If you’re reading this, there’s a good chance that your internet’s working. You’re probably using the modem that came with your internet package. Maybe you’ve added your own router to the mix. But there’s one change that has the power to revolutionize your home network and everything you connect to it. And as is so often the case with these things, it’s DNS. It’s always DNS.
Normally, all of your devices, from phones to computers to smart home accessories, use the DNS servers provided by your internet service provider (ISP). Alternatively, you can choose to use DNS servers from other companies. Google and Cloudflare are some of the more popular options, and they are often faster and more reliable than the servers offered by your ISP. But I wanted even more control and even better performance, so I rolled my own. These days, my home network runs on two Pi-hole DNS servers powered by virtualized Ubuntu machines. And now I’ve tasted the benefits, I’ll never go back to using anyone else’s servers.
My network demands the best
No such thing as too fast
I suspect that my home network is busier than most. And as someone who works from home, I need it to be able to rely on it. Hardware-wise, a mesh system powered by Netgear’s 970-series Wi-Fi 7 Orbi access points is more than up to the task. It’s incredibly fast, and with three access points, even a hide-and-seek champion would be hard-pushed to find somewhere not bathed in glorious Wi-Fi. I’m covered on that front.
But every device connected to that Orbi system still needs to know what to do whenever it needs to reach a webpage or online service. And we have a ton of devices.
Between my wife and me, there are two iPhones and two Apple Watches, as well as my MacBook Pro, that are almost always at home. Plus, we get all of our TV online, so there’s Apple TV doing its thing. Our youngest goes to an online school, so his laptop is connected, too. Oh, and his iPad during breaks. When evening comes, there’s a gaming PC, another iPhone, and a third Apple Watch added to the mix courtesy of my oldest son. We haven’t even mentioned all the smart bulbs, speakers, cameras, and other devices that just whir away, doing their thing.
All of this is to say that my home network is busy, and it only ever quietens down when we’re all asleep. Even then, computers are backing up, and updates are downloaded, so the network is rarely unused. With so much going on, I wanted to ensure the experience was as performant as possible, which brought me to Pi-hole.
More control over how devices use my network
It’s always DNS
Pi-hole, as the name suggests, was originally designed as a lightweight DNS server that could run on low-powered Raspberry Pi devices. But the reality is that it can be installed on almost anything. Whatever you install it on, you’ll get a DNS server alongside other optional features, including a handy DHCP server.
You gain a few things by bringing your DNS server literally in-house. One of those is speed, because it’s quicker for your devices to make a DNS request to a local device than one that’s somewhere on the internet. But the speed also comes from caching, and it’s this aspect that really changes the game.
Any time a device tries to connect to a website, it first makes a DNS request. But with a Pi-hole server, the IP address it returns by way of a response is cached for future use. The next time another request for the same website is made, Pi-hole already knows which IP address to send back. Any DNS entries returned from Pi-hole’s cache do so incredibly quickly. We’re talking a few microseconds rather than tens or maybe hundreds of milliseconds.
While that might not sound like a lot of time, the real benefits are found in the aggregate. You might be surprised by how many DNS queries your devices make each day. Take all of these requests into consideration, and those milliseconds soon add up to real time savings.
There are other benefits to hosting your own DNS server, too. As the parent of one teenager and one soon-to-be-teen, I enjoy having direct control over which DNS queries are returned, and which aren’t. By blocking a particular DNS request, you can effectively make a website or an entire app inaccessible. It’s easy to see where that might be beneficial.
The same approach can also be used to block ads. If you know which servers provide a website’s ads, you can block the DNS request for those servers. If a device can’t access the server that hosts the ad, it can’t load it. Sure, it might be like using a sledgehammer to crack a nut, but it works. More importantly, it works for every device on my home network without any additional configuration on my part.
There’s also an important privacy aspect that shouldn’t be overlooked here. With a home full of smart home accessories and a career that involves new ones arriving all the time, I like knowing what they get up to.
We’ve all heard horror stories of cheap internet-connected devices sending data to random servers. Or robot vacuums connecting to servers that aren’t needed just to clean your floors. With Pi-hole, I can see exactly which servers these devices are connecting to and, if I want, I can block those connections outright.
A Pi-hole (or two) to the rescue
One is none, and two is one
I’ll be the first to admit that my Pi-hole setup is overkill, and most people needn’t take this route. But I wanted to make sure that I had redundancy should something go awry.
That’s why I have two Pi-hole instances running, each on its own Ubuntu virtual machine. I use VirtualBox as my hypervisor, mainly because it works well with an old Intel i7 Mac mini that acts as the host computer. With 32GB of RAM, it gets the job done admirably.
The two Pi-hole instances run in a primary and secondary configuration. If the first fails for whatever reason, the second will automatically begin accepting DNS requests.
The same can’t be said about DHCP, because that role is specific to the primary Pi-hole instance. I don’t want to have two DHCP servers running simultaneously, so finding a failover solution for handing out new IP addresses is something I need to get around to. And I will. Eventually.
While I could allow my router to handle DHCP, removing the issue altogether, that comes with its own problems. And Pi-hole offers more granular DHCP management than my router ever could, so I’m happy with the way things are for now.
I Caught My Neighbor Trying to Use My Wi-Fi—Here’s How I Blocked Them
Make sure your Wi-Fi network is secure against all intruders!
Virtual machines, but real benefits
Who needs server racks anyway?
My home network has been configured this way for almost a year, and it’s been nothing short of a revelation. The performance afforded by locally cached DNS responses is very nice to have. I absolutely notice those telltale lags while my web browser waits for a DNS response when I use Wi-Fi at a friend’s home, for example.
I also like that I can open the Pi-hole management console and see exactly what my network is doing. I see which websites our devices are using and when they are doing it. That alone has caught my oldest playing games when he should have been asleep. Pi-hole is always watching!
I also now have a better understanding of just how busy my network actually is. Over the last 24 hours, there were 141,934 DNS requests from all of our network-connected devices. But that’s just the beginning.
Of those requests, over 29,000 have been blocked. That’s around 20% of the total number of DNS requests. Each of those blocked requests could be an ad that my kids didn’t have to see. Or perhaps some data about how my wife uses her phone that wasn’t sent to a data broker just because she opened an app.
Once you go Pi-hole…
Whether you’re an IT professional or you just enjoy tinkering, I can heartily recommend running your own Pi-hole DNS server. Especially if you have a lot of devices, or you’d like to avoid some of the more intrusive ads on the web. Pi-hole won’t block all of them, but it’s a very good start.
And who knows, maybe it’ll catch someone playing Arc Raiders at 2 am like mine did, too.
