Block Ads Everywhere with Pi-hole

March 14, 2026 • Networking • 12 min read

You know what's exhausting about the modern internet? The ads. They're everywhere. Pop-ups, banner ads, video ads, sponsored posts, "recommended" content that's really just paid placements. Every website you visit is trying to sell you something, and they're willing to ruin your experience to do it.

You've probably tried ad blockers. uBlock Origin in your browser works great for desktop. But what about your phone? Your smart TV? Your tablet? Your IoT devices that are constantly phoning home to advertise? Browser extensions only go so far.

Enter Pi-hole. It's a DNS-level ad blocker. Instead of blocking ads in your browser, it blocks them at the network level. Every device on your network uses it. Every device gets ad-free. No browser extensions required. No configuration on each device. It's beautiful.

Here's how it works: when your phone tries to load an ad from ads.google.com, Pi-hole says "nope, that doesn't exist." DNS is the phone book of the internet—it translates domain names to IP addresses. Pi-hole just refuses to look up the addresses of known ad servers.

What We'll Cover

What is Pi-hole?

Pi-hole is open-source software that runs on a Linux machine—traditionally a Raspberry Pi, hence the name. It's a DNS server that blocks requests to known advertising and tracking domains.

Think about how DNS works: when you type youtube.com into your browser, your computer asks a DNS server "what's the IP address for youtube.com?" The DNS server answers, and your browser loads the site.

Pi-hole sits in the middle of this process. When your computer asks about doubleclick.net (Google's ad network), Pi-hole says "I don't know that one" (technically it returns 0.0.0.0). Your browser tries to connect to 0.0.0.0, fails, and the ad never loads. Simple as that.

Why Use It?

The best part is seeing the statistics. Pi-hole shows you how much garbage it's blocking. On my home network, we block somewhere between 30-50% of all DNS queries. That's half the requests that would have gone to ad and tracking servers. It's obscene how much stuff the average device tries to connect to.

What Hardware Do You Need?

Pi-hole was designed for the Raspberry Pi, but it runs on anything Linux. Here are your options:

Raspberry Pi (Recommended)

A Raspberry Pi 3, 4, or even a Zero will work. The Pi 4 is the best choice if you can get one—it has gigabit ethernet and enough RAM to handle a busy network. The Pi 3B+ is fine for smaller networks. The Zero works but can be slow.

Old Computer

Have an old laptop or desktop gathering dust? Install Debian or Ubuntu on it and run Pi-hole. It'll use more electricity than a Pi, but it's plenty powerful.

VPS

You can run Pi-hole on a VPS too. This lets you use it as a VPN—connect to your VPS with WireGuard, and your traffic gets ad-blocked even when you're on someone else's network. More on that in the WireGuard guide.

Docker

If you already run Docker, Pi-hole has an official image. This is easiest if you're comfortable with Docker Compose. I'll show both the Docker way and the regular install way.

Hardware recommendation: For most people, a Raspberry Pi 4 with a 32GB micro SD card is perfect. It's small, quiet, uses barely any electricity, and costs about $50 total. That one-time cost beats paying for ad blocker subscriptions forever.

Installing Pi-hole

I'll show you two ways: Docker (easier if you already run Docker) and the direct install (easier if you want a dedicated device).

Option A: Docker Install (Recommended if you have Docker)

mkdir -p ~/docker/pihole && cd ~/docker/pihole
cat > docker-compose.yml << 'EOF'
version: '3'

services:
  pihole:
    image: pihole/pihole:latest
    container_name: pihole
    restart: unless-stopped
    ports:
      - "53:53/tcp"
      - "53:53/udp"
      - "8080:80/tcp"
    environment:
      - TZ=America/Los_Angeles
      - WEBPASSWORD=your-password-here
    volumes:
      - ./data:/etc/pihole
      - ./dnsmasq.d:/etc/dnsmasq.d
    cap_add:
      - NET_ADMIN
EOF
Important: Change your-password-here to something secure. This is the admin password for Pi-hole's web interface. 
docker-compose up -d

That's it. Pi-hole is running. Skip to the setup section.

Option B: Direct Install (For Raspberry Pi or dedicated machine)

curl -sSL https://install.pi-hole.net | bash

That's the official install script. It walks you through the setup. You'll answer questions about:

After install, the script will show you the admin URL and password. Write those down.

Initial Setup

Point your browser to the Pi-hole admin interface. If you're running Docker on your server, that's probably http://localhost:8080. If it's a standalone machine, it's http://its-ip-address/admin.

