this post was submitted on 15 Oct 2023
86 points (96.7% liked)

Linux

48035 readers
1058 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
 

I ordered a Raspberry Pi 5 so I have a Pi 3 that’s about to be redundant. I haven’t used Pi-Hole so I was thinking it’d be good for that but I’m curious if there’s any downsides for users. Are sites blocked if you dont whitelist them? That sort of thing.

Basically, I’m not worried about me having issues but I’m worried about a maintenance headache if friends and family can’t access things.

top 50 comments
sorted by: hot top controversial new old
[–] clif 34 points 1 year ago (2 children)

Occasionally it's caused some problems with the tracking crapware that the spouse's company uses in their web platform. Since they work from home and it breaks the main site they use for work, I've had to add some exceptions.

I've also seen it occasionally cause problems on websites that rely on tracking garbage and outright fail when they're blocked. Usually I just never go there again but in a few cases it's been something I was forced to use so I just disable the pihole for five minutes, do what I need, and hope to never visit that site again.

I think there have been maybe eight of these occurrences in the past five years so it's not a continual annoyance. No big deal and definitely worth it.

[–] [email protected] 11 points 1 year ago (2 children)

“eight of these occurrences”

I’ve been using various forms of adblock for many years. If a website refuses to show you the information it contains: the information it has is probably toxic garbage.

I’ve lived by “if it doesn’t load, I doesn’t need it” for over a decade and I’ve never encountered a problem I couldn’t easily solve better without the troublesome webpage.

[–] [email protected] 2 points 1 year ago (1 children)

If a website refuses to show you the information it contains: the information it has is probably toxic garbage.

Ehhh. I've seen a number of news websites that have a "turn off your ad blocker" thing, and I'd imagine that this could trip that. They aren't malware sites.

[–] [email protected] 3 points 1 year ago (1 children)

90% of the time you can inspect element and then just delete it from the DOM.

load more comments (1 replies)
load more comments (1 replies)
[–] [email protected] 3 points 1 year ago (2 children)

Wait wait wait. Your spouse doesn't use a vpn for work? They rawdog your private, home network with it?

[–] BobbyShmurda 4 points 1 year ago (1 children)

Lol. Do you know how many companies, even cyber security companies, that don't use a VPN for remote workers? A lot sadly...

load more comments (1 replies)
[–] clif 2 points 1 year ago

Amazing, isn't it?

[–] thisNotMyName 31 points 1 year ago (2 children)

My gf likes to click on ad entries of Google searches - that doesn't work

[–] [email protected] 13 points 1 year ago

If you are able to (and allowed), install an AdBlocker (e.g. uBlock Origin) to reduce the friction for such cases. In my experience these ads are rarely click-worthy.

[–] [email protected] 12 points 1 year ago (2 children)

That's a feature, not a bug.

[–] thisNotMyName 10 points 1 year ago (1 children)

I know and I tell her that, too - it's just something to consider when calculating the wife approval factor

[–] [email protected] 3 points 1 year ago

Well, tell her that these ads can and often do contain malware, and as of recent have become even better at faking the real URL of a supposed service.

load more comments (1 replies)
[–] [email protected] 16 points 1 year ago (1 children)

I use default block list and had 0 issues so far

[–] [email protected] 9 points 1 year ago (1 children)

FML I shouldnt wtite this lol. Just after my comment I found that Lichess app is giving servfail in query and doesnt work. Apparently its unbound issue, but still have to sort that out

[–] [email protected] 7 points 1 year ago

I dont know what happened, but its working fine again. I guess unbound was tripping. Nvm me lol

[–] douglasg14b 14 points 1 year ago (3 children)

Quite often, yes, especially for apps.

For nearly a year the Android Amazon app wouldn't work. It would load, and then when a tracker failed to start, would show a generic error message page.

US bank mobile app wouldn't login for about 2 months last year.

This happens quite often when apps are built with dependencies they assume will load, and when there is a failure an error boundary catches it and shows an error view.

[–] Manifish_Destiny 7 points 1 year ago

I have not had either of these issues.

[–] [email protected] 7 points 1 year ago

I have occasional issues. I just open the logs in the web admin and whitelist whatever is being blocked when the request fails.

For instance my fitness app just changed media hosts for their videos. I could login but not stream anything. It took about 2 minutes to find and fix the issue.

I usually start by clicking disable and trying again. If it works I know it's something the pi is blocking.

[–] [email protected] 3 points 1 year ago

It heavily depends which filter lists you use obviously. I never had this issues and neither my family does

[–] [email protected] 13 points 1 year ago (1 children)

Been using pi-hole since 2016 and I’ve had to make but a handful of exceptions over he years. I guess it’s a case by case thing.

[–] Potatos_are_not_friends 7 points 1 year ago

This is me. Every few months, I have to add an exception. Usually because of a family member. My wife literally thought her emails were broken for weeks.

