Home Guides Blog Tests Games Pathway Foss

PI-HOLE
MASTERY

// Block ads. Everywhere.

AD BLOCKING AT THE NETWORK LEVEL.

Pi-hole acts as a DNS sinkhole—blocking ads and trackers before they reach your devices. No browser extensions, no per-device setup. One solution blocks ads on your entire network.

PRIVACY FIRST.

Pi-hole blocks known trackers and malicious domains. Your browsing stays faster and more private. See exactly what's being blocked with the built-in dashboard.

BEGIN YOUR JOURNEY

// Your Training Path

Click a lesson to begin

LESSON 01

Introduction to Pi-hole

What is Pi-hole? How DNS blocking works.

Beginner
LESSON 02

Installation

Install Pi-hole on Raspberry Pi, Docker, or VPS.

Beginner
LESSON 03

Initial Setup

Configure DNS, set admin password, network setup.

Beginner
LESSON 04

Client Configuration

Configure devices to use Pi-hole DNS.

Beginner
LESSON 05

Blocklists

Add, remove, and manage blocklists.

Beginner
LESSON 06

Whitelisting

Allow specific domains. Fix broken websites.

Intermediate
LESSON 07

DHCP Server

Use Pi-hole as your DHCP server.

Intermediate
LESSON 08

Groups & Clients

Different blocking rules for different devices.

Intermediate
LESSON 09

FTLDNS

Pi-hole's DNS engine. Performance tuning.

Advanced
LESSON 10

Pi-hole + Docker

Run Pi-hole in containers. Compose files.

Advanced
LESSON 11

VPN + Pi-hole

Use Pi-hole remotely. WireGuard integration.

Advanced
LESSON 12

Troubleshooting

Common issues. Debugging DNS problems.

Advanced

// Lesson 01: Introduction to Pi-hole

×

What is Pi-hole?

Pi-hole is a DNS sinkhole that blocks ads and trackers at the network level. It works by intercepting DNS queries and returning 0.0.0.0 for blocked domains.

How It Works

  1. Device requests DNS for "ad.com"
  2. Pi-hole checks blocklists
  3. If blocked, returns 0.0.0.0
  4. Device can't load the ad

Benefits

  • Network-wide: Blocks on all devices
  • No client software: Works on phones, TVs, etc.
  • Privacy: Blocks tracking domains
  • Statistics: See what's blocked

Quiz

1. What does Pi-hole block at?

Show Answers
  1. DNS level / network level
← Back to Lessons

// Lesson 02: Installation

×

Installation Options

Raspberry Pi

# One-line installer
curl -sSL https://install.pi-hole.net | bash

Docker (Recommended)

# Run Pi-hole in Docker
docker run -d \
  --name pihole \
  -e TZ=America/New_York \
  -e WEBPASSWORD=yourpassword \
  -p 53:53/tcp -p 53:53/udp \
  -p 80:80 \
  -p 443:443 \
  -v pihole:/etc/pihole \
  -v dnsmasq:/etc/dnsmasq.d \
  --restart=unless-stopped \
  pihole/pihole:latest

VPS/Cloud

Run Pi-hole on any Linux server to block ads everywhere, even on the go.

Quiz

1. What port does DNS use?

Show Answers
  1. 53
← Back to Lessons

// Lesson 03: Initial Setup

×

After Installation

Access Admin Interface

Navigate to http://pi.hole or the IP address of your Pi-hole.

Configure DNS

Go to Settings → DNS and choose upstream DNS providers:

  • Google (8.8.8.8, 8.8.4.4)
  • Cloudflare (1.1.1.1, 1.0.0.1)
  • Quad9 (9.9.9.9)
  • Custom

Interface Settings

  • Listen on all interfaces
  • Respond to queries
  • Show options

Change Admin Password

# Change password
pihole -a -p newpassword

Quiz

1. How do you access the admin interface?

Show Answers
  1. http://pi.hole or IP address
← Back to Lessons

// Lesson 04: Client Configuration

×

Configure Devices

Router (Best Option)

Set your router's DNS to Pi-hole IP. All devices use Pi-hole automatically.

Device-Specific

  • Windows: Settings → Network → DNS
  • macOS: System Preferences → Network → DNS
  • Linux: /etc/resolv.conf or NetworkManager
  • iOS: Settings → Wi-Fi → DNS
  • Android: Settings → Network → Private DNS

Linux Configuration

# /etc/systemd/resolved.conf
[Resolve]
DNS=192.168.1.100
Domains=~

Quiz

1. Where is the best place to set DNS?

Show Answers
  1. Router
← Back to Lessons

// Lesson 05: Blocklists

×

Managing Blocklists

Default Blocklists

Pi-hole comes with curated blocklists. Go to Group Management → Blocklists to manage.

Adding Blocklists

# Popular blocklists
https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
https://adaway.org/hosts.txt
https://v.firebog.net/hosts/AdguardDNS.txt
https://v.firebog.net/hosts/Easyprivacy.txt

Update Blocklists

# Update gravity (blocklists)
pihole -g

Blocklist Categories

  • Ads: Ad servers
  • Tracking: Analytics, telemetry
  • Malware: Known bad domains
  • Social: Social media widgets

Quiz

1. What command updates blocklists?

Show Answers
  1. pihole -g
← Back to Lessons

// Lesson 06: Whitelisting

×

Fix Broken Sites

When to Whitelist

  • Site doesn't load correctly
  • Login doesn't work
  • Video won't play
  • Specific domain is blocked

Whitelist via Admin

  1. Go to Whitelist
  2. Enter domain (e.g., example.com)
  3. Click Add
  4. Click Save

Whitelist Command

# Add to whitelist
pihole -w example.com

# Wildcard whitelist
pihole -w -d example.com

# Remove from whitelist
pihole -w -r example.com

Regex Whitelisting

Use regex for complex patterns:

# Regex whitelist example
^.*\.googlesyndication\.com$

Quiz

1. What fixes broken websites?

Show Answers
  1. Whitelisting
← Back to Lessons

// Lesson 07: DHCP Server

×

Use Pi-hole for DHCP

Why Use Pi-hole DHCP?

