I finally hit my breaking point with ads when I tried to look up a recipe on my phone. Between the pop-ups, the sticky video player in the corner, and the “newsletter” overlay, I couldn’t actually see the ingredients list. I have uBlock Origin on my desktop, and it works wonders, but that doesn’t help my phone, my smart TV, or the bizarrely chatty “smart” thermostat I installed last winter. I realized I needed to stop this traffic at the front door rather than trying to fight it on every single device inside the house.
That’s when I dug a Raspberry Pi 3 out of my spare parts bin and set up a Pi-hole. It acts as a DNS sinkhole. Instead of your computer asking Google where “doubleclick.net” is and getting an IP address back, it asks the Pi-hole. The Pi-hole looks at its blacklist, sees that it’s an ad server, and essentially replies, “Nowhere.” The ad never loads because your device thinks it doesn’t exist. It saves bandwidth and makes the web feel like the web again.
Why I prefer network-level blocking
You might ask why you can’t just install ad blockers on everything. The answer is simple: you can’t. Smart TVs, IoT devices, and even mobile apps often don’t support browser extensions. Furthermore, managing blocklists on twenty different devices is a maintenance nightmare I’m not interested in.
By handling this at the DNS level, I cover everything connected to my Wi-Fi automatically. Even the guest network gets sanitized. It’s also surprisingly lightweight. Since the Pi isn’t proxying all the video and image data—just the tiny DNS queries—even an older board handles the load without sweating.
Getting the hardware ready
You don’t need the latest Raspberry Pi 5 for this. In fact, that would be a waste of silicon. I’m running mine on an old Model 3B+, but even a Zero W is sufficient for most home networks. You just need the board, a decent power supply (don’t undervolt these things, they get unstable), and a MicroSD card. 8GB is enough, but 16GB gives you breathing room for logs.
I recommend connecting via Ethernet if you can. Wi-Fi works, but DNS needs to be fast and reliable. If your Pi drops off Wi-Fi, your entire house loses the ability to resolve domain names, which looks exactly like the internet is down. My family does not appreciate it when the internet “goes down.”
Installing the OS
I used the Raspberry Pi Imager tool on my laptop. It’s significantly better than the old way of manually writing disk images.
- Select Raspberry Pi OS Lite (64-bit). You don’t need a desktop interface for a server; it just wastes RAM.
- Click the gear icon (or hit Ctrl+Shift+X) to open the Advanced Options. This is crucial.
- Enable SSH and set a username and password. If you forget this, you’ll have to hook up a monitor and keyboard to the Pi later, which is a hassle.
- Configure your Wi-Fi credentials here if you aren’t using Ethernet.
- Write the image to the card, pop it into the Pi, and power it up.
The Installation Process
Once the Pi is booted, I logged in via SSH from my main workstation. I always start by updating the package repositories to ensure I’m not installing ancient software. After that, installing Pi-hole is shockingly easy because they provide an automated installer script.
I ran the standard command:
curl -sSL https://install.pi-hole.net | bash
This launches a blue ncurses interface. It walks you through the setup. Here are the choices I made:
- Upstream DNS Provider: I usually pick Cloudflare (1.1.1.1) or Quad9. This is who the Pi asks when the domain isn’t an ad.
- Blocklists: I kept the default list. It’s conservative, which is good. If you block too much too fast, you break legitimate websites.
- Web Interface: Yes, install this. It’s the dashboard where you see the graphs and, more importantly, where you whitelist things when they break.
- Static IP Address: The installer will ask to set the current IP as static. Say yes. If this IP changes later, your router won’t know where to send DNS queries, and everything breaks.
When the installer finishes, it spits out a random password for the web interface. Write this down. I didn’t write it down the first time I did this three years ago, and I had to SSH back in to reset it manually.
Configuring the Router
This is the moment of truth. You have to tell your router to stop using its default DNS (usually your ISP’s) and use the IP address of your Raspberry Pi instead.
I logged into my router’s admin panel and found the DHCP Server settings. There is usually a field for “Primary DNS” and “Secondary DNS.”
I entered the Pi-hole’s IP address in the Primary DNS field.
This leads me to a specific mistake I made early on: I thought, “I should put Google’s 8.8.8.8 in the Secondary DNS slot as a backup, just in case the Pi crashes.”
Do not do this.
Routers don’t always treat the secondary DNS as a “failover” only for emergencies. Many routers will round-robin between the primary and secondary, or just randomly use the secondary. If you put a standard DNS server in the secondary slot, a chunk of your traffic will bypass the Pi-hole, and you’ll still see ads. Leave the secondary blank, or set it to the Pi-hole’s IP as well.
Typical issues
Even after years of running this, I still run into small headaches. The biggest one is the “Google Shopping” problem. My partner tried to click a sponsored link at the top of a search result to buy a pair of running shoes. The link didn’t go to the shoe store; it went to a Google redirect URL that tracks the click.
Pi-hole blocked it. The page simply failed to load. To a non-technical user, this looks like the internet is broken or the store website is down. I had to log into the Pi-hole dashboard, go to the “Query Log,” find the blocked Google entry, and click Whitelist. It’s a trade-off: you get privacy, but you lose the convenience of clicking those sponsored top links.
Another thing to watch is power. Raspberry Pis are sensitive to power loss. If you just yank the cord, you can corrupt the SD card. Since this device is now critical infrastructure for your home, I highly suggest plugging it into a small UPS or at least ensuring everyone in the house knows not to unplug “the little black box” to charge their phone.
Lastly, if you use a VPN on your work laptop, it will likely bypass your Pi-hole entirely. Corporate VPNs usually tunnel DNS requests back to the office to resolve internal intranets. You won’t see ad blocking on that device while the VPN is active, and that’s expected behavior.
I treat my home network like a small production environment now: steady, monitored, and with a reliable DNS server that keeps the noise out.
