Network-wide ad blocking with Pi-hole

Browser ad blockers work for one browser on one device. Pi-hole blocks ads and trackers for every device on your entire network. Phones, tablets, smart TVs, IoT devices. Everything that connects to your network gets ad blocking without installing anything on the device itself.

How it works

Pi-hole is a DNS sinkhole. It runs a DNS server on your network that intercepts requests to known advertising and tracking domains. Instead of returning the real IP address, it returns nothing. The ad never loads.

You point your router's DNS settings to Pi-hole, and every device that gets its DNS from your router automatically uses Pi-hole. No per-device configuration needed.

Running it with Docker

The easiest way to run Pi-hole is with Docker Compose:

services:
  pihole:
    image: pihole/pihole:latest
    container_name: pihole
    ports:
      - "53:53/tcp"
      - "53:53/udp"
      - "80:80/tcp"
    environment:
      TZ: "Europe/Berlin"
      WEBPASSWORD: "your-secure-password"
    volumes:
      - ./etc-pihole:/etc/pihole
      - ./etc-dnsmasq.d:/etc/dnsmasq.d
    restart: unless-stopped

Run docker compose up -d and Pi-hole is running. Access the admin dashboard at http://your-server-ip/admin.

Configuring your network

Change your router's DNS server to point to the IP address of the machine running Pi-hole. The exact steps depend on your router, but it is usually under DHCP or LAN settings.

Alternatively, if you cannot change your router's DNS (some ISP routers lock this down), set Pi-hole as the DNS server on individual devices.

What gets blocked

Pi-hole uses blocklists of known ad and tracking domains. The default list blocks around 100,000 domains. You can add more community-maintained lists to increase coverage:

• Steven Black's list is a solid general-purpose blocklist
• OISD provides comprehensive blocking with minimal false positives

Add them in the Pi-hole admin under Adlists.

The dashboard

The Pi-hole dashboard shows real-time statistics about DNS queries on your network. You can see which domains are being blocked, which devices are making the most requests, and how many total queries are being filtered.

It is genuinely eye-opening to see how many tracking requests your devices make. Smart TVs are especially bad. I have seen my TV make hundreds of tracking requests per hour.

Handling false positives

Occasionally Pi-hole blocks a domain that you actually need. The admin dashboard has a query log where you can see what was blocked recently. Whitelisting a domain takes one click.

In my experience, false positives are rare with the default blocklist. I have had to whitelist maybe 5 domains in the two years I have been running Pi-hole.

The numbers

On my network, Pi-hole blocks about 15-20% of all DNS queries. That is 15-20% fewer requests to ad servers, tracking pixels, and telemetry endpoints. Pages load faster because the browser is not waiting for blocked resources, and you use less bandwidth.

For a setup that takes 10 minutes and runs on basically any hardware, the improvement is significant.

Sources

• Pi-hole Documentation
• Pi-hole Docker Image