The benefit is visiting the dashboard and being amazed at how many ads/trackers are being blocked.

[–] [email protected] 13 points 1 year ago* (last edited 1 year ago)

Most things just work, and I have 3.5 million domains blocked. When something doesn't work you can go into the query log to see what was blocked, and whitelist it from there. I seldom have to do this. Some apps are written to fail completely if they can't send their telemetry, but most just work without the ads.

[–] [email protected] 12 points 1 year ago (1 children)

Important? Depends on who you ask, but annoying? Yes absolutely. I've found with both Pihole and Adguard Home that deal links posted on Slickdeals are broken. But those also redirect several times and it can be a bit cumbersome to whitelist all the domains.

I also found out recently that one (or more) of my blocklistsnin AGH was blocking Steam from uploading games saves. So I had to remove some.

[–] GustavoM 11 points 1 year ago (1 children)

There might be a chance for false-positives. Or to just clog your dns responses with repetitive queries.

Then again, you don't need more than a HaGeZi blocklist anyway.

load more comments (1 replies)
[–] [email protected] 11 points 1 year ago

Depends on what lists you add to pihole (or adguard).

The default lists for both are primarily advert or tracking related, and very safe to keep. The only time I whitelist is when I'm following some kind of shopping deal that uses a tracker. Most linux related things are free from that.

[–] jackoneill 11 points 1 year ago (1 children)

I have a pihole, I love it. My wife hates it so much I made her her own Wi-Fi network on her own vlan that’s isolated from the rest of the network and uses Google dns. My wife likes to click ads and watch TikTok and all that shit is blocked on my network

[–] [email protected] 15 points 1 year ago (2 children)

... All you had to do is create a group in the pihole, set it to bypass the filters using a '*' whitelist entry, then assign any devices you want to bypass pihole to that group.

[–] [email protected] 7 points 1 year ago (1 children)

That person is suspicious that the rogue device without adblocking is going to poison the whole network.

I won’t speak to the wisdom of that, but I’m going to imagine that’s what the issue with your suggestion is.

[–] [email protected] 3 points 1 year ago (1 children)

Lmao, LAN mesh network to distribute ads? That's a bit intense...

[–] [email protected] 4 points 1 year ago

I am a big fan of the idea that by doing this the OC is effectively the ad-distributor in this scenario…

[–] jackoneill 5 points 1 year ago

But then TikTok would be on my vlan….no….

[–] [email protected] 9 points 1 year ago

Yes, but first go check which list you want to use since they're a good starting point to understand a kind of level of tolerance and expectations around your experience.

There's lots of lists around here's a small sample:
https://arstech.net/pi-hole-blocking-lists-2023/

Be prepared for a bump in time outs as you work through things you might need (I blocked by accident a bunch of needed Microsoft services that I need to use during my job).

I haven't edited my white list in months, maybe over a year. It's going very well. I've been running pihole on ubuntu for more than 5 years as two virtual machines. I'm happy.

[–] [email protected] 9 points 1 year ago

About two years ago I played a shitty mobile game called Idle Miner Tycoon and its pseudo-multiplayer system wouldn't work. It turns out that Pi-hole was blocking a domain the game used. While I did whitelist the domains I ended up not playing the game anymore.

[–] [email protected] 7 points 1 year ago (1 children)

My most frequent issue is that links created through an email service provider like ConvertKit will get blocked by PiHole.

I’m a small business owner and so I get a lot of other people’s newsletters, on purpose. I like seeing what mentors and colleagues are doing with their businesses. But a link to their website, a blog post, anything really will almost always be blocked by PiHole if it’s sent via an ESP. This kind of “tracking” (email clicks from a small biz I know and trust) is something I am totally fine with.

It’s easy to disable for 1 minute to click through, but sometimes I forget that the PiHole is active and I can’t figure out why the links aren’t working.

[–] [email protected] 4 points 1 year ago (1 children)

For things like that, ie tracking that you're ok with; just take a look at which domain is being linked to in the email and add them to your piholes whitelist. You may have to do this a few times as you discover new ESPs but pretty soon you'll have a good list of them and won't see them blocked anymore.

Better than having to remember to disable the whole pihole every time.

[–] [email protected] 4 points 1 year ago

I don’t manage our PiHole, so easier said than done. I’m the non tech spouse (although not clicking ads or on TikTok all day, lol) but I can’t bug my spouse in the middle of the day to whitelist something for me. I can easily disable it myself and it takes 10 seconds. I could learn how to whitelist, but TBH I have enough tech to keep up with for the business already.

[–] [email protected] 5 points 1 year ago* (last edited 1 year ago) (5 children)

Been running it 7 years with a combined adlist of 1,089,320 domains.

