Linux, Networking, Productivity, Smart Technologies, Social Issues, Technology, Web, Windows

How To Install Pi-Hole DNS Ad blocker

April 11, 2020 Team Cook Leave a comment

Pi-hole a Network-wide DNS Ad-Blocker aka A black hole for Internet advertisements. Primarily developed for Raspberry Pi and ported to Linux, it’s lightweight. Just like pixelserv (man-in-the-middle https DNS Ad-Blocker), it is also a DNS server.

1. Install a supported operating system

You can run Pi-hole in a container, or deploy it directly to a supported operating system via their automated installer.

Pi-hole Supported Linux distros:

Distribution	Release	Architecture
Raspbian	Stretch / Buster	ARM
Ubuntu	16.x / 18.x	ARM / x86_64
Debian	9 / 10	ARM / x86_64 / i386
Fedora	28 / 29	ARM / x86_64
CentOS	7	x86_64

Warning:
If you happen to have another DNS server running such as BIND, you will need to turn it off in order for Pi-hole to respond to DNS queries.

Ubuntu users: This is compatible with systemd-resolve (on AWS, it’s listening on 127.0.0.53 so it does not interfere with Pi-Hole).

2. Install Pi-hole

Their automated installer asks you a few questions and then sets everything up for you. Once complete, move onto step 3.

One-step install:

curl -sSL https://install.pi-hole.net | bash

The installer is interactive.

DNS: choose Cloudflare (fastest) or Quad9 (Secure)

Privacy Mode for FTL: Using privacy levels you can specify which level of detail you want to see in your Pi-hole statistics. This question happens only when you choose to install the web admin interface.

Auto-Update and Cron jobs

Cron jobs are created by the installer:

cat /etc/cron.d/pihole
# Pi-hole: A black hole for Internet advertisements
# (c) 2017 Pi-hole, LLC (https://pi-hole.net)
# Network-wide ad blocking via your own hardware.
#
# Updates ad sources every week
#
# This file is copyright under the latest version of the EUPL.
# Please see LICENSE file for your rights under this license.
#
#
#
# This file is under source-control of the Pi-hole installation and update
# scripts, any changes made to this file will be overwritten when the softare
# is updated or re-installed. Please make any changes to the appropriate crontab
# or other cron file snippets.

# Pi-hole: Update the ad sources once a week on Sunday at a random time in the
#          early morning. Download any updates from the adlists
#          Squash output to log, then splat the log to stdout on error to allow for
#          standard crontab job error handling.
51 3   * * 7   root    PATH="$PATH:/usr/local/bin/" pihole updateGravity >/var/log/pihole_updateGravity.log || cat /var/log/pihole_updateGravity.log

# Pi-hole: Flush the log daily at 00:00
#          The flush script will use logrotate if available
#          parameter "once": logrotate only once (default is twice)
#          parameter "quiet": don't print messages
00 00   * * *   root    PATH="$PATH:/usr/local/bin/" pihole flush once quiet

@reboot root /usr/sbin/logrotate /etc/pihole/logrotate

# Pi-hole: Grab local version and branch every 10 minutes
*/10 *  * * *   root    PATH="$PATH:/usr/local/bin/" pihole updatechecker local

# Pi-hole: Grab remote version every 24 hours
9 16  * * *   root    PATH="$PATH:/usr/local/bin/" pihole updatechecker remote
@reboot root    PATH="$PATH:/usr/local/bin/" pihole updatechecker remote reboot

3. Status Check

Web UI: Change your password!

pihole -a -p

By default, the web admin UI installed with lighttpd listens only on HTTP:80. You password will travel in clear text if you do not enable SSL!

Web UI Configuration

The web UI showcase logs and point & click configuration. If you chose to install lighttpd, the web UI is available at your pihole IP/admin

To use your existing web server, create a virtual host which points to /var/www/html where Pi-Hole installed its web UI.

Command Line

You don’t need to install the Web UI to check Pi-hole status. Especially on Raspberry Pi for which this Ad-blocker has been designed, a simple command line dashboard is available to check the server status:

pihole -c

You can also follow the DNS logs directly:

pihole -t

4. Use Pi-hole as your DNS server

Depending on what and where you installed Pi-Hole, consider modifying your devices accordingly.

If your Pi-Hole is installed on a public IP server, consider updating your ISP or DD-wrt router to use that DNS as well! You can also share it with your friends! also consider installing it both online and at home, for redundancy.

Example 1 Home router

Modify the home or ISP router to use that DNS instead of the default. All your home connected devices will be protected!

Notice:
Some crappy routers will force you to define two different DNS addresses. Use 127.0.0.1 as secondary DNS or install another Pi-hole server online or at home. The secondary DNS is naver used unless the first one is down.

Example 2 Individual Protection

You can also setup each device individually. This guide will show you how to do it on most platforms including Android, Apple Mac and iPhone.

