Pi-Hole on Ubuntu
Return to Pi-Hole, Cybersecurity or Ubuntu
https://duckduckgo.com/html?q=pihole on ubuntu | pihole-ubuntu.png | Pi-hole on Ubuntu Linux}}
INSTALLING PI-HOLE ON UBUNTU 18.04 LTS
April 5, 2020 Dallas Haselhorst Comments 39 CommentsShare this post! Share it Tweet it Email it In this guide, I will walkthrough how to install and test the pi-hole on Ubuntu and more specifically, Ubuntu Server. These same instructions may work on Ubuntu Desktop, but I strongly suggest Server. Why Ubuntu instead of a Raspberry Pi? I love Raspberry Pis and I probably own at least 10 of them. But sometimes I want to perform DNS blocking/blackholing and I either a) don’t have a Raspberry Pi in an environment or b) I have a virtual environment where I can add some robustness to the solution. At the time of this writing, I should mention that pi-hole is currently *not* supported on Ubuntu 18.04 LTS. Instead, the project officially supports 16.04 LTS. So why install it on 18.04? Ubuntu 16.04 LTS will only receive updates/support until April 2021 unless you purchase extended security maintenance (ESM). I install systems with the intention to not make significant changes to them for some time and the end of life for 16.04 is less than that window of time. 😉
Changelog 24July2018 – Originally posted 1Sept2018 – Added steps to fix 18.04.1 29Nov2018 – Verified as working 26Jan2019 – Verified as working on both 18.04 and 18.04.1 16Feb2019 – Verified on 18.04.2. Additional steps for 18.04.1 are not required. 5Apr2020 – Verified as working on 18.04.4. Added section on removing hosts-file.net
Why remove advertising? Advertising is great because it pays content creators for their work. After all, even this site utilizes Google Ads. So why would I create a write-up on blocking ads? Because advertisements are known to carry malicious payloads and it’s impossible to distinguish what’s good and what’s bad. As a result, blocking advertising has become an absolute necessity for those who are security conscious. On a personal note, I’ll happily sacrifice some advertising income for the sake of readers/everyone improving their security! As many have figured out, a side benefit of blocking ads is a better user experience and a substantial drop in bandwidth usage. I’ve written several walkthroughs on how to block ads using different devices such as pfBlockerNG on pfSense. If you own a pfSense, I would strongly suggest using the aforementioned guide to create an experience very similar to the pi-hole. Using pfBlockerNG on pfSense has quite a few additional features such as IP blocking and quite honestly, there is no need to add yet another system to manage.
Install Ubuntu Installing Ubuntu server is ridiculously easy. Simply download the latest Ubuntu Server LTS ISO and install it as you would any standard OS. Note: There is a slight difference in the install steps if you are installing 18.04.1 LTS instead of 18.04 (even if 18.04 is upgraded to 18.04.1). I explain where the 2 install paths diverge in the Ubuntu 18.04.1 LTS section below. You can safely use the defaults throughout the installation, although I would install security updates automatically when given the option. You may also need to install SSH if that is how you plan to access and manage your server remotely (other than the web interface). If you are installing this in a virtual/VMware environment for a fairly small number of devices, I would recommend a 1GB of memory, 1 CPU core, and at least 30GB of hard drive. FWIW, the initial install of Ubuntu and pi-hole (before any logs) is under 5GB of disk space so 30GB should give you some room to grow. You could potentially require more resources if you have a lot of devices or those devices make a ton of DNS requests. That is something you will need to keep an eye on after you get it up and running!
pi-hole Minimum Requirements CPU Memory Hard Drive 1 core 1 GB (or 2GB) 30 GB Update Ubuntu After your Ubuntu system finishes the install and reboots, login via an SSH terminal or from the console. You should be greeted with a welcome screen similar to the one below with the exception your package and security update counts may be different.
–
Welcome to Ubuntu 18.04 LTS
- Documentation: https://help.ubuntu.com
- Management: https://landscape.canonical.com
- Support: https://ubuntu.com/advantage
113 packages can be updated. 51 updates are security updates.
– Once you are logged in and sitting at a terminal prompt, run package updates manually using the command below. Note the command will do the repository update, upgrade the packages, and then reboot in one fell swoop. Grab your favorite beverage and let that process run its course.