Log in with the password you set. You'll see the dashboard. It's got charts and graphs and numbers. They're pretty satisfying. At the top, you'll see:

Below that, you see pie charts of where queries go, what types of queries, and queries over time. It's like a window into how much garbage your devices are trying to connect to.

First thing to do: Go to Settings > DNS and make sure your upstream DNS servers are set. I use: These are fast and trustworthy.

Setting Up Your Network

Here's the tricky part: you need to tell your network devices to use Pi-hole for DNS instead of whatever they're using by default.

There are a few ways to do this:

Method 1: Router DHCP (Recommended)

This is the easiest method. You configure your router to give out Pi-hole's IP as the DNS server to every device on your network.

Log into your router's admin interface. Look for:

Find the DNS server field. Instead of letting the router give out the ISP's DNS, enter your Pi-hole's IP address.

Save and restart your router. Now every device that connects to your network will automatically use Pi-hole for DNS.

Note: Some routers don't let you change the DNS server. In that case, try Method 2 or 3.

Method 2: Configure Devices Manually

On each device, go to network settings and manually set DNS to your Pi-hole's IP address. This is tedious but works.

Method 3: Docker with Host Networking

If you ran Pi-hole in Docker, you need to be careful about DNS. Use host networking mode:

version: '3'

services:
  pihole:
    image: pihole/pihole:latest
    container_name: pihole
    restart: unless-stopped
    network_mode: "host"
    environment:
      - TZ=America/Los_Angeles
      - WEBPASSWORD=your-password-here
    volumes:
      - ./data:/etc/pihole
      - ./dnsmasq.d:/etc/dnsmasq.d
    cap_add:
      - NET_ADMIN

This makes Pi-hole use the host's network directly, which plays better with most home networks.

Verify It's Working

Go to the Pi-hole query log (Query Log in the sidebar). You should see queries coming in from your devices. If you see nothing, DNS isn't working yet—check your router settings.

Blocklists and Filtering

Pi-hole comes with a default blocklist, but you'll want to add more. More blocklists = more blocked stuff.

Go to Group Management > Blocklists. Add these URLs (these are the most popular, widely-used lists):

# AdGuard Default
https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt

# AdGuard EasyList
https://raw.githubusercontent.com/AdAwayAdaWayHostsFile/master/hosts.txt

# Fanboy's Ultimate
https://raw.githubusercontent.com/PolishFiltersTeam/KADhosts/master/KADhosts.txt

# StevenBlack Hosts
https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts

# NoCoin (cryptomining)
https://raw.githubusercontent.com/nickypangers/coinblockerlist/master/hosts

Click "Save" and then "Update." Pi-hole will download and merge these lists.

Don't go crazy: More blocklists don't always mean better. Too many can cause issues. The 3-5 lists above are plenty for most people.

You can also add your own custom blocklist. Want to block facebook.com at the DNS level? Just add it to a custom list. Or create a regex filter for entire categories of domains.

Whitelisting

Sometimes a site you use breaks because Pi-hole is blocking something it shouldn't. You'll need to whitelist it.

Go to Whitelist and add domains that are getting falsely blocked. Common ones:

Finding what's blocked: go to the Query Log and search for the domain. If it shows "blocked," click it and you can whitelist it right there.

Be careful: If you whitelist something and ads still show up, it's probably not a DNS-level ad. Browser extensions might still be needed for those cases.

Remote Access

Want to use your Pi-hole when you're away from home? There are a few options:

VPN (Recommended)

Set up WireGuard on your home network. Connect to it from outside. All your traffic goes through your home network, including through Pi-hole. It's like you're sitting at home. This is what I do.

See the WireGuard guide for how to set that up.

Pi-hole Cloudflared

There's a project called cloudflared that lets you access your Pi-hole over the internet securely. It's more complex to set up, but it's an option if you don't want to run a full VPN.

The Magic of Ad-Free Internet

The first few days with Pi-hole, you'll keep noticing things. Your smart TV doesn't show ads anymore. Your phone doesn't get those creepy ads that seem to know what you were just talking about. Websites load faster. Your data stays yours.

It's one of those things you don't realize you needed until you have it. And once you have it, you can't go back. Visiting a friend's house and seeing ads everywhere feels weird now. It's like going back to regular TV after years of Netflix.

Pi-hole won't fix everything. Browser fingerprinting still exists. Some trackers use clever methods. But blocking 30-50% of the garbage out there? That's a huge win. That's less data flying out of your home. That's less tracking. That's one more piece of your digital life that's actually yours.

Welcome to the clean internet.

The revolution will not be proprietary.

// Comments

Leave a Comment