It's really rare that I run into a site that won't load or function correctly (like once maybe twice a year). The most noticeable really is the ad results in Google, but I've moved away from that to DuckDuckGo anyway.

In the few cases that you do want to use a blocked doman; you can open pihole and either whitelist the domain with one click right out the query log, or disable pihole blocking entirely for 5sec-30min with one or two clicks.

If you really want to, you can group clients and adlists so some clients have much stricter blocking than others do. You can even leave some devices completely free of blocking while still using pihole to log their traffic.

By far one of the noisiest blocked domains is Nvidias driver telemetry. If you don't strip it out using NVSlimmer, it'll constantly retry its phone home, spamming the pihole with dns requests (not enough that it can't handle, but enough that it's VERY noticeable in the dashboard)

load more comments (5 replies)
[–] [email protected] 5 points 1 year ago (1 children)

The only one I ever found in 2 years of pihole use was cdn.cookielaw.org.. a good percentage of sites won't display with it blocked. Most other stuff is fine.

When I first installed pihole I went overboard with blocklists and broke nearly everything.. don't do that :p

load more comments (1 replies)
[–] [email protected] 4 points 1 year ago

Yesterday I couldn't download stuff from Ansible gateway because my lists blocked the object storage URL but there's a query log in both tools that makes troubleshooting easy and Adguard has a disable protection button that can disable filtering and can disable it for a set amount of time so you don't forget to turn it back on

[–] [email protected] 4 points 1 year ago

Lots of downsides which proponents forget to mention.

  1. My wife clicks ads. I know, I couldn’t believe it either. Being unable to click ads made her sad, so I had to bypass all her devices.

  2. Many sites, including social media, are rendered inoperable. Either because their domains are black listed by a filter, or because the site refuses to load/render without being able to serve ads. Ad blockers have a similar issue, but it’s much worse with pihole.

  3. Lots of critical services rely on telemetry to operate. Office applications, operating systems, your TV, your phone. When they can’t access their telemetry servers, exception handling ranges from graceful to catastrophic. That is, many devices and applications will cease to function. You’ll spend a lot of time tracking down the apps, devices, processes, and IPs you need to whitelist. This is a HUGE PITA, and an ongoing process. Server IPs change, as do the number of servers required for operation.

[–] [email protected] 4 points 1 year ago (1 children)

I'm using AdGuard, which is pretty similar. I had issues with my Sonos speakers. The devices couldn't find the speakers until I set a few servers on the whitelist.

Apart from that, all's good.

[–] [email protected] 5 points 1 year ago (2 children)

Good, Sonos is shit anyway.

Why would a speaker even need an app in order to be configured when a webapp should be fine? And why would that app need GPS location data in order to do so? It is on my network, it should just find the devices on my network. I don't need to be able to access it when I am on the other side of the world. It is a speaker.

And most importantly, why would the app on the computer have LESS functionality than the mobile app?

Sonos is the embodiment of enshittification.

load more comments (2 replies)
[–] ptrckstr 3 points 1 year ago (1 children)

You have full control over what you block and whitelist. So if anything goes wrong, you can just troubleshoot it and whitelist if needed. If all fails, you can always (temporarily) turn off all blocking in pihole.

load more comments (1 replies)
[–] [email protected] 3 points 1 year ago (5 children)

DNS blocking is heavily dependent on the blocklist(s) you use. It's entirely possible to block >95% of crapware, and break companies' ability to track you without compromising usability.

Having used both for a lot of years, I'd say look instead at AdGuard Home. It is also FOSS but supports more out of the box; including certificate management, the ability to use encrypted DNS both upstream and downstream without need for third party software (cloudflared), the ability to use adblock filter syntax (lists are 200k lines instead of 2 million lines, but actually block more), and so on. PiHole has some improvements pending in the next version, but it's not there yet in comparison, imho.

I'd also strongly suggest you check out Hagezi's DNS blocklists, as they're pretty much set and forget. They're intended to be used as your only block list, and do an excellent job (see testing in the Discussions on their GitHub). Use the Normal list if you don't want to deal with false positives occasionally, and the Pro++ list if you don't mind getting your hands dirty (whitelisting occasionally) and want to block every last scrap of annoyance and anti-privacy crapware on the web. Both will significantly improve your online experience.

load more comments (5 replies)
[–] [email protected] 2 points 1 year ago

Just make sure you have port 53 and 80 open. I recently had some problems myself trying to get Pi-Hole up and running. I already had dnsmasq taking up port 53 for a wifi hotspot, which conflicts with Pi-Hole's own DNS. Aside from that, hosting any websites can also conflict with Pi-Hole's frontend.

If you aren't using your Pi 3 for anything yet then I already assume this shouldn't be a problem though.

Good luck and have fun setting up your Pi-Hole!

[–] hemmes 2 points 1 year ago

Only if you like watching commercials on paramount +

load more comments
view more: next ›