 So, I did the video just the other day on DNS BL blocking via PFSense, which is my preferred method because I run PFSense, but not everybody does. I realized that. So, why not talk about PyHolve and ask about this before? So, I set one up and I set it up for a few weeks at my house so I could get some real world usage. You know, I got some kids there and my wife and they all like to play on the internet all the time like everybody does. So, I gathered some stats and actually did some usage with it to see if there's any problems running what probably the average person would run. And so far, none. So, I figured because it works so well with some really minor inconveniences which we'll talk about later, we're going to do a video showing you how to set up a PyHolve. Now, the nice thing is when you run in PFSense, you know, it's all integrated in one server, but a lot of people are stuck with, you know, what's available to them and a lot of time that's just whatever router the ISP is provided with them or maybe something slightly upgraded. And what the PyHolve is, is an internal DNS server that you can run so you don't have to use the DNS provided by your ISP or by the system itself. So, we're going to go through how to set up PyHolve. Now, as the name may imply, it will run on a Raspberry Pi because it's very lightweight. I'm going to be running it on a simple basic install of Debian with very little RAMs. That's all it really needs. I just didn't feel like taking my Raspberry Pi apart, but it will run the same and all these set instructions will be the same for your Raspberry Pi as they are for running it inside of your own server, which I do. So, nothing's really going to be different. My server is a little bit faster than a Raspberry Pi, of course, but that's not a big deal. As far as DNS resolution goes, you'll see it hardly uses any CPU power, so this does run good on a Raspberry Pi without a lot of problems, except in most of them we'll get towards the end of it. When you're viewing the logs, that does seem to pull a little bit of CPU power. And I didn't try it on a Raspberry Pi, but I can imagine it's only going to be slower like when you're trying to do some of the log visualizations because it's querying the system for data and it's a little bit processor dependent. This could be an idea and maybe logging matters a lot to you, maybe it's just novel. Reality is, it's real fun to look at them at first, then you realize real quickly, okay, cool, it blocked a bunch of stuff and you just kind of get an idea that it works and we'll go from there. All right, so let's get started. Now they have just a super handy script and it's curl dash lowercase s, capital l, hctps, install pihole.net, pipe it through bash. And what curl does is curl goes out and grabs information via like a, it acts like a web browser so to speak and pulls certain information and then you're, what you're doing is you're pulling the specific program that they have and piping it into bash. Now the scary thing in doing something like this is you are surrendering yourself to the power of the script and you have to run it at root so your computer is going to do whatever that script says just to keep that in mind. So be careful when you run these scripts, make sure it's from a trusted source. Now this could all be built completely manually and they have the documentation here and you can go through all their stuff to look at, we're just going to follow the automated script because I think it's an easier way for people to learn. You start with, okay, let's run it automated and see how it works, cool, okay, how do I take it apart? And that's another wonderful thing about open source is you can take this script apart. So let's jump over here to our machine with Debbie and running on it. And I've been trying to work on making sure when I do these tutorials things are a little bit more zoomed in so you can make sure you see everything. I know it's small on the screen. I can zoom into this, whoops, zoomed in a little too far. So you can see the script but it's curled on SSL, we're just going to pipe that into bash. I already know that this machine doesn't have a curl installed and I'm a big fan of Debian but this is going to apply to whatever operating system you're using and Raspbian being a popular one on the Raspberry Pi means it would accept apt-get command. So we're going to go apt-get because it's Debian install and we're going to put curl on here. Yep, simple enough, curls installed, clear screen and we're just going to paste in this curl command and it's extremely automated. So it curls, it grabs the command from there and pipe it through bash means execute this with bash, checks it on route, make sure I got package, it's run through this checks, retrieves a couple files and then the installer will transform your device into a network-wide blocker by holes free donate and yes this is something I want to pause here for a second, please donate to a lot of these projects. I always, you know, I've seen different projects, I subscribe or put money towards them. This is really an important thing of open source. These people put a lot of time in it, so you know donations to these open source projects, highly recommended. If it's something you use a lot, definitely throw some money at them. Now the pi hole is a server so it needs a static IP address to function properly. The next section you can choose your current network setup and DHP or mainly edit them. Now this is kind of an up to you thing. I do recommend static IP but if you have a pi and it gets a DHCP address and you're not going to have this be any type of DHCP server, then you can actually run it like this as long as you know where that address is of the pi each time it boots. Manual is better but you can run it with DHCP. I like this too because you can choose different DNS servers, Google's level three, Norton, Komodo, DNS watch, Quad 9 or custom. So you can input your own or choose one of the other DNS ones out there. I did a video today on Quad 9. They do some different malware filtering so they can block some of those websites but choose whichever one you're comfortable with. We're going to go ahead and throw Quad 9 in here because I just did it the other day of an ad. All right, it offers IPv4 and IPv6 blocking. Do you want to use your current network static address? We'll say yes. It is possible your router could still try to assign this IP to a device would cause a conflict. That's okay. This is like, you know, it wanted to set this as a static address and if it does that and your router still assigns something. So this is just kind of the back end networking for it. Now, do you want to install the web admin interface? Yes, we do. You can actually install this and not have any admin interface on it all if you don't want to. Do you want to log the queries? Well, if you're going to put the admin interface, you may as well log the queries or why would you install it? So it's going to run through and it's going to retrieve all the files needed and install the packages. Now, don't just click OK here. This is a important part of it. Make sure you get your password out of here. So your admin web page password login is and this is it right here. It comes up with a random password and login and I'll show you when you log in. I wish maybe it's maybe I just not seeing it. The only way to change the password is back from the command line. I don't see it inside the system. So either way, we're going to go here and copy it and I'm just going to paste it over another window so I know where it is. And so I have that password so I can remember