$ sudo apt-get update && sudo apt-get upgrade -y && sudo reboot After the system updates and reboots, log back in via SSH or the console. As you will see on your own install, the packages and security updates should both be at zero (or really close).
–
Welcome to Ubuntu 18.04 LTS
- Documentation: https://help.ubuntu.com
- Management: https://landscape.canonical.com
- Support: https://ubuntu.com/advantage
0 packages can be updated. 0 updates are security updates.
– Ubuntu 18.04.1 LTS only There is a slight difference with the installed base packages between an Ubuntu 18.04 install upgraded to 18.04.1 and a straight 18.04.1 install. Interestingly enough, these additional steps are not necessary for 18.04.2 or later either. The package differences cause the 18.04.1 install to drop back down to a command line (as show below) during install of pi-hole.
Pi-Hole crash to command linePi-Hole crash to command line
The way to correct this issue is in the gray box below. Basically, you add ‘universe’ to the ‘bionic main’ repo line in the /etc/apt/sources.list using the sed command. You follow that with an apt-get update and then install the missing packages. Shout out to xkeyscore_ on Reddit for finding the missing dependencies.
Note: the instructions below are only for the 18.04.1 download. If you installed 18.04 and upgraded to 18.04.1, do NOT run the commands below or you will break your install!!! If you are running 18.04.2 or later, do NOT run these commands!
– /etc/apt/sources.list – deb http://archive.ubuntu.com/ubuntu bionic main → deb http://archive.ubuntu.com/ubuntu bionic main universe
$ sudo cp /etc/apt/sources.list /etc/apt/sources.list.orig $ sudo sed -i 's/bionic main/bionic main universe/g' /etc/apt/sources.list $ sudo apt-get update $ sudo apt-get –no-install-recommends install dialog dhcpcd5 If you’re unable to run the last command to install the packages, try the command below and then retry the one above. You do not need to run this command if your apt-get install ran correctly.
sudo dpkg –configure -a Install pi-hole Now it’s time to run the pi-hole install script so just copy/paste the command in the gray box below. Yes, it is a single-lined command. That said, this is extremely dangerous if you are unsure of the source. I would recommend taking a peek at the code before you run it. This is easily done considering the address simply re-directs to “basic-install.sh” script on a GitHub repo. If you can’t read code, that’s ok… At the very least, look at the repo and see if the script has changed recently. If it has, you might consider waiting a few days or at least snoop around some forums to make sure the changes were “expected.”
$ curl -sSL https://install.pi-hole.net ]] | [✓] Root user check For the most part, you can select the defaults or simply hit “Ok” on most of the screens, however, I want to highlight a few items/recommendations. First, the pi-hole project is donation-based. Be sure to visit their donation page and keep the project going! During the install, the pi-hole points out it is currently using a DHCP address instead of a static IP address. As stated in the picture below, using a static IP address is highly, highly recommended. Don’t forget that in most cases, you do not want your new static IP address in your current DHCP range. Instead, assign your pi-hole an IP address outside of your current DHCP pool. For instance, if your DHCP pool is 192.168.1.100-192.168.1.200 then you could safely assign your pi-hole 192.168.1.2 (assuming that IP address wasn’t already used). Static IP address vs. DHCP addressStatic IP address vs. DHCP address I was an early adopter of Quad9 and I’m still very bullish on them. I’ve written several articles about Quad9 and configuring it on numerous devices. Long story short, Quad9 provides another layer of protection and that’s a good thing! For that reason, I would suggest selecting ‘Quad9 (filtered + ECS)’ as the upstream DNS provider when asked during the pi-hole install. pihole-quad9-filtered-ecspihole-quad9-filtered-ecs If you are curious about the different Quad9 options available, here you go. ‘Quad9 (filtered, DNSSEC)’ means we want to block malicious domains and we are protecting against forged DNS records by using DNSSEC. This option is tied to the Quad9 namesake – 9.9.9.9. ‘Quad9 (unfiltered, no DNSSEC)’, which is actually 9.9.9.10, means that we will *not* block malicious domains and we will *not* use DNSSEC. Last, we have ‘Quad 9 (filtered + ECS)’. Filtered is familiar, but what is ECS Source: https://linuxincluded.com/install-pi-hole-on-ubuntu