NXDOMAIN And Null Blocking With FTLDNS

Pi-hole has traditionally returned a blank HTML page in place of advertisements.  An alternative method is to return NXDOMAINno such domain.  This is a behaviour you asked us to implement and we have listened.

To use it, you’ll need to be running the FTLDNS beta (pihole -up if you’re already on it):

echo "FTLDNS" | sudo tee /etc/pihole/ftlbranch
pihole checkout core FTLDNS 
pihole checkout web FTLDNS

You can also checkout the development branches, but if you want the most up-to-date code, use the FTLDNS branches.

Once you’ve checked out on the new branches,  you need to add this to /etc/pihole/pihole-FTL.conf(note you may need to create this file if it does not exist)

BLOCKINGMODE=NXDOMAIN

or

BLOCKINGMODE=NULL

depending on which method you prefer and then restart FTLDNS (pihole-FTL) to apply the change

sudo service pihole-FTL restart

Continue reading “NXDOMAIN And Null Blocking With FTLDNS”

Patreon Coming Soon: Your Feedback Requested

We’re launching a Patreon page soon, which allows you to get rewards for supporting us.  Take a look at this explainer video if you are unfamiliar with it.

We want your feedback on the reward levels.  Please let us know what you like, what you don’t, or what you like to see.

$1/month Patron Flair

We’ll flair your user on Discourse or Reddit as a Patron of Pi-hole and you have our thanks.

$3/month Insider Information

Get access to our Patron only posts.  We’ll discuss things here before releasing them to the general public.

$10/month Sticker-of-the-month Club

Get a new sheet of 24 stickers every month.

$15/month Mug-of-the-month Club

Each month, we’ll ship out a mug with a new Pi-hole inspired design on it.

Also Available…

We have around 300 custom-made, 2 inch Pi-hole coins, sequenced and everything.  They are dual-sided, colored and look very nice.  If these sell out, we could possibly do a coin-of-the-month club as well.  But for now, there is only one style coin available.

The proceeds from selling these coins will go towards our fundraising goal.

One-time funding goal for developing full time, faster updates, faster bug fixes, quicker support response times, more features, more platforms natively supported…

$9,088 of $100,000 raised
$
Select Payment Method
Personal Info

Donation Total: $25.00 One Time

{amount} donation plus {fee_amount} to help cover fees.

If you'd like to support the development of Pi-hole, use the form above to send us a donation (monthly or a one-time).

You can also help us out by purchasing items or services through our affiliate links below.

We are all volunteers on the project and work on it in our free time.  Your donations will help support our infrastructure and keep us motivated to improve the product.

No registration is needed.

 

 

Blocking via regex now available in FTLDNS™

We have implemented GNU Extended Regular Expressions for blocking domains into FTLDNS (as used by popular tools such as egrep (or grep -E ...), awk, and emacs).

To try it, you need to be participating in the FTLDNS beta test (see here for more details).  This is a new feature and we invite you to test it out but you should expect some rough edges.   We would also appreciate if you could help us find any bugs or issues you run into.

Reach out to us on Discourse or Reddit with any issues you run into.

Once you’re on the beta testing branch you can configure the regex of your choice in /etc/pihole/pihole-FTL.conf.  In contrast to our already existing wildcard blocking implementation, you can now configure arbitrarily complex blocking filters with Pi-hole FTLDNS.  The following regex:

BLOCKINGREGEX=^ab.+\.com$

will block all domains that start with “ab” (^ab), have at least one further character (.+) and end in “.com” (\.com$).

Examples for what would be blocked by this rule:

  • abc.com
  • abtest.com
  • ab.test.com
  • abr-------.whatever.com

Examples for what would not be blocked by this rule:

  • testab.com (the domain doesn’t start with “ab”)
  • tab.test.com (the domain doesn’t start with “ab”)
  • ab.com (there is no character in between “ab” and “.com”)
  • test.com.something (the domain doesn’t end in “.com”)

Hopefully this illustrates how powerful the new blocking method of FTLDNS is but also why testing its mandatory to ensure it is working correctly in all possible situations.  The potential of this new blocking is huge and may even help with things like this.

Results of the Pi-hole User Survey

Staying Free

Pi-hole will remain free in both meanings of the word: free of charge and open source.  We know the survey spooked many of your fears and you may have considered several worst case scenarios.  We heard you loud and clear, you don’t want us to charge money for Pi-hole and we won’t.