it. So now we're going to click OK. Now that's it. We don't have to restart this or anything. It's up and running and the IP address of this is just like it displayed on the screen 192.168.3.64 admin login. And I'm not going to bother saving the password. This is a temporary server. I'm fine with leaving it here. I'm fine with the PF sense going that I'm running. This is on my PF sense network, but it's providing just the DNS. That's all I really want it for. I mean, this does not. This is not a router, by the way, in case anyone's wondering or someone asked. This only provides DNS service. So here's a dashboard query log and all of this is empty because well, there's nothing going on here. So you can go through here and play around. Make sure the settings are right. Make sure it's getting there. Update the block lists, things like that. How do we actually use this thing? This is where you see an install takes like no time at all. I'm going to pop open a virtual machine and we're going to set sort of Windows machine to use this as the DNS. Open up my Windows 10 over here. All right, we're in Windows 10. We're going to open up the network settings. We're going to change our adapter options right here. Properties, properties again. Now it's just using DHCP default. You get a lot of routers have in the DHCP options to specify a DNS server. And we can specify it or you can just go to each machine and type it in. Either way, the goal is to use the DNS of the piehole. So by redirecting all DNS to the piehole, it doesn't use whatever other DNS was automatically assigned via DHCP. So this is overriding those settings. OK, close. Now we're using the piehole for DNS. So if we go over here, open up Google Chrome, open up some website. And let's actually find something that's got some affine, let's try some site has some ads on it. All right. So I'm sure there's some ads buried in here somewhere. So now let's open up the piehole again. And there we go. So you can see some stuff got blocked here. It got piehole, as they say. So here's the site list and it doesn't take long. So with one machine, which is Tom's seven PC local domain, this many DNS queries occurred. So let's jump over to the dashboard. 110 queries from that few seconds we had it in there. So in queries blocked percent block, 16.4. And you know, here's gathering up some stats for what's going on. Now let's go ahead and switch over to mine that's been running for a while at my house with a bunch of, you know, I think there's 20 clients on that network and show you what it actually looks like when it aggregates data. All right. Now this is my home server that's been running for a little while and it roughly blocks 14 percent of the queries that are sent to it. And the graphs are really cool here. So when you're running this, it's the dashboard updates make it look really nice. They've done a great job on this. And this part doesn't take too much horsepower to run. Then we'll run down. So the query logs, this is where it takes a little bit longer for some of the two. So if we want to go to long term data, let's go to graphics and choose the date and say the last seven days. You can see there's some pause in doing that, not a lot. So you can say yesterday, but if this was running on a Raspberry Pi, this would take a little bit longer to generate some of these log queries just to give you an idea. But you can see it runs really fast on a standard Debian server. Now you can whitelist in here. So you can say, OK, these are spots I want to add a domain to an exception as a whitelist and these ones are actually in the whitelist. I'm actually this is the spot where it downloads them. You can blacklist a domain. So by blacklisting a domain, you can just force that blacklist to say, just deny that domain all completely. There's also this is kind of any option if you're having trouble with it and you're saying, OK, something's not working and it's getting piholt or we're not sure what's going on. And you can just say, disable this for this much time. So if you're right, something's being blocked, you just can say, OK, disable this for 10 seconds and it shuts it off. So it'll quit doing it and it says enabled and it counts down to back to being enabled. Back to being enabled. Now this is under tools where you can do actually the updates with the update all the lists. It does this automatically on its own schedule, but you can force an update like that. You can also generate debug logs. So if you're trying to debug problems with it and this has options to do that. So it is automatically can send the debug log over. So pretty pretty slick system and very nice interface. As you notice, I didn't have to go to the command line for any of this. It's all working right here. Now, one thing about it is the password. So it generated a password, but then I wanted to set my own. Also, you've got this little here so you can collapse and move the dashboard. So if we log out and we go to log in, you'll see the forgot password option. And all you have to do is log back into that Debian box that I did or your Raspberry Pi, if you're running in here, you go sudo pi whole dash A dash P. This is what allows you to set the password so you can have it set to something other than the random thing that they gave you and, you know, set the password if you're going to type it in or just save that password in last pass and away you go. That is another option. So pretty straightforward how all of it works. It's I've been running it for a little while. Now, the quirks I will say that I ran into the, so to speak, little issues sometimes, and this is because I see a lot of ads, maybe in the Google Play Store or you'll see something come up with Google because of the way Chrome on the phone proxies certain things. It will show you certain ads in there, but will allow them to be clicked when they go outside of Chrome because then they get pi whole. So it has a problem with that. And so take that for what it's worth. Their ads that you do see, but won't be able to, so to speak, act on. Also, some things that are pulled through on Facebook still come through because they're directly coming from Facebook. So unless you blacklist Facebook and don't even go to Facebook, certain sites, because of the way they have the ads pulling through the site are going to come through. So that's still something to keep in mind. But it's it's a pretty simple project. The Bible, it's really elegant and simplicity for just going through and putting it in at your home and go, I just want something simple. And I'm going to point each device at it that matters to there. Or, like I said, you can go to your DHCP table and say, force it to assign this IP address. And it'll do all the DNS queries in a way you go. It also, you know, makes it easy just to white list and blacklist sites. So if you have a list of sites you want to blacklist, just type them in there and block that site. And then that site is dead. You can't go there anymore. But it's just kind of fun to see this in action. And I do really like this. I I believe with the new PF blocker for PF Sensey are going to come out with some of these added graphs and things like that, because this does kind of make this project pretty attractive, because you get to see things visually versus a bunch of numbers, which is less exciting. But that's it for the Bible. It's that easy to install. Like I said, it just run their curl script or take it apart and learn from it manually of how it sets up and how it configures because, well, it's all open source. All right, thanks for watching. If you like to count in here, like and subscribe.