Set up PiHole on Debian within a Windows domain

Since ads are bothering me more and more, and if you feel the same like me you can look into installing PiHole on a Debian server (or RaspberryPi, whatever...).

This setup includes Easylist functionality!

The following is my PiHole setup:

 

In my domain there are two domain servers. The upstream DNS (forwarders) are configured towards my PiHole servers.
These are on their turn the downstream and upstream DNS servers of my domain.

This provides me with a certain fail over safeguard.

Article

Pre-reqs:

  1. Install a new Debian server (or use your existing one) with 1024MB RAM (or 512MB), 2 CPU (or 1) with 1 NW interface

  2. Install the following programs before installing PiHole
    1. apt-get update
    2. apt-get upgrade
    3. apt-get install curl ntp mailx iptables-persistent

  3. Set a static NW address. In my case I have also an IPv6 network next to my IPv4

  4. If you have a Windows domain server(s) create a new A-record for the IPv4 (and IPv6) address(es)

  5. Set the firewall ports on your Debian server
    1. Note firewallD will not work on Debian 9, I've installed iptables-persistant 
    2. Add the rules mentioned in the URL.
    3. Then save the added rules:
      1. iptables-save > /etc/iptables/rules.v4
      2. ip6tables-save > /etc/iptables/rules.v6

  6. Set the firewall ports (DNS 53) on your firewall (I use PFsense) inbound (upstream) and outbound (downstream).



  7. Then install PiHole on your new Linux server
    1. curl -sSL https://install.pi-hole.net | bash
    2. Follow the automated setup

  8. Configure PiHole via it's webconsole
    1. Set the desired DNS servers to your flavor
    2. Do not forget to set your administrator address

  9. For Windows domains extra config!
    1. Enable "Never forward non-FQDNs"
    2. Enable "Never forward reverse lookups for private IP ranges"
    3. Enable "Use conditional forwarding"
      1. Set it to the IP address of your AD server
      2. Set the local domain name to your domain name

  10. Visit my GitHub page for the scripts (EasyList downloader, DB backup script, DB rotation script, ...) and extra information about the configuration of PiHole

  11. Now go to your domain controller it's DNS server and change your forwarders to your PiHole server(s)
    This wil place your PiHole between your Windows domain and the outside world.

    You may also disable the root hints, currently it's enabled on my set up for testing purposes.

 

The end result will be similar to mine.

Gallery

Tags

Comments