Beginner
Block Ads & Trackers with Pi-hole
Turn a Raspberry Pi into a network-wide ad blocker. Every device on your Wi-Fi gets ad-free, tracker-free DNS automatically.
What You'll Need
- Raspberry Pi (any model — even a Pi Zero W works) or any Linux machine / Docker host
- A microSD card (8GB+) and a way to flash it (SD card reader)
- Ethernet cable — Wi-Fi works but wired is more reliable for DNS
- Access to your router's admin page to change DNS settings
💡 Tip: Don't have a Raspberry Pi? Pi-hole also runs on any Ubuntu/Debian machine, in Docker, or even in a VM. Skip to Step 2 if you already have a Linux box ready.
1 Flash Raspberry Pi OS
Download and install Raspberry Pi Imager — it handles everything for you.
- Download Raspberry Pi Imager for your OS
- Insert your microSD card
- Choose Raspberry Pi OS Lite (64-bit) — no desktop needed
- Click the ⚙️ gear icon to pre-configure:
- Set a hostname (e.g.
pihole) - Enable SSH (use password or key)
- Set username & password
- Configure Wi-Fi if no Ethernet
- Set a hostname (e.g.
- Click Write and wait
Eject the card, pop it in your Pi, plug in power + Ethernet, and give it a minute to boot.
# Find your Pi on the network
ping pihole.local
# SSH in
ssh pi@pihole.local
💡 Tip: If
pihole.local doesn't resolve, check your router's admin page for connected devices and find the Pi's IP address. Then ssh pi@192.168.x.x.
2 Install Pi-hole
One command. The installer walks you through everything.
curl -sSL https://install.pi-hole.net | bash
The installer will ask a few questions:
- Upstream DNS — pick any (Cloudflare 1.1.1.1, Google 8.8.8.8, or Quad9 9.9.9.9)
- Blocklists — the default list is fine to start
- Web admin interface — yes, install it (this is the dashboard)
- Log queries — yes, so you can see what's being blocked
At the end, you'll see your admin password. Write it down.
# Change the admin password if you want
pihole -a -p
# Check Pi-hole status
pihole status
⚠️ Security note: The one-liner pipes a script directly to bash. If you prefer to review it first:
curl -sSL https://install.pi-hole.net -o pihole-install.sh, inspect it, then bash pihole-install.sh.
Docker alternative:
# Run Pi-hole in Docker instead
docker run -d \
--name pihole \
-p 53:53/tcp -p 53:53/udp \
-p 80:80 \
-e TZ="America/New_York" \
-e WEBPASSWORD="yourpassword" \
-v pihole_data:/etc/pihole \
-v dnsmasq_data:/etc/dnsmasq.d \
--restart=unless-stopped \
pihole/pihole:latest
3 Point Your Network to Pi-hole
This is the magic step — tell your router to use Pi-hole as the DNS server so every device on your network is protected automatically.
- Open your router's admin page (usually
192.168.1.1or192.168.0.1) - Find DHCP / DNS settings (often under LAN or Network)
- Set the Primary DNS to your Pi-hole's IP address
- Leave Secondary DNS blank (or set it to the same Pi-hole IP)
- Save and reboot the router
⚠️ Don't set a fallback DNS (like 8.8.8.8) as the secondary — devices will bypass Pi-hole whenever it's slightly slow, defeating the purpose. If Pi-hole goes down, you can always revert.
Test it:
# From any device on your network
nslookup ads.google.com
# Should return 0.0.0.0 — that means Pi-hole is blocking it
# Or visit the dashboard
# http://pihole.local/admin (or http://<pi-ip>/admin)
💡 Tip: If your router doesn't let you change the DNS server, you can set Pi-hole as the DHCP server instead. In the Pi-hole admin → Settings → DHCP, enable it and disable DHCP on your router.
4 Supercharge Your Blocklists
The default blocklist catches a lot, but adding community-curated lists takes it to the next level.
Go to Pi-hole Admin → Adlists and add these popular lists:
# Steven Black's unified hosts (ads + malware)
https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
# OISD — one of the best curated lists
https://big.oisd.nl/
# Hagezi's multi pro list
https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/adblock/pro.txt
After adding lists, update gravity:
pihole -g
💡 Tip: Start with one extra list and see how things go. Too aggressive and some sites may break. You can always whitelist domains in the admin panel: Domains → Add to Whitelist.
5 Keep Pi-hole Healthy
Pi-hole is pretty much set-and-forget, but a few things are worth knowing.
# Update Pi-hole
pihole -up
# Update the OS
sudo apt update && sudo apt upgrade -y
# Check how many queries are being blocked
pihole -c
# Tail the live query log
pihole -t
Common tasks from the dashboard:
- Whitelist a domain — if a site or app breaks, add it to the whitelist
- Disable temporarily — useful for debugging, click Disable → 5 minutes
- Query Log — see exactly what's being blocked and by which list
- Long-term data — graphs and stats over days/weeks
💡 Tip: Set a static IP for your Pi so it doesn't change after a reboot. In
/etc/dhcpcd.conf:
interface eth0static ip_address=192.168.1.100/24static routers=192.168.1.1static domain_name_servers=1.1.1.1
✅ What You've Set Up
- Pi-hole running on your network — blocking ads and trackers at the DNS level
- Every device protected automatically — phones, tablets, smart TVs, IoT devices
- A web dashboard to monitor queries, manage blocklists, and whitelist domains
- Community blocklists for enhanced protection against ads, trackers, and malware
Next Steps
- Add Unbound — run your own recursive DNS resolver so you don't need Cloudflare or Google at all. Full privacy from ISP to browser.
- Pair with a VPN — use WireGuard so Pi-hole protects you even when you're away from home. See our Travel Router guide for a portable approach.
- Monitor with Grafana — connect Pi-hole's database to Grafana for detailed analytics and pretty dashboards.
- Set up redundancy — run a second Pi-hole on another device so DNS still works if one goes down.
⚠️ Expect some false positives: Occasionally a website or app will break because a domain it needs is on a blocklist. The fix is always the same: check the Query Log, find the blocked domain, and add it to your whitelist. It happens less often than you'd think.