For instance on Windows, open Adapter Options:

You can also access Adapter Options by running this command:

::{26EE0668-A00A-44D7-9371-BEB064C98683}\3\::{7007ACC7-3202-11D1-AAD2-00805FC1270E}

Right-click on your network card and setup the IPv4 DNS manually.

Example 3 Pi-Hole with VPN Server

This is the recommended setup. Not only your ISP cannot track you anymore, but you also utterly destroy any attempt from Ad servers to bug you anymore, transparently and setup-free!

If you are running an OpenVPN server for instance (How To Install OpenVPN Server here), you need to define the new Pi-Hole DNS address in the /etc/openvpn/server.conf file.

To do so, save, then edit the config file, and keep only one line if you have only one Pi-Hole DNS address (replace 1.2.3.4 by your Pi-Hole DNS IP):

vi /etc/openvpn/server.conf
push "dhcp-option DNS 1.2.3.4"

Then restart the OpenVPN service:

service openvpn restart

Pi-Hole used as the main DNS of the OpenVPN server will effectively filter Ads for any client using that VPN. Also setup the home ISP router and your secondary DD-wrt router to use it so even your home devices are protected!

5. Enjoy

I disabled browser Ad-blocker plugins such as uBlock Origin and started surfing over the Ad-bloated Macworld.com and other fake news mainstream medias. I also noticed some Ads on iPhone games were absent but not all of them.

Test Pi-hole Ad-blocking Power

Do you see any ads? If you see Ads, maybe that’s because they are hosted (same url as the main website) aka interstitial Ads. Pi-hole can do nothing for self-hosted Ads and you need to pair it with browser Ad-Blockers like uBlock Origin.

The best of all? Most of the mobile Ads on Apple and Android phones are blocked as well! No more stupid Ad countdown interrupting my son’s games!

Not all of them will be blocked because, again, some are still self-hosted on the game developer’s platform.

bash, Linux, Networking, Security

Your Own Cheap VPN for $1/mo

April 5, 2020 Team Cook Leave a comment

People are (rightfully) freaking out about their privacy as the Senate voted the law S.J. 34 to let internet providers share your private data with advertisers. While it’s important to protect your privacy, it doesn’t mean that you need it at all times. Also, VPN is a service that is not free, but I found you the CHEAPEST DEAL AVAILABLE TODAY: therefore, let’s create a VPN in 15mn for $1/mo!

This guide will show you step by step how to do it with Virmach but this is valid for any other brand, provided you accept the price. The whole point is to use a script that does it for you, so you don’t have to spend a whole day doing it. Yes, setting up a VPN Server by hand is very complicated.

1. Get a KVM Server for $1/mo at Virmach

This is the crapiest, cheapest KVM provider I could find as of March 2020. Unfortunately they do not offer $1/mo plans anymore, because it depends on availability. I highly doubt they ever offered these plans in large quantities but you know how business work, yeah?

Select the cheapest KVM from the Virmach plans available here.

You may have a warning saying they are out of stock but they promise to charge you only $1/mo.

Option 2 would be a slightly better bandwidth at $1.25:

2. Create a RedHat, Debian, Ubuntu or CentOS server

Versions required for the script to work: Supported distros are Ubuntu, Debian, AlmaLinux, Rocky Linux, CentOS and Fedora

Ubuntu 18.04 or higher
Debian 9 or higher
CentOS 7 or higher
Fedora any version

The script that will create the OpenVPN server for you needs to be run on the major versions above. Among the limited options that Virmach offers you for that price, as of September 2021, choose one of these:

The versions shown above are the lowest versions compatible with the script. The rest of the setup in straightforward. Take note of the root password they give you and that’s it.

3. Initial Setup (optional)

Virmach will provide you a root access with a password. All the steps below are optional, especially if you already own an IaaS Cloud server access.

A. Update the System (advised)

The commands below are for Debian/Ubuntu systems:

apt update -y
apt upgrade -y
apt autoremove -y
apt clean -y

That’s it. Most systems are already configured for IPv4 Forwarding so you should be good to go.

B. Setup SSH (optional)

You can change the remote SSH access to RSA key access only instead of using a password, by setting up your identity and the SSHd daemon.

First you need to create your SSH identity (you could also force copy your own from another server):

ssh-keygen -f ~/.ssh/id_rsa

Next, add your public RSA key in ~/.ssh/authorized_keys (there are 3 ways to do that but this one is straightforward):

echo ssh-rsa AAAAB3Nza...IsFA0eGz name>~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys

Next, tweak the SSHd config file:

sed -i -e "s/^#PasswordAuthentication yes/PasswordAuthentication no/g" /etc/ssh/sshd_config || sed -i -e "s/^PasswordAuthentication yes/PasswordAuthentication no/g" /etc/ssh/sshd_config

4. Install OpenVPN

To install OpenVPN and all the dependencies including EasyRSA, simply execute this command:

wget https://git.io/vpn -O openvpn-install.sh && bash openvpn-install.sh

If using Ubuntu 16.04, another script is necessary:

wget https://git.io/vpn1604 -O openvpn-install.sh && bash openvpn-install.sh

That’s it. Now, get the content of the OVPN file generated for your clients:

cat /root/virmach1.ovpn

5. Setup the Clients

Windows Client

With the OVPN file you got, simply import it in OpenVPN GUI and you’re good to go!

