Pi-Hole hyperv vs rasberrypi

[Circaflex]

Anyone here using pihole on their network? Ive just come scross this but i am looking for an adblocking solution at home. I dont have a rasberry pi, but i figured i could load up debian in hyper v and do the same thing, however i understand if that crashes or the machine crashes clients will have zero internet access. Just looking for some suggestions, but i am tempted to grab a pi box as they are pretty cheap if this is a worthwhile solution. 

[TPreston]

13 minutes ago, Circaflex said:

Anyone here using pihole on their network? Ive just come scross this but i am looking for an adblocking solution at home. I dont have a rasberry pi, but i figured i could load up debian in hyper v and do the same thing, however i understand if that crashes or the machine crashes clients will have zero internet access. Just looking for some suggestions, but i am tempted to grab a pi box as they are pretty cheap if this is a worthwhile solution. 

If you can get your mitts on some old Forefront TMG licencing its worth a try for home use. Its incredibly easy to use and very powerful. You can use NLB to get around the single point of failure.

 

Also one thing to watch out regardless of what you use is throughput depending on your internet speed these solutions can really slow things down if not on decent hardware.

 

A workaround is to do downloads on a separate device in a dmz 

 

Edited September 9, 2017 by TPreston

[adrynalyne]

6 minutes ago, Circaflex said:

Anyone here using pihole on their network? Ive just come scross this but i am looking for an adblocking solution at home. I dont have a rasberry pi, but i figured i could load up debian in hyper v and do the same thing, however i understand if that crashes or the machine crashes clients will have zero internet access. Just looking for some suggestions, but i am tempted to grab a pi box as they are pretty cheap if this is a worthwhile solution. 

I do. A VM would be really overkill for it really. I have it running on a pi 2 and it only slows down (and even then its just the admin portal) when you start blocking in the upwards of 4 million domains. By default, pi-hole only stops about 116k.

Just now, TPreston said:

If you can get your mitts on some old Forefront TMG licencing its worth a try for home use. Its incredibly easy to use and very powerful. You can use NLB to get around the single point of failure.

 

Also one thing to watch out regardless of what you use is throughput depending on your internet speed these solutions can really slow things down if not on decent hardware.

 

A workaround is to do downloads on a separate device in a dmz 

For home networks, even a pi2 is sufficient for pi-hole. Its a pretty lightweight task.

[TPreston]

2 minutes ago, adrynalyne said:

For home networks, even a pi2 is sufficient for pi-hole. Its a pretty lightweight task.

Right I was talking about http proxys that are able to filter traffic.

[Circaflex]

Thank you both, @TPrestonand @adrynalyne. I lucked out and found a cheap pi3 at the local Microcenter near my parents house today while I was visiting. I'll fiddle with this some tonight or tomorrow.

[+BudMan MVC]

If are running vm host anyway, then you could for sure run your pihole on vm... I did that for a while since my esxi host runs even my router, etc.  I then moved it to a pi.. But for me its easier to play with stuff just in VM..

13 hours ago, Circaflex said:

however i understand if that crashes or the machine crashes clients will have zero internet access

This is going to be the case be it you run it on a pi or vm.. Do you plan on running multiple of them?  If your dns goes down then yeah internet would be down.. You can not point clients at pihole and 8.8.8.8 at the same time - dns doesn't work that way you have no idea which dns a client will use.. So if your client asks some public dns or your isp for dns then stuff is not blocked and then the whole point of pihole is moot..

 

When you point clients to more than 1 dns, these dns servers need to resolve the same stuff.. If all your resolving is public then sure point to opendns and googledns.. They resolve the same stuff.  But if your wanting to say resolve local names.. So you point your client to local dns (then have local dns forward or resolve for public) that is fine..  But if you point to local and public on the client at the same time - which one does the client use?  1st 2nd does not mean check 1st then only check 2nd if no answer, then go back to checking 1st again for next..  When you give a client more than 1 nameserver you can not be sure which one he is asking 5 minutes later.

