Please consider donating to pi-hole if you've found them useful: https://pi-hole.net/donate/
I installed pi-hole about 1 month ago and have been reaping the rewards ever since. (https://showipintbri.blogspot.com/2017/12/pi-hole-day-1-first-5-minutes.html)
As Network Security Professional if you aren't watching DNS logs, YOU SHOULD!!! There is a wealth of information that can be gleaned from DNS logs. I'm writing the below post from the perspective of a home user not a security professional. If nothing else, Pi-Hole is a great start!
Pi-Hole works great. My entire house-hold's online experience has been more enjoyable.
- Sites with either pop-ups or banner ads are no more.
- My wife plays alot of app games on her phone and has seen a reduction in in-between turn targeted ads.
- My kids online experience is better as the ads delivered to them through their tablets have all been reduced.
Most people would assume Pi-Hole is for blocking ads delivered to you through your web browser while you're on your computer. This is true and it does a good job of that. It is well documented many places on the internet. I'm going to shed some light on how it effects things other than desktops/laptops.
This system isn't without its faults. I wanted to outline a few un-intended consequences:
Roku - Poster-Ad
I am a long-time cord-cutter, I have Roku's at every TV or a Roku TV. Roku normally reserves 1/3 of the screen to show you 1 giant vertical advertisement panel on the home screen to the right of your tiles. This panel is used by Roku to advertise their own products and services or used by companies that use Roku as their advertisement delivery platform.
Since having Pi-Hole on my network I haven't seen any advertisements on that panel.
Pi-Hole Enabled
Pi-Hole Disabled (5 minutes)
You maybe thinking to yourself "so, whats the big deal." The big deal is I have little kids who enjoy watching TV and who can operate the Roku by themselves. Sometimes the poster-ad on the right of the screen is a giant ad for some second-rate cartoon 'app' or site. My kids click it, because they are subjected to clever marketing, then it asks for a login, or its really just a stream with built-in target ads for kids toys, then I have to tell my kids "No" and now I'm the bad guy 😕. With Pi-Hole I have eliminated that as a source of deception for my wee-ones. 😁
This is a good thing for my family and a plus for Pi-Hole, I love it.
Roku - Screensaver
Like any modern device when not in use the Roku has a screensaver. Roku doesn't miss the opportunity to have this serve you ad as-well, as another advertisement delivery platform. The device, (depending on which model you have) has different screensaver offerings. This particular TV is using a Roku3, I prefer the "Big City Stroll", which is pretty cool. When Pi-Hole is Enabled (it's always enabled) Roku doesn't switch to the "Big City Stroll" it uses the Roku Logo Bounce. I suppose this is because it can't reach it's ad-delivery network. I haven't pulled a PCAP to check but I would assume it's doing a DNS lookup or a wget request using a domain name and when that fails it uses the Roku Logo Bounce. See below for my comparison:
Pi-Hole Enabled
Pi-Hole Disabled (5 minutes)
Amazon Fire Tablets
The most shocking thing of all is the complete battery drain of both my kids Amazon Fire Tablets, since enabling Pi-Hole in my house. When I did my blog post about 1 month ago I was surprised to see "Blocked" results immediately. As a day or two passed I checked the admin dashboard of Pi-hole and noticed my household was making about 8,000 DNS requests daily. I was monitoring this daily from then on. Within a day or two I noticed our "Blocked" DNS requests in the 50,000 range!!!!
50,000!!! WTF!!!!
Pi-Hole has a great dashboard to show which hosts are making the requests by volume:
(Below is only 1 tablet on, making the DNS requests... the other battery died, keep reading you'll find-out why)
50,000!!! WTF!!!!
Pi-Hole has a great dashboard to show which hosts are making the requests by volume:
(Below is only 1 tablet on, making the DNS requests... the other battery died, keep reading you'll find-out why)
Using the side-by-side of clients vs. blocked domains it was easy to correlate which host was making the most requests and to what. I do not have Pi-Hole as my DHCP server (you could, it is a feature), I'm still using my router as my DHCP so I popped over to my router to see what host name held that IP. It was the generic hostname of my son's tablet. I used my LogZilla install to search for his MAC address to see which IP's he was assigned historically from my DHCPd logs.
I loved the Amazon Fire Tablets for my kids because the batteries last all day. But now they don't last 6 hours. I couldn't figure out why.
I searched my top blocked domain and found other people with the same issues: https://discourse.pi-hole.net/t/device-metrics-us-amazon-com-requests-like-crazy/5731
What seems to be happening is:
The tablets are trying to reach-out to their device-metrics domain to likely tell Amazon about my kids tablet usage. Because the DNS request is blocked it never resolves and thus never makes it's connection back to it's server. It must do this on a loop: "if fail;repeat". With this domain blacklisted you can sit and watch the "Blocked" domains counter on Pi-Holes dashboard increase by a few requests every second, most of which are the "device-metrics" domain.
Even when the kids tablets screen's are off and it should be 'sleeping' it is still making DNS requests which are getting blocked a few times per second. This means the tablet never really goes to sleep and depletes it's battery.
A couple of ways around this:
- White-list the domain. The connection will succeed and all is well.
- Turn off Wi-Fi on the kids tablets. (This doesn't always go over so well 😁)
I also have a Amazon Fire TV Stick. When both my kids tablets are powered off, I do NOT see the same requests coming from that device. This tells me it's local to my kids tablets on my network. I know other people have posted similar experience about Amazon Echos and Echo Dots.
All in all I really love Pi-Hole, it has enhanced my families online experience. I recommend it and it was stupid simple to setup.
I'm going to be building a few on Raspberry-Pi's to send to my grandparents and other family members so they can stop being bombarded with ads/malware and phishing campaigns, which in turn should stop some of the family IT help-desk tickets they send me 😁
Other than the things above I haven't noticed any problems or side-effects with using Pi-Hole at home. If you have something to add please leave a comment below.
Please consider donating to Pi-Hole if you find this useful: https://pi-hole.net/donate/
Other than the things above I haven't noticed any problems or side-effects with using Pi-Hole at home. If you have something to add please leave a comment below.
Please consider donating to Pi-Hole if you find this useful: https://pi-hole.net/donate/
No comments:
Post a Comment