Testing Pi-Hole on a VM (Part III - Conclusion)

Part 3

In the previous two parts, I demonstrated setting up a VirtualBox VM environment and installing CentOS 7 minimal on a test VM.  I covered some of the details around VM sizing and network configuration along the way.  Now in this post, I'll cover the details of installing and configuring the Pi-Hole software itself on your test VM.  If you have questions or issues, please post them in the comments and I'll follow up to try and help you out.

Installing Pi-Hole

Boot up your CentOS 7 VM and log in as root.

Now type the following to launch the Pi-Hole installer:

curl -sSL https://install.pi-hole.net | bash

This command gives the Pi-Hole installer full access to the bash command shell, allowing it to have full control of your VM.  It is certainly a questionable method to install software, but it is simple and fast, and for the purposes of this demonstration, we can feel free to use it to quickly set up our system.

The first thing that we see is a warning about SELinux, which is a security feature present in RedHat and CentOS operating systems.  It is interesting that the Pi-Hole web interface is not compatible with SELinux, but it is beta software so maybe the software team will add this as a feature down the road.  We can lower the SELinux enforcement level after the install, but for now just acknowledge the error and move on.

A few pages will appear that you should read and press Enter to continue and move on. The next choice you will be presented with is your choice of public DNS server to use as a source.  I chose Google, simply because it is fast and I tend to test everything off of Google.com as a habit.  OpenDNS is probably the most complete DNS service as it has always been free, even though it is now owned by Cisco it still claims to remain free and open to all.  It is marginally slower than Google, but we aren't talking anything noticeable by a human.  Quad9 is an interesting DNS project partly owned by IBM that incorporates a level of malware and ransomware filtering to further protect systems using it as a source for DNS information.  It is nearly as fast as Google, and also claims to remain free and private so you can use the service with confidence.  Any one of these services would beat the DNS service offered by your Internet Service Provider (ISP).  ISPs in the United States have been known to actively collect and sell your DNS data to advertising partners anonymously and that just doesn't sit well with most.  For my demonstration, I chose Google, but if you do some research and one of these other DNS providers has a mission that resonates with you, feel free to choose them instead.

Next we have a choice to activate the service over IPv4 and/or IPv6.  We have configured IPv4 and that is what we will be using to connect to Pi-Hole as a DNS server, but it doesn't hurt to leave both selected and move on.

Now we will see some of our earlier work pay off, as our static address has already been established. You can verify your own settings here. In my case the VM is on 192.168.1.99/24 and the Internet Gateway is 192.168.1.1, so we can continue.

Next you will have the option to install the web console and enable logging, both of which you will want to agree to unless you are not interested in collecting any statistics on the effectiveness of the Pi-Hole.  Keep in mind that every web request that gets sent to this server will be logged, so you might want to make sure that is okay with your household.  After a few more acknowledgements, the server is launched and some final information is given.  Be sure to screenshot this yourself to keep a record of that admin password and the web address for the console, because we will be using that very shortly to demonstrate the effectiveness of this service.

Now remember when we had the error earlier regarding SELinux?  We will need to disable that on the server and reboot it before the web console will work.  This is a quick and dirty bonus tutorial on doing just that.

First you will need to edit a configuration file using the Linux text editor "Vi."  Vi is intimidating to many, but we don't want to install anything we don't need, so let's just get in there and do it.

Type the following to bring up the configuration file in Vi:

vi /etc/selinux/config

Now you should see the contents of the text file "config" in the Vi console.

Press the "A" key to enter "insert" mode.

Use the arrow keys to move the cursor to the line where it says "SELINUX=enforcing"

Change the line to say "SELINUX=disabled"

Press the "esc" key followed by ":wq" and press Enter.

The command :wq tells Vi to Write the changes to the file and quit, returning you to the bash command prompt.

Now type "reboot" and press enter. The VM will reboot and come back to the login prompt.

Guess what? That's it! Your Pi-Hole is running and ready to start taking requests.  For our test we will change the DNS server setting on a test laptop to 192.168.1.99 and then run through a few tests.

I opened Google Chrome with all by usual tabs and immediately noticed several ads being blocked. I wanted to see how effective the Pi-Hole was being so I opened up https://192.168.1.99/admin (which was in the screenshot for the site info from earlier) and used the password to login.  Here is the view of the console and a list of the ten most recent requests:

As you can see, lots of activity getting through, but occasional requests to known ad sites all get "pi-holed."  I'm going to use this configuration for a few days and see how I like it.  Keep in mind, I use Ad-Block Pro with Google Chrome and I'm still blocking about 14% of the remaining requests with Pi-Hole.  If I see things I don't like, I can optionally add those domains to the blacklist with a click of a button.  That is pretty amazing!

For the future, I'm going to seriously consider getting a standalone device like a Raspberry Pi to run a Pi-Hole for my home network.  The advantage is simply that I wouldn't need to run a virtual machine to get access to the Internet.  The other change I would make is making a change to the DHCP server in my router itself, setting the DNS server for the Pi-Hole server in the default settings, so any user jumping on the network will get the benefit of system-wide ad blocking.

Thanks for staying with me to the conclusion of this three part series.  Let me know if you liked it and if you have any comments please feel free to add them below!