 

This is why people running AD have issues if they try and point client to AD dns and also google or open, etc.  google and open don't have freaking clue one about your AD..  

 

So all your clients need to point to pi-hole, and only pi-hole.. Then pi-hole can be forwarded to multiple dns because who cares if you use google or your isp to lookup www.neowin.net they will give the same answers..  So when pihole goes down yeah your internet will be down, until you fix pihole or then manually change over your client to point to something else.  If you want redundancy you would need more than 1 pihole to run..  Because they will both block the stuff you want to block..  And be able to resolve your local stuff, etc.

 

If your looking for CHEAPEST way to run pihole - it will run on a pi zero even.. They are like 5$...

 

I would recommend getting a usb ether adapter for it, and you need to provide power, etc.  I picked up the plugable usb2-otge100 for like $14 on amazon.. So your still way cheaper than a pi3.. And there are cheaper ways to get them on the network for sure.. Seen adapters for like $2...   So you could setup a few of those as your backup dns, etc.  Personally run 4 different pi's on my network to play with old 2 version, 2 3's and zero.. 

[Asharae]

I used to have PiHole running on a VM, but in the end just had it running on my spare Pi laying around. Allowed my VM host (with admittedly sparse resources) to do something else.

[Circaflex]

Thanks for the information @Budman. My plan was to run one Pi, I picked up a cheap Pi3 this weekend. I haven't had time to fiddle with it yet, but I plan to find some time later in the week if not this coming weekend.

[+Warwagon MVC]

 

8 minutes ago, Circaflex said:

Thanks for the information @Budman. My plan was to run one Pi, I picked up a cheap Pi3 this weekend. I haven't had time to fiddle with it yet, but I plan to find some time later in the week if not this coming weekend.

Now Try PiVPN too.

[adrynalyne]

20 minutes ago, warwagon said:

 

Now Try PiVPN too.

I’d pick up a gigabit adapter before that. 

[Circaflex]

5 minutes ago, adrynalyne said:

I’d pick up a gigabit adapter before that. 

As this is a new setup, would it be wise for me to just do that now? I dont plan on using PiVPN as I already have a VPN provider, however would pihole benefit from a gigabit adapter? Or would that be overkill for pihole? I only plan to run pihole on this Pi, if i were to add more projects or other projects, I would purchase another pi. So far, I have found the best option to add gigabit is to use a TRENDnet USB3 Gigabit USB adapter, https://www.amazon.com/gp/product/B00FFJ0RKE/ref=as_li_tl?ie=UTF8&camp=1789&creative=390957&creativeASIN=B00FFJ0RKE&linkCode=as2&tag=mmjjg-20&linkId=7QHY4ZTHOAC6B46S.

[adrynalyne]

22 minutes ago, Circaflex said:

As this is a new setup, would it be wise for me to just do that now? I dont plan on using PiVPN as I already have a VPN provider, however would pihole benefit from a gigabit adapter? Or would that be overkill for pihole? I only plan to run pihole on this Pi, if i were to add more projects or other projects, I would purchase another pi. So far, I have found the best option to add gigabit is to use a TRENDnet USB3 Gigabit USB adapter, https://www.amazon.com/gp/product/B00FFJ0RKE/ref=as_li_tl?ie=UTF8&camp=1789&creative=390957&creativeASIN=B00FFJ0RKE&linkCode=as2&tag=mmjjg-20&linkId=7QHY4ZTHOAC6B46S.

It’s not bad to get one but it won’t make any difference for pihole. 

