We’re very pleased to release Pi-hole v4.0 today, which includes fixes, tweaks, and lots of new stuff, including FTLDNS (special thanks to our beta testers!) In a sentence, FTLDNS is
dnsmasq with Pi-hole’s special sauce baked in.
FTLDNS does everything
dnsmasq does because it is
dnsmasq–just our fork of it. So all of your existing config files will still work with it. We intentionally modified the original
dnsmasq source code as little as possible so that we can easily integrate any upstream changes as they are released.
Read on to find out everything included in this release or read the technical details in the changelogs.
How Do I Update To This Version?
pihole -up command will update your Pi-hole installation.
What If I Was A Beta Tester Or I’m On A Different Branch?
pihole checkout master, which should get you there, but you may need to run
What If I Have Problems After Updating?
Thanks to everyone who has continued to support over the past few months during our beta test of 4.0. We’d also like to especially thanks our patrons and those of you who have donated to our fundraiser. Your support helps keep us motivated and keep Pi-hole free.
Official Docker Image
We’re pleased to announce an official Pi-hole Docker image. @diginc is our Docker master and many of you have been using his image for some time now. We’ve always worked closely with him, but now he’s part of the team and in our GitHub organization and we’re all working together.
@diginc’s image will still be around if you want to use it, but we’ll be using
pihole/pihole as the “official” image going forward.
New Documentation Site
We’ve loaded up https://docs.pi-hole.net with all sorts of good technical documentation, guides, and more. We still have our Discourse FAQs, but they are not always easy to find and you might just stumble upon them via Google. The new docs site is a more centralized way to browse and easily find what you are looking for.
If you find old or outdated information in Discourse, please message one of the developers, so we can get it updated (or link to the new docs site). There is a lot of documentation out there and we do our best to keep it up-to-date, so any help keeping it relevant is appreciated.
In addition to the online documentation, we have also added
man pages for
We have introduced regex blocking. More details on that can be found on our documentation site. With this feature, you are able to specify an arbitrary amount of arbitrarily complex blocking filters.
The wildcard button is a compatibility wrapper function, which outputs a regex that acts like the old wildcard blocking.
New Privacy Levels
We introduced several different privacy levels, which can be used to fine tune the level of detail displayed in your Pi-hole statistics.
New Blocking Modes
Default Block Mode Is Different (And The Block Page Is Disabled)
Pi-hole has used IP-based blocking since it’s inception. With 4.0, we introduce several different choices of blocking methods. And after much discussion internally, we decided to change the default blocking mode to
The main reason for this is that it eliminates the need for
iptables rules currently needed for slow-loading pages. Having to make these adjustments post-install is a hassle for new and experienced users alike, plus
NULL blocking provides the same end result without the negative side effects. A result of this change is that the block page will no longer work (unless you choose to use an IP blocking mode).
NULL blocking is just the new default, and there are several different blocking modes you can choose from, so use the one that fits your needs the best.
Important Notes About This Release
Existing Installs Of
dnsmasq Will Be Disabled (What?!)
Since we’re distributing our fork of
dnsmasq and you shouldn’t have two different DNS servers trying to bind to the same port, our installer will disable existing installations of
dnsmasq if we detect it is already installed and it will be replaced with
pihole-FTL (FTLDNS). The good news is, if you have things that require
dnsmasq you won’t notice a difference in functionality because as we mentioned, FTLDNS is
So why did we do this? One reason is that distributing our own fork lets us control what version of
dnsmasq is installed as opposed to trying to account for all the different versions out there.
Bundling the resolver with FTL also allows us closer access to the software, so much so that we don’t even need the log file anymore to get statistics. It also allows us to do things like increase the cache limit and gather stats about how many domains are receiving cached responses. There are many benefits to this decision, and hopefully you’ll see them all when you finish reading what else is included in this release.
- several fixes for unattended installations have been implemented
- hostnames now resolve in Long Term Data
- we fixed some query log sorting issues
- we fixed some issues with the uninstaller
- custom ports can be used for upstream servers (perfect for use with the all around DNS solution)
- CloudFlare DNS has been added to available upstream servers
- If you were previously were using
-wildit is now
- the blocklist sources are no longer whitelisted by default
- several API improvements have been implemented including a versions endpoint and completely removing the PHP-only API
- DNSSEC information displays in the query log
- a field for an administrator email address has been added for use with the block page
- a scroll box is now used when tailing the logs in the Web interface
- the query log page layout will be remembered now
- persistent logins are available via cookie