Results of the Pi-hole User Survey

Staying Free

Pi-hole will remain free in both meanings of the word: free of charge and open source.  We know the survey spooked many of your fears and you may have considered several worst case scenarios.  We heard you loud and clear, you don’t want us to charge money for Pi-hole and we won’t.

In it’s current state, Pi-hole is free of charge and can be used to protect your privacy–a human right to which everyone is entitled.  And we intend to keep it that way.  At the end of this article, you will find some information on how much it costs to run Pi-hole from month-to-month; something you wanted to know based on the survey.  This will be specific, including the salaries needed to allow us to develop full/part time and bring you more updates and features faster while also providing you better support.  It will also include the cost of support and QA/testing, marketing, research, business development, legal, operational, etc. Continue reading “Results of the Pi-hole User Survey”

PSA: Issue With Pi-hole, DoH, and dnsmasq

[UPDATE: 2018-04-18: 05:51]

The latest version of FTLDNS (vDev-3656ba2) now fixes this issue.  We have modified it to spawn child processes for handling individual TCP queries.  By this, Netflix (or any other application) shouldn’t be able to claim the resolver for itself, thus solving the issue.

If you have been beta testing FTLDNS, and want to get this update you’ll need to run a few commands:

cd /etc/.pihole
git fetch && git pull
pihole -r

Subsequent updates can simply be acquired with pihole -up, which didn’t work until you have the latest code acquired from the previous commands.

[UPDATE: 2018-04-10: 14:39]

We have determined the crash happens when dnsmasq stalls out after receiving an invalid TCP request from Netflix.

In the short term, you can run these iptables commands if you want to prevent the issue from happening:

sudo iptables -A INPUT -i eth0 -p tcp --destination-port 53 -j REJECT 
sudo iptables -A INPUT -i eth0 -p udp --destination-port 53 -j ACCEPT

Continue reading “PSA: Issue With Pi-hole, DoH, and dnsmasq”

Pi-hole User Survey

The survey is now complete.  Thanks to those who contributed.

Pi-hole has grown far beyond what any of us could have imagined.  As Pi-hole continues to evolve, we are looking at what Pi-hole is and if it’s meeting the demands of the market.  An experienced product manager has been helping us and has put together two surveys.  If you’re willing, please consider filling one of them out.

  • If you are already using Pi-hole, please fill out this short survey.
  • If you have not installed Pi-hole before, please fill out this short survey

Here is SurveyMonkey’s privacy policy if you are concerned about it.

 

Help Us Beta Test FTLDNS™

In case you missed it, FTLDNS is Pi-hole’s Faster Than Light (FTL) daemon combined with a DNS/DHCP server (our fork of dnsmasq).  So instead of installing dnsmasq as a dependency, we will be distributing all services in a single binary.  This will allow us to hook into dnsmasq‘s functionality at a code- level, as well as ensuring that you are using the latest stable version of the resolver and receive, e.g., important bug fixes early on.

Today, we’re looking for some users to help us beta test the software.  If you are comfortable with troubleshooting issues, and if you’re interested, run these commands (after reading the details of this beta): Continue reading “Help Us Beta Test FTLDNS™”

FTLDNS™: Pi-hole’s Own DNS/DHCP server

What Is FTLDNS™?

In a sentence, FTLDNS™ is dnsmasq blended with Pi-hole’s special sauce.  We bring the two pieces of software closer together while maintaining maximum compatibility with any updates Simon adds to dnsmasq.

The Problems

We have used dnsmasq as our DNS/DHCP server since Pi-hole began.  However, as the project has grown and evolved, we reached a point where we started looking into providing our own powerful resolver for a few reasons:

  • With FTL, we generate a variety of statistics by interpreting dnsmasq‘s log file. While this works, doing it through a middleman (a log file) is obviously quite inefficient
  • If a user chooses to disable logging, we’re unable to compute any statistics at all
  • There are some details of the DNS server we do not have access to (like cache usage) through the log file alone
  • Each OS distribution provides a different version of dnsmasq and this can prevent users for getting a flawless Pi-hole experience

The Solution

All these problems lead us to the idea of actually integrating a DNS resolver directly into FTL. The obvious choice for this is, of course, to base it on dnsmasq. We have a proof-of-concept implementation of FTL already developed and running.  So we’re officially announcing FTLDNS™ and you can find it right here.  

One of the many ways to support us is purchasing from our Swag Store.  Get your hands on this sweet mug to help spread the word.

The Non-technical Details

FTLDNS has many benefits for you as user:

  • No more dnsmasq version compatibility issues since we develop and provide the DNS resolver and FTL together
  • Upstream updates to dnsmasq can easily be integrated into our code since we don’t modify its code heavily
  • Processing will be much faster since we interact directly with the resolver instead of periodically parsing a log file
  • We can provide stats on cache usage and probably much more, which has been previously unavailable
  • Due to the direct integration into the resolver (using “FTL hooks”), we can compute statistics without any need for a log file. Instead of a “must have”, the log file will become an “opt-in” feature!