[+Warwagon MVC]

32 minutes ago, Circaflex said:

As this is a new setup, would it be wise for me to just do that now? I dont plan on using PiVPN as I already have a VPN provider, however would pihole benefit from a gigabit adapter? Or would that be overkill for pihole? I only plan to run pihole on this Pi, if i were to add more projects or other projects, I would purchase another pi. So far, I have found the best option to add gigabit is to use a TRENDnet USB3 Gigabit USB adapter, https://www.amazon.com/gp/product/B00FFJ0RKE/ref=as_li_tl?ie=UTF8&camp=1789&creative=390957&creativeASIN=B00FFJ0RKE&linkCode=as2&tag=mmjjg-20&linkId=7QHY4ZTHOAC6B46S.

PiVPN also lets you connect to your internal network when out and abroad. Which is useful.

[Circaflex]

1 minute ago, warwagon said:

PiVPN also lets you connect to your internal network when out and abroad. Which is useful.

Thanks, but I have something like that setup already

[+BudMan MVC]

How exactly you going to connect gig to pi3?  Where would it actually be able to do gig?  And even if could rock gig - wow that would be a lot of dns queries!!  I mean like your whole city worth of dns

 

Typical dns query is 100Bytes... So to need 1 gig of bandwidth that is a shitton of queries per second

 

> dig www.neowin.net

; <<>> DiG 9.11.2 <<>> www.neowin.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42599
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.neowin.net.                        IN      A

;; ANSWER SECTION:
www.neowin.net.         21276   IN      CNAME   neowin.net.
neowin.net.             3276    IN      A       54.173.39.38
neowin.net.             3276    IN      A       54.86.19.37
neowin.net.             3276    IN      A       54.172.165.25

;; Query time: 2 msec
;; SERVER: 192.168.3.10#53(192.168.3.10)
;; WHEN: Tue Sep 12 04:06:01 Central Daylight Time 2017
;; MSG SIZE  rcvd: 115

 

So 115 bytes is 920 bits, so if you are 1 gigbit per second...  To use that you would need to be doing almost 1.1 million queries a second   So your 100mbps interface your talking 100K queries a second to use up that bandwidth   Looking at my pihole dashboard for my whole network in the last 24 hours have done a whole 5860 queries which works out to not very many queries a second

 

So yeah your 100mbps interface is prob fine heheheeheh

 

[adrynalyne]

4 hours ago, BudMan said:

How exactly you going to connect gig to pi3?  Where would it actually be able to do gig?  And even if could rock gig - wow that would be a lot of dns queries!!  I mean like your whole city worth of dns

 

Typical dns query is 100Bytes... So to need 1 gig of bandwidth that is a shitton of queries per second

 

> dig www.neowin.net

; <<>> DiG 9.11.2 <<>> www.neowin.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42599
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.neowin.net.                        IN      A

;; ANSWER SECTION:
www.neowin.net.         21276   IN      CNAME   neowin.net.
neowin.net.             3276    IN      A       54.173.39.38
neowin.net.             3276    IN      A       54.86.19.37
neowin.net.             3276    IN      A       54.172.165.25

;; Query time: 2 msec
;; SERVER: 192.168.3.10#53(192.168.3.10)
;; WHEN: Tue Sep 12 04:06:01 Central Daylight Time 2017
;; MSG SIZE  rcvd: 115

 

So 115 bytes is 920 bits, so if you are 1 gigbit per second...  To use that you would need to be doing almost 1.1 million queries a second   So your 100mbps interface your talking 100K queries a second to use up that bandwidth   Looking at my pihole dashboard for my whole network in the last 24 hours have done a whole 5860 queries which works out to not very many queries a second

 

So yeah your 100mbps interface is prob fine heheheeheh

 

Nobody said gig was needed for pihole, in fact I made it clear it wouldn’t make any difference. Warwagon was talking about pivpn which is why I brought it up. No you won’t get full gig with a pi3 but you’ll get more than 100 megabit. 

Edited September 12, 2017 by adrynalyne

[+BudMan MVC]

14 hours ago, Circaflex said:

however would pihole benefit from a gigabit adapter? Or would that be overkill for pihole?

I was answering this question.. Guess I should of quoted it to start with

 

Just showing some math on how even 100mbps is overkill for your typical pihole setup