DD-wrt Client

This guide will show you how to setup this OpenVPN connection on your home Dd-wrt router so the Wi-Fi is VPN-ized!

Wrapping Up

Let me know in the comments how long it actually took you. It took me much more than 15mn because I was writing the guide at the same time, but I think that 15mn altogether is a fair guess.

As of today, March 2020, Virmach let you pay $1 for a $1.25/mo plan because they “ran out” of cheap plans, but you are limited to 1 only. Also, no other location than within the USA are available, which defeats the purpose of a VPN when you live in the USA. What you really want is an access point in Europe.

Communication, Networking, Technology

CenturyLink is Garbage

April 4, 2020 Team Cook Leave a comment

CenturyLink blocks Kodi. Centurylink blocks Kodi repositories. CenturyLink filters internet without telling you. CenturyLink caps your bandwidth after 6 months. CenturyLink blocks random websites. CenturyLink is BAD.

After moving, I thought that using any competitor to Comcast would be a good idea. After all, it’s one of these ISP that still provide ADSL. It cannot be that bad?

CenturyLink First Impressions

Well, ADSL is not fast, you know that. Do you? ADSL is a branch of DSL that’s provided through existing phone lines. It is therefore sensitive to electromagnetic noise. And the ping is attrocious: 21ms+

Noise can be emited by crappy electric devices such as dishwashers, washing machines, microwave ovens and whatever chinessium crap is connected close to your home.

It is also sensitive to radio signals on the 1400Mhz band. Chinesium crap devices can also emit on this band and hinder your bandwidth.

I also noticed a drop in bandwidth after 6 months.

CenturyLink Caps your Bandwidth

At the beginning, speedtest.net reported a whooping 80MB download speed. Living less than 1 mile away from the DSLAM, it made a lot of sense. 10MB upload speed was honorable for this kind of connection.

Here we are, 6 months later. Speedtest now reports between 20 and 30MB download speed at Any time.

And This is what you get by living 1 mile away from the DSLAM. Imagine if you live further away…

It’s down from 80MB to 30MB after 6 months, permanently and for no reason. Also, Kodi servers are blocked from time to time.

CenturyLink Blocks Kodi Repos

This post is coincidental with me trying to reinstall a new Kodi build on my Rbox pro set-top box. The previous build refused to update most repos and I was not surprised, since it happened in the past with other builds.

It’s a catch-me-if-you-can game between pirated stream providers and the media Majors, we all know that. Still, I could not even configure new 2020 builds I knew that were working.

I could not even access xanax or slamious home site from my desktop. Only from my phone via Verizon. Isn’t that odd??

Setting up a VPN on the router solved the issue: Kodi works again!

Edit: as of April 2020, they re-opened the access to most build repos. Maybe it was an internal network issue on their side?

Conclusion: Comcast Is a Monopoly, but CenturyLink Is Worst

CenturyLink can block Kodi repos without warning you. CenturyLink also cap your bandwidth after some time with no reason. Maybe they think you won’t notice?

CenturyLink is hindering your freedom of surfing and therefore your freedom of speech. CenturyLink is not a good alternative to these monopolies that are Comcast, Verizon and AT&T. It’s not even cheaper.

CenturyLink plan, including their crappy modem is worth $60/mo and it’s not worth it. CenturyLink is bad, period.

Technology

Des batteries quasi éternelles fabriquées à partir de déchets nucléaires

April 2, 2020 Team Cook Leave a comment

Des batteries nucléaires, quasi éternelles fabriquées à partir de déchets nucléaires sont une enieme FAKE NEWS, merci ouest france. Aussi sur que le fiasco des Solar Freakin Roadways que Segolene Royal a voulu tester malgre tout avec votre argent.

@Thunderf00t a debunk cette idiotie depuis le 30 Janvier 2020:

Je ne reviendrais pas sur les calculs effectues, suivez la video et refaite-les vous meme si vous doutez.

Ouest France et le reste des media Francais, en termes de qualite editoriale scientifique, sont tous completement a l’ouest.

IT Cooking

Monthly Archives: April 2020

Your Own Cheap VPN for $1/mo

1. Get a KVM Server for $1/mo at Virmach

2. Create a RedHat, Debian, Ubuntu or CentOS server

3. Initial Setup (optional)

A. Update the System (advised)

B. Setup SSH (optional)

4. Install OpenVPN

5. Setup the Clients

Windows Client

DD-wrt Client

Wrapping Up

CenturyLink is Garbage

CenturyLink First Impressions

CenturyLink Caps your Bandwidth

CenturyLink Blocks Kodi Repos

Conclusion: Comcast Is a Monopoly, but CenturyLink Is Worst

Des batteries quasi éternelles fabriquées à partir de déchets nucléaires

Success is just one script away