  • Automatic device configuration
  • Devices automatically use Pi-hole DNS
  • No need to change each device

Enable DHCP

  1. Go to Settings → DHCP
  2. Enable DHCP server
  3. Set IP range (e.g., 192.168.1.100-200)
  4. Set router IP (gateway)
  5. Set local domain (e.g., local)
  6. Click Save

Disable Router DHCP

Important: Disable DHCP on your router to avoid conflicts!

Static DHCP Reservations

Assign fixed IPs to specific devices by MAC address.

Quiz

1. What must you disable on your router?

Show Answers
  1. DHCP
← Back to Lessons

// Lesson 08: Groups & Clients

×

Client-Specific Blocking

Create Groups

  1. Go to Groups → Groups
  2. Add new group (e.g., "No Ads", "Unrestricted")
  3. Assign domains/blocklists to groups

Assign Clients to Groups

  1. Go to Groups → Clients
  2. Add client by IP or MAC
  3. Assign to group

Use Cases

  • Kids: Stricter blocking
  • Work PC: Less blocking
  • Smart TV: Custom allowlist
  • Guest network: More blocking

Quiz

1. What assigns devices to groups?

Show Answers
  1. Clients
← Back to Lessons

// Lesson 09: FTLDNS

×

Pi-hole's DNS Engine

What is FTLDNS?

FTLDNS (Faster Than Light DNS) is Pi-hole's DNS backend. It handles DNS queries with minimal overhead.

Configuration

# /etc/pihole/pihole-FTL.conf
# DNS settings
DNSMASQ_LISTENING=all
RESOLVE_IPV6=yes

# Logging
LOG_QUERIES=yes
QUERY_LOGGING=yes

Blocking Modes

  • NULL: Return 0.0.0.0 (fastest)
  • IP: Return NXDOMAIN (more accurate)
  • Domain: Return custom domain

Performance

  • Pi-hole handles thousands of queries
  • DNS caching improves speed
  • Query logging can impact performance

Quiz

1. What does FTLDNS stand for?

Show Answers
  1. Faster Than Light DNS
← Back to Lessons

// Lesson 10: Pi-hole + Docker

×

Docker Deployment

Docker Compose

version: '3'
services:
  pihole:
    image: pihole/pihole:latest
    container_name: pihole
    ports:
      - "53:53/tcp"
      - "53:53/udp"
      - "80:80"
      - "443:443"
    environment:
      TZ: America/New_York
      WEBPASSWORD: yourpassword
      DNS1: 1.1.1.1
      DNS2: 8.8.8.8
    volumes:
      - ./pihole:/etc/pihole
      - ./dnsmasq:/etc/dnsmasq.d
    restart: unless-stopped

Running on Specific Network

# Create network
docker network create pihole-net

# Run with custom network
docker run -d --network pihole-net \
  --name pihole \
  pihole/pihole:latest

Backup & Restore

Mount volumes to preserve data between container updates.

Quiz

1. What preserves Pi-hole data?

Show Answers
  1. Volumes
← Back to Lessons

// Lesson 11: VPN + Pi-hole

×

Remote Pi-hole

Use Cases

  • Block ads on mobile data
  • Use at coffee shops
  • Protect on public WiFi

WireGuard + Pi-hole

# In WireGuard config
[Peer]
# Mobile device
AllowedIPs = 0.0.0.0/0, ::/0

# In wg0.conf - route DNS through VPN
PostUp = iptables -I FORWARD -i %i -j ACCEPT
PostUp = iptables -I FORWARD -o %i -j ACCEPT
PostUp = iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

Cloudflare WARP

Alternative: Use 1.1.1.1 WARP app for easy encrypted DNS.

Quiz

1. What VPN pairs well with Pi-hole?

Show Answers
  1. WireGuard
← Back to Lessons

// Lesson 12: Troubleshooting

×

Common Issues

DNS Not Resolving

  • Check Pi-hole is running: pihole status
  • Check upstream DNS: dig google.com @127.0.0.1
  • Verify firewall: sudo ufw status

Pi-hole Not Blocking

  • Verify device uses Pi-hole DNS
  • Check blocklists: pihole -q domain.com
  • Flush DNS cache on device

Debug Log

# Generate debug log
pihole -d

# View live logs
tail -f /var/log/pihole.log

Reset Pi-hole

# Reconfigure
pihole -r

# Or completely reset
pihole uninstall
# Then reinstall

Congratulations!

You've completed the Pi-hole Mastery guide. You now understand:

  • DNS-based ad blocking
  • Installation methods
  • Client configuration
  • Blocklist management
  • Whitelisting
  • DHCP server
  • Client groups
  • FTLDNS
  • Docker deployment
  • VPN integration
  • Troubleshooting
← Back to Lessons

// Why Pi-hole

Pi-hole is the ultimate network-wide ad blocker. Once configured at the router level, every device on your network benefits automatically.

It blocks ads, trackers, and malware at the DNS level—no per-device configuration needed.

Block ads. Everywhere. Forever.

// Tools & References

Pi-hole Docs

Official Documentation

docs.pi-hole.net

Pi-hole

Official Website

pi-hole.net

Blocklists

Additional Lists

firebog.net

Reddit

Community

r/pihole

StevenBlack Hosts

Popular Blocklist

GitHub

AdGuard DNS

Alternative Blocklists

adguard-dns.io