Continue reading “FTLDNS™: Pi-hole’s Own DNS/DHCP server”

Pi-hole v3.3 Released: It’s “Extra” Special

Update 2018-02-20 18:05

Hi All, After a few days of pulling out our hair and troubleshooting this whitelisting issue that some of you have reported, we’re finally getting to the bottom of it.

The good news is, whitelisting is not completely broken. You can still whitelist domains from the cli with no issues by calling pihole -w [domain-to-whitelist]. The issue only affects whitelisting from the admin page (whitelist page, query log, and block page).

Take a look over this pull request where /u/promofaux has attempted to explain what is going on. Though, we’re a bit confused ourselves, and any insight from the community would be greatly appreciated!

There are a couple of options, we can either revert the change that broke it, or use the fix in the above pull request. Whichever way we go, rest assured that we are working hard internally to make sure that we have the bug well and truly squashed, and will try to get a fix out as soon as we can (and really, take that soon™ in the Blizzard sense of the word).

In the mean time, do not attempt to whitelist from the web admin, it wont work… apologies for any inconvenience this causes.

In other news, we have updated the to include instructions on how you may possibly be able to update your version of dnsmasq to be able to update to Pi-hole 3.3

Update 2018-02-18 06:12

If you’re running Raspbian Jessie and you updated Pi-hole to v3.3, you likely ran into issues.  This is because the version of dnsmasq that ships with it does not support the log-queries=extra option, which we use in v3.3.

You have two options to resolve this: revert Pi-hole to a previous version or upgrade dnsmasq manually.

Option one: downgrade Pi-hole to the previous version

Instructions for this can be found here.

Option two:  install the version of dnsmasq that supports the extra flag (v2.76)

Please note, you should only try this on Rasbpian Jessie and do so at your own risk (but in our opinion the risk is low)

First step: Download more recent version of dnsmasq compiled for Raspbian Jessie from the official sources

wget https://archive.raspberrypi.org/debian/pool/main/d/dnsmasq/dnsmasq-base_2.76-5+rpi1_armhf.deb
wget https://archive.raspberrypi.org/debian/pool/main/d/dnsmasq/dnsmasq_2.76-5+rpi1_all.deb

Second step: Ensure requirements are fulfilled

sudo apt-get install libnetfilter-conntrack3 libmnl0

Third step: Install downloaded packages

sudo dpkg -i dnsmasq-base_2.76-5+rpi1_armhf.deb
sudo dpkg -i dnsmasq_2.76-5+rpi1_all.deb

Fourth step: Verify it worked:

dnsmasq -v

should return:

Dnsmasq version 2.76  Copyright (c) 2000-2016 Simon Kelley
Compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC loop-detect inotify

You should now be able to use Pi-hole v3.3 on Raspbian Jessie.

Update 2018-02-14 18:43 (version issues and not working after update)

If you’re running Rasbian Jessie, your version of dnsmasq will not work with this release, so you’ll need to revert to the previous versions:

cd /etc/.pihole
sudo git fetch --tags
sudo git checkout v3.2.1
cd /var/www/html/admin
sudo git fetch --tags
sudo git checkout v3.2.1
pihole -r
pihole checkout ftl v2.13.2

The Release


This release takes full advantage of dnsmasq‘s extra logging feature, which means you’ll get 100% accurate log analysis.  This release also includes full DNSSEC support, Teleporter enhancements, several important security fixes, as well as some other tweaks. This blog post will focus on the main features of this release, but if you want a detailed breakdown, the full changelogs can always be found at changes.pi-hole.net. Continue reading “Pi-hole v3.3 Released: It’s “Extra” Special”

Why Some Pages Load Slow When Using Pi-hole And How To Fix It

Pi-hole can make your network run faster, however, there are certain situations where Webpages will take a very long time to load (10-60 seconds or more).  There are several reasons behind this–most of which can be remedied.  This post explain the technical reasons why you may experience slow load times and provides solutions for them. Continue reading “Why Some Pages Load Slow When Using Pi-hole And How To Fix It”

Pi-hole Web Interface: The Next Generation

We have been working on a new Web interface for Pi-hole (referenced internally as Next Gen Admin or NGAdmin).  The existing interface built off of AdminLTE has served us well, but we have grown beyond the capabilities of an existing template.  We’re also looking to implement an HTTP API.

This new interface is open source and we welcome your contributions as we have just made the repo public.  Read on to learn more or check out a demo of the new interface here. Continue reading “Pi-hole Web Interface: The Next Generation”

Pi-hole Is Open Source: Consume, Contribute, Or Both?

Pi-hole is a great project for all experience levels–both as a piece of software to consume and as an open source project you can contribute to.  Whether you just started getting interested in software and want to learn how to program or contribute to an open source project; or you have been a life-long tinkerer and love to get your hands dirty with technical goodness, Pi-hole has something to offer. Continue reading “Pi-hole Is Open Source: Consume, Contribute, Or Both?”