pihole-logo
Back to Projects

Project Overview

The Pi-hole DNS Sinkhole Service is a powerful, self-hosted ad-blocking and security solution running on an Ubuntu 22.04 server. Utilizing Pi-hole, an open-source DNS sinkhole, this project intercepts and blocks unwanted DNS queries—such as advertisements, trackers, and malicious domains—before they reach your devices.

Hosted locally with a reverse proxy via Caddy and secured with Cloudflare DNS, it provides seamless network-wide protection. The service enhances browsing speed, reduces bandwidth usage, and shields your network from online threats, all while offering detailed analytics on DNS traffic.

Key Features

Ad & Tracker Blocking

Blocks over 1 million known ad-serving and tracking domains with real-time updates.

Improved Performance

Reduces page load times by eliminating unwanted requests across all devices.

DNS Analytics

Provides detailed insights into DNS queries, blocked domains, and client activity.

Network-Wide Protection

Secures every device on your network without requiring individual client software.

Technology Stack

Ubuntu Server

Pi-hole

Caddy Reverse Proxy

Cloudflare DNS

TLS/SSL Encryption

Infrastructure & Setup

Deployed on an Ubuntu 22.04 LTS server, Pi-hole runs as a lightweight service, consuming minimal resources. The setup uses Caddy as a reverse proxy to handle external access securely, with automatic TLS/SSL certificates from Let's Encrypt. DNS resolution is optimized with Cloudflare’s 1.1.1.1 as the upstream resolver for unblocked queries.

The system is configured with a static IP and integrated into the local network as the primary DNS server. Regular updates to Pi-hole’s blocklists ensure protection against emerging threats, while logs are archived for troubleshooting and analysis.

Security

Pi-hole enhances security by blacklisting malicious domains known for phishing, malware, and ransomware. Caddy ensures encrypted connections with TLS/SSL, while Cloudflare DNS adds DDoS protection and traffic obfuscation. Access to the Pi-hole admin interface is restricted with strong passwords and SSH key authentication on the Ubuntu server.

Regular system audits and updates keep the service secure, with fail2ban implemented to block brute-force attempts. This multi-layered approach ensures a robust defense against online threats.

Impact & Stats

0

Domains Blocked

0

Queries Processed/Day

0

Uptime (% x10)

0

Devices Protected