In it’s current state, Pi-hole is free of charge and can be used to protect your privacy–a human right to which everyone is entitled.  And we intend to keep it that way.  At the end of this article, you will find some information on how much it costs to run Pi-hole from month-to-month; something you wanted to know based on the survey.  This will be specific, including the salaries needed to allow us to develop full/part time and bring you more updates and features faster while also providing you better support.  It will also include the cost of support and QA/testing, marketing, research, business development, legal, operational, etc. Continue reading “Results of the Pi-hole User Survey”

PSA: Issue With Pi-hole, DoH, and dnsmasq

[UPDATE: 2018-04-18: 05:51]

The latest version of FTLDNS (vDev-3656ba2) now fixes this issue.  We have modified it to spawn child processes for handling individual TCP queries.  By this, Netflix (or any other application) shouldn’t be able to claim the resolver for itself, thus solving the issue.

If you have been beta testing FTLDNS, and want to get this update you’ll need to run a few commands:

cd /etc/.pihole
git fetch && git pull
pihole -r

Subsequent updates can simply be acquired with pihole -up, which didn’t work until you have the latest code acquired from the previous commands.

[UPDATE: 2018-04-10: 14:39]

We have determined the crash happens when dnsmasq stalls out after receiving an invalid TCP request from Netflix.

In the short term, you can run these iptables commands if you want to prevent the issue from happening:

sudo iptables -A INPUT -i eth0 -p tcp --destination-port 53 -j REJECT 
sudo iptables -A INPUT -i eth0 -p udp --destination-port 53 -j ACCEPT

Continue reading “PSA: Issue With Pi-hole, DoH, and dnsmasq”

Pi-hole User Survey

The survey is now complete.  Thanks to those who contributed.

Pi-hole has grown far beyond what any of us could have imagined.  As Pi-hole continues to evolve, we are looking at what Pi-hole is and if it’s meeting the demands of the market.  An experienced product manager has been helping us and has put together two surveys.  If you’re willing, please consider filling one of them out.

  • If you are already using Pi-hole, please fill out this short survey.
  • If you have not installed Pi-hole before, please fill out this short survey

Here is SurveyMonkey’s privacy policy if you are concerned about it.

 

Help Us Beta Test FTLDNS™

In case you missed it, FTLDNS is Pi-hole’s Faster Than Light (FTL) daemon combined with a DNS/DHCP server (our fork of dnsmasq).  So instead of installing dnsmasq as a dependency, we will be distributing all services in a single binary.  This will allow us to hook into dnsmasq‘s functionality at a code- level, as well as ensuring that you are using the latest stable version of the resolver and receive, e.g., important bug fixes early on.

Today, we’re looking for some users to help us beta test the software.  If you are comfortable with troubleshooting issues, and if you’re interested, run these commands (after reading the details of this beta): Continue reading “Help Us Beta Test FTLDNS™”

FTLDNS™: Pi-hole’s Own DNS/DHCP server

What Is FTLDNS™?

In a sentence, FTLDNS™ is dnsmasq blended with Pi-hole’s special sauce.  We bring the two pieces of software closer together while maintaining maximum compatibility with any updates Simon adds to dnsmasq.

The Problems

We have used dnsmasq as our DNS/DHCP server since Pi-hole began.  However, as the project has grown and evolved, we reached a point where we started looking into providing our own powerful resolver for a few reasons:

  • With FTL, we generate a variety of statistics by interpreting dnsmasq‘s log file. While this works, doing it through a middleman (a log file) is obviously quite inefficient
  • If a user chooses to disable logging, we’re unable to compute any statistics at all
  • There are some details of the DNS server we do not have access to (like cache usage) through the log file alone
  • Each OS distribution provides a different version of dnsmasq and this can prevent users for getting a flawless Pi-hole experience

The Solution

All these problems lead us to the idea of actually integrating a DNS resolver directly into FTL. The obvious choice for this is, of course, to base it on dnsmasq. We have a proof-of-concept implementation of FTL already developed and running.  So we’re officially announcing FTLDNS™ and you can find it right here.  

One of the many ways to support us is purchasing from our Swag Store.  Get your hands on this sweet mug to help spread the word.

The Non-technical Details

FTLDNS has many benefits for you as user:

  • No more dnsmasq version compatibility issues since we develop and provide the DNS resolver and FTL together
  • Upstream updates to dnsmasq can easily be integrated into our code since we don’t modify its code heavily
  • Processing will be much faster since we interact directly with the resolver instead of periodically parsing a log file
  • We can provide stats on cache usage and probably much more, which has been previously unavailable
  • Due to the direct integration into the resolver (using “FTL hooks”), we can compute statistics without any need for a log file. Instead of a “must have”, the log file will become an “opt-in” feature!

Continue reading “FTLDNS™: Pi-hole’s Own DNS/DHCP server”