Dan Sagner

Who Are We?

Geoff

  • Nothing involving cool technology by day

  • General Gamer and Technology ADHD sufferer by night

  • Podcasting for various Websites and Networks since 2007

  • I have no life :)

Dan

  • The Reluctant Windows Sysadmin by day

  • Linux Enthusiast by night

  • Systems Engineer for number of MSPs over the last 10 years

  • Voice actor and general Audio Enthusiast 

  • Standard Nerd

Game Plays (What We’re playing)

Geoff 

  • DOOM (2016)

  • Halo MCC

  • Star Wars KOTOR Mobile

Dan 

  • XCOM: Enemy Within on Steamlink

  • TES: Blades on mobile

  • Subnautica: Below Zero

News Topics (What we think is interesting to run through)

  • GF Recent Windows updates making computers slower. Oh Joy!

  • DS Some users are reporting freezes upon login, while others claim lengthy times to boot to desktop after installing the April patches.

  • GF The issues seem linked to the use of antivirus products from specific manufacturers, including Avast, AVG, and Sophos.

  • GF Seems to be caused my Microsoft changing somehting about how thses AV products interact with Windows.

  • DS This is one of the reasons I have run my PCs naked for years.  No AV for this daring boi.  Now, Windows Defender is Good Enough™ and doesn’t come with the issue of being a hook-heavy application that introduces add’l vulns.  Remember ZoneAlarm?  Disappeared almost overnight when XP SP2 turned on Windows Firewall by default.  That’s where the AV Industry is going.

  • DS Then, the May update won’t install if you have a USB flash drive or an SD plugged in.  I really don’t know what else to say about that.  “It just works!”

  • DS Ubuntu 19.04 Disco Dingo Released 2019.04.19!  Exciting improvements.  

  • DS Linux Kernel 5.0 inclusion is great, but still no ZFS on root support!  You can still do it, but it’s not blessed by the OS because the drivers for ZFS aren’t baked into the kernel.  you need to install a module.  If that module breaks before boot… Well, you don’t have a paddle.

  • DS Installed it in a VirtualBox and it runs far better than my 18.04 instance.  I can definitely see the performance improvement in drawing the applications.  Even video and audio work better in the virtualized environment.  I had issue with Alsa last release and I’m glad to see they resolved that.

  • GF As per usual, non-LTS releases get 9 months of updates till they reach their End Of Life. So Ubuntu 19.04’s EOL should be somewhere around January 2020.

  • GF Amazon prime video on Chromecast!? The cows have frozen over.

  • DS It appears at though the fear of Disney’s new streaming service looming on the horizon was enough to encourage Amazon and Google to kiss and make up.  In a couple months we should have Amazon Prime Video apps that can cast to Chromecast and a fully-blessed Youtube app for the Fire Stick.

  • GF (General grumbling and ruminations about the many streaming services.)  We’ll talk about the far superior solution, Plex, in another episode.

Feature Chat (Our feature story for this episode)

PiHole deep dive

  • What is PiHole?  

  • Pihole is a little application that can fit on a Raspberry Pi.  It works as your DNS server for your network (usually handled by your router) and blacks ads, tracking, porn, malicious sites, other undesirables.

  • Why would you want to use it?

  • PiHole makes your surfing and general internetting faster in 2 ways.  First, you don’t have to load all those ads it’s blocking and tracking it’s preventing.  Second, it retains a cache of pages it needs to look up!  That means that the next time you go to amazon.com, it doesn’t need to ask another server where to send you.  This speed up your DNS lookups by milliseconds.  While that doesn’t seem like a lot, I bringing up the CNN.com homepage generated 105 DNS queries on a recent wireshark capture.  How many web pages do you visit each day?  You can see that this will add up quickly.

  • It handles DHCP for your network if you’d like

  • And it works better in this capacity as well.  A nice GUI for your DHCP.

  • Hold on… What is DNS

  • DNS is like the phone book for the internet.  If you tell me to call Pizza Hut, I need to look up their phone number… OK Well, I don’t because I have them on speed dial, but… I need to relate a name to a number, then I can order my extra cheese with stuffed crust.  DNS does this for webpages.  ebay.com doesn’t mean anything until you resolve it as 66.211.162.12.  Only then can your browser talk to it and order extra cheese with…. I mean bring up the website.

