PiHole for DNS Blocking on pfSense

Pi-hole is a Linux network-level advertisement and Internet tracker blocking application, which acts as a DNS sinkhole and optionally a DHCP server, intended for use on a private network.

For about a year, I on and off used pfBlocker on my pfSense device – but I ran into a variety of problems. I won’t go into detail, but I found it to be unreliable and difficult to manage. Thus, I decided that PiHole would be a good option for me – I just needed some simple DNS blocking to stop some of my IOT devices from phoning home as well as to stop some basic tracking services.

Steps for getting PiHole working:

1. Set up your Pi

The first step is to install Raspberry Pi OS onto your Pi, and make sure you can SSH into the device. There are plenty of tutorials for how to do this, so I won’t go into detail.

2. Run the installer

SSH into the pi, and run the automated installer. Use this command (might need to use sudo):

curl -sSL https://install.pi-hole.net | bash

3. Setup

First, configure your upstream DNS server – this can be 1.1.1.1 or 8.8.8.8. Pick your favorite

Then you can subscribe to various lists to filter traffic, but I recommend doing this later.

Next is choosing the protocol – you can leave IPv6 if you use it, but if you’re reading this guide, make sure to leave IPv4.

Configure your IP address: This must be static, so that way your clients and router will more easily be able to send traffic to PiHole. The best thing to do is set this as static in the router configuration.

Configure the admin interface – this is a web portal – it’s best to just leave these as default.

Lastly, configure logging and privacy – it’s best to leave logging on in case you need to figure out what’s going on. And then set the privacy mode to whatever is best for you.

4. Reset the password

OK – a generic password will be given to you – but it’s best to change it. You can do this with SSH by running the following command

pihole -a -p [YOUR PASSWORD]

5. Finish the setup

Rebooting is not necessary, but I normally reboot the Raspberry Pi and then connect to the admin page at http://pi.hole/admin or http://[IP_ADDRESS]/admin

From here, you can white list sites, edit lists, and configure as necessary

6. Set DNS Server on your Router

Set clients DNS to PiHole – best is to set this PiHole as the DNS server on your pfSense (router).

7. My configuration

Once you’re logged into the web interface, go to Settings, DNS. From there, you can pick what servers you want – I typically use OpenDNS, Quad9, and Cloudflare.

Next, on the left, click on AdLists. Then, where it says address, type: https://dbl.oisd.nl/

And then click Add. You should see it added to the bottom with a green button that says Enable.

Also on the left, if you click Domains – this will bring up a place to either Blacklist or Whitelist various domains. On my network, I prevent my TV from reaching their ad servers, so I added a custom set of domains here. On the flip side, if your Blacklist is preventing you from reaching a desired site, you can add that domain to the whitelist here.

Last tip – if you’re unsure of what domains are being blocked, you can click the dashboard and click List Blocked Queries. From here, you can see the full list – and if you need to Whitelist something, just click the button on the right! Super simple.