Pi-hole v4.0 Released With FTLDNS, Improved Blocking Modes, Regex, Docker, and More

We’re very pleased to release Pi-hole v4.0 today, which includes fixes, tweaks, and lots of new stuff, including FTLDNS (special thanks to our beta testers!)  In a sentence, FTLDNS is dnsmasq with Pi-hole’s special sauce baked in.

FTLDNS does everything dnsmasq does because it is dnsmasq–just our fork of it.  So all of your existing config files will still work with it.  We intentionally modified the original dnsmasq source code as little as possible so that we can easily integrate any upstream changes as they are released.

Read on to find out everything included in this release or read the technical details in the changelogs.

How Do I Update To This Version?

Running the pihole -up command will update your Pi-hole installation.

What If I Was A Beta Tester Or I’m On A Different Branch?

You should pihole checkout master, which should get you there, but you may need to run pihole -up.

What If I Have Problems After Updating?

Please contact us via our Discourse forums first (we’re still available on other social platforms but Discourse is our official support forum).  Issues can be tagged with v4-0.

Special Thanks

Thanks to everyone who has continued to support over the past few months during our beta test of 4.0.  We’d also like to especially thanks our patrons and those of you who have donated to our fundraiser.  Your support helps keep us motivated and keep Pi-hole free.

Official Docker Image

We’re pleased to announce an official Pi-hole Docker image.  @diginc is our Docker master and many of you have been using his image for some time now.  We’ve always worked closely with him, but now he’s part of the team and in our GitHub organization and we’re all working together.

@diginc’s image will still be around if you want to use it, but we’ll be using pihole/pihole as the “official” image going forward.

New Documentation Site

We’ve loaded up https://docs.pi-hole.net with all sorts of good technical documentation, guides, and more.  We still have our Discourse FAQs, but they are not always easy to find and you might just stumble upon them via Google.  The new docs site is a more centralized way to browse and easily find what you are looking for.

If you find old or outdated information in Discourse, please message one of the developers, so we can get it updated (or link to the new docs site).  There is a lot of documentation out there and we do our best to keep it up-to-date, so any help keeping it relevant is appreciated.

In addition to the online documentation, we have also added man pages for pihole, pihole-FTL, and pihole-FTL.conf.

Regex Blocking

We have introduced regex blocking.  More details on that can be found on our documentation site.  With this feature, you are able to specify an arbitrary amount of arbitrarily complex blocking filters.

The wildcard button is a compatibility wrapper function, which outputs a regex that acts like the old wildcard blocking.

New Privacy Levels

We introduced several different privacy levels, which can be used to fine tune the level of detail displayed in your Pi-hole statistics.

New Blocking Modes

Default Block Mode Is Different (And The Block Page Is Disabled)

Pi-hole has used IP-based blocking since it’s inception.  With 4.0, we introduce several different choices of blocking methods.  And after much discussion internally, we decided to change the default blocking mode to NULL blocking.

The main reason for this is that it eliminates the need for iptables rules currently needed for slow-loading pages.  Having to make these adjustments post-install is a hassle for new and experienced users alike, plus  NULL blocking provides the same end result without the negative side effects.  A result of this change is that the block page will no longer work (unless you choose to use an IP blocking mode).

NULL blocking is just the new default, and there are several different blocking modes you can choose from, so use the one that fits your needs the best.

Important Notes About This Release

Existing Installs Of dnsmasq Will Be Disabled (What?!)

Since we’re distributing our fork of dnsmasq and you shouldn’t have two different DNS servers trying to bind to the same port, our installer will disable existing installations of dnsmasq if we detect it is already installed and it will be replaced with pihole-FTL (FTLDNS).  The good news is, if you have things that require dnsmasq you won’t notice a difference in functionality because as we mentioned, FTLDNS is dnsmasq.

So why did we do this?  One reason is that distributing our own fork lets us control what version of dnsmasq is installed as opposed to trying to account for all the different versions out there.

Bundling the resolver with FTL also allows us closer access to the software, so much so that we don’t even need the log file anymore to get statistics.  It also allows us to do things like increase the cache limit and gather stats about how many domains are receiving cached responses.  There are many benefits to this decision, and hopefully you’ll see them all when you finish reading what else is included in this release.

What’s Fixed?

We have fixed several bugs in this release, including the infamous bug of the clients over time graph getting cut off.

  • several fixes for unattended installations have been implemented
  • hostnames now resolve in Long Term Data
  • we fixed some query log sorting issues
  • we fixed some issues with the uninstaller

What’s Else?

  • custom ports can be used for upstream servers (perfect for use with the all around DNS solution)
  • CloudFlare DNS has been added to available upstream servers
  • If you were previously were using -wild it is now --wild
  • the blocklist sources are no longer whitelisted by default
  • several API improvements have been implemented including a versions endpoint and completely removing the PHP-only API
  • DNSSEC information displays in the query log
  • a field for an administrator email address has been added for use with the block page
  • a scroll box is now used when tailing the logs in the Web interface
  • the query log page layout will be remembered now
  • persistent logins are available via cookie

Notable Replies

  1. I updated, it went smoothly and is running like a charm. I love all the changes and bug fixes, really great release. Great job to the entire team!

  2. MaDa says:

    good job - thank you all

  3. Upgrade from beta to 4.0 on Rpi 2 with no problems.
    (followed instructions).
    Thank You, Nice job! :slight_smile:

  4. jfb says:

    There are a few block lists out there that pretty much throw in everything but the kitchen sink for domains to block, and aren’t really tailored to work with a DNS-based solution like Pi-Hole.

    In my experience, one of the worst offenders is https://adblock.mahakala.is. This blocks a lot of block list sites, as well as many reputable commercial sites like walmart.com (not just the ad-serving subdomains), etc. I deleted it shortly after I started using it.

  5. I understand - and agree with - the reasoning behind. But I am concerned with being “locked out” from updates on one blocklist by an other blocklist.

    I changed my gravity.sh and inserted:

    if [ dig $domain +short | grep 0.0.0.0 -c -ge 1 ]; then
    ip=dig @1.1.1.1 +short $domain
    if [ echo $url | awk -F '://' '{print $1}' = “https” ]; then
    port=443;
    else port=80
    fi
    echo -e “${OVER} ${CROSS} ${str} ${domain} is currently blocked by pi-hole. Circumventing pi-hole and trying again”;
    echo -ne " ${INFO} ${str} Pending…"
    cmd_ext="–resolve $domain:$port:$ip $cmd_ext"
    fi

    Just before:

    httpCode=$(curl -s -L ${cmd_ext} ${heisenbergCompensator} -w “%{http_code}” -A “${agent}” “${url}” -o “${patternBuffer}” 2> /dev/null)

    My blocklists now update even if the URL is blocked by pi-hole:

    $ pihole -g
    [i] Neutrino emissions detected…
    [✓] Pulling blocklist source list into range

    [i] Target: hosts-file.net (grm.txt)
    [✗] Status: hosts-file.net is currently blocked by pi-hole. Circumventing pi-hole and trying again
    [✓] Status: Retrieval successful

    [i] Target: reddestdream.github.io (minimalhosts)
    [✓] Status: No changes detected

    [i] Target: raw.githubusercontent.com (hosts)
    [✓] Status: Retrieval successful

Continue the discussion discourse.pi-hole.net

17 more replies

Participants