Creating A Network-Wide Ad-Blocker
Hey everyone! My name is Brandon, a Cybersecurity undergraduate sharing my