  • What is DHCP

  • DHCP stands for Dynamic Host Configuration Protocol.  Essentially, when your phone, computer, whatever connects to a network, it send out what’s called a “broadcast”.  It yells into the network and asks for an address, among other things.  The first server to respond wins.  This is how most things on a network get their address, gateway, time options, subnet, DNS.  

  • How is PiHole installed?

  • While generally considered super bad form, you can curl it into bash.  See the pi-hole.net website for the command.  This is highly insecure.  You’re essentially running someone else’s code from the internet as root blindly on your server.  You can curl to a file and then audit the code if you like. All I can tell you is that I have done it and had no issues.  It asks you a couple questions and you’re done!

  • First question is on what interface it should listen.  This should run on something with an Ethernet port, so choose your Ethernet adapter.

  • Next, choose your DNS forwarder.  If you're not sure, choose google.  I have mine set to OpenDNS.

  • The installer will then ask you if you would like to use all the default lists.  You probably do, so go onto the next step.

  • You'll be asked if you want to block ads over IPv6 and IPv4.  We'll go into more depth in another episode about what the difference between these two are, for now just say yes.

  • Next it will offer to use your current IP as the static.  You can if you'd like, but if you have a better idea of where it should go, choose no and enet your desired static IP and gateway on the next page.

  • Net step is the admin interface and webserver.  You surely want this as it provides some nice data and graphs to show how much better your network is running.  And we all love some good data porn.  Then choose to enable logging and your desired privacy settings.  Are you sure you want to see exactly who was looking up lasagne recipies at 2am?

  • PIHole's installer then finishes up and gives you your admin URL and password.  Take note of these.

  • That's it!  PiHole is installed!  Now to start using it, you'll have to either 

  • a) edit your router's DHCP settings to point your clients to the PiHole for DNS requests or

  • b) turn off DHCP on your router and let PiHole handle it

  • Both of these options vary wildly depending opn what router you use, so this is resolved using the most powerful tool at your disposal, Google!  Or DuckDuckGo if you are google wary like my esteemed co-host.

  • What kind of hardware is needed?

  • It depends on how you use it.  As the name implys, it’s designed to run on a Raspberry Pi.  I have found that larger block lists cause higher memory usage.  I run mine on my main server because I’m pulling in over 35 block lists with over 3.2 million URLs blocked.  The standard is about 100,000.

  • How does PiHole know what to block?

  • The aforementioned blocklists.  There are lists (lists of lists!) of them online.  Checking the pihole forums or reddit will net you a good stash.  Balance this with a manually-curated whitelist (you can also find such things on Reddit) and you’re good to go.

  • How does it block these things?

  • When you visit a site, DNS requests go out like mad.  The PiHole answers all of these requests.  The legitimate traffic it allows through.  The stuff you don’t want to see, it returns a garbage result.  This results in you seeing the content that you want, and none of the ads, or tracking.

  • Potential issues/things to consider before deploying?

  • Spousal approval.  Does your wife use Facebook/Pintrest?  Does your husband love that smart TV?  Expect to spend some time fine-tuning your whitelist.  This need to babysit increases the more blocklists you add, but over time you’ll touch it less and less.  I touch mine once every other week now and it’s been running for about 5-6 months.

  • If we got you interested in speeding up your network while protecting yourself from tracking and advertising, then go for it!  A Pi is like $20 and your edification is priceless.

  • https://firebog.net/

Connect with Us

Geoff - @GeoffEff

Dan - dansagner.com - No social media for this edgyboi

In Closing

Please subscribe to the show in iTunesor Google Playand take the time to leave us a review and comment. You can show your support to the show and the TEKSide Network for as little as $1 a month on our Patreon page at www.patreon.com/tekside. We thank those that have already made a commitment. Leave us a comment on Twitter @tekhausor email the podcast at tekhaus@tekside.netCheck out our website at tekside.net/tekhaus. Also, be sure to check out all our other great podcasts, blogs, photo galleries and the TEKSide store on tekside.net. We thank you all for listening! Goodbye!