Before installing Pi-Hole, you'll need to set a static IP address for the Ethernet Interface. To do so, you'll need to [[Configure Ethernet|edit the network config file]]. Initially, I faced quite a bit of difficulty setting Pi-Hole up either due to network interfaces not behaving or due to missing repositories. However, I ended up getting Pi-Hole working by first following the [[Pi-Hole Setup Guide]], then proceeding with the instructions found in [[Pi-Hole#Configuring PiHole|"Configuring Pi-Hole"]]
If all else fails, my problem was solved by unplugging the pi from its power while in the middle of a direct bash install, then plugging it back in and doing the same install again. I do not know why this worked.
Once you install Pi-Hole, The Installer will guide you in setting up the Pi-Hole, and even gives you the login details to the web dashboard at the end.
- Log into the web dashboard, and set a new Admin password (for obvious reasons).
- Find a domain blacklist for the Pi-Hole. A blacklist comes preinstalled, but it isn't very suitable for our purposes. It may be tempting to use Regular Expressions to blacklist everything, only temporarily allowing domains through when you search for them. However, most modern websites use things called Content Delivery Networks (CDNs), and while blocking those would keep them from tracking you ,doing so would tend to break the entire page. to get around this, use a Firefox extension like decentraleyes.
- Depending on your Internet Service Provider, you may not have access to certain modem settings needed to get Pi-Hole working. If this is the case, you need to set up the Pi-Hole as a DHCP server as well. Documentation for this process can be found here: https://discourse.pi-hole.net/t/how-do-i-use-pi-holes-built-in-dhcp-server-and-why-would-i-want-to/3026
- To allow your router to assign IP addresses to the devices on its network, you'll need to put your MODEM in bridge mode, effectively forcing it to delegate DNS lookup, IP assigning, and routing to your router.
- You may have done so in the setup process, but I've found that the anonymity settings don't persist after installation is completed. Check those settings, and set the DNS resolver Privacy settings to "Anonymous." This prevents the Pi from saving any logs that can be used against you, provided that any adversary targeting your system is unable to monitor your queries in real time (which is a compelling reason to [[DNS#AnonDNS|encrypt your DNS queries]] using DNS over TLS). Only change this setting if you need to debug something, and change it back as soon as you're done.
You'll want to be able to hard-block any tracking domains that could collect any data from your browsing. To do so, follow [[Unbound Recursive DNS|this guide]].
Additional security measures can be found in the [[Pi-Hole Setup Guide]]. I highly recommend implementing them.
Important
For Users in Iran, it would be a good practice to route your DNS traffic over tor, since your ISP is likely handing data on these requests over to the government. Following [[DNS over Tor|this guide]] to implement tor on your Pi-Hole, and be sure [[Tor#Implementing tor in OpenWrt Manual config|to do the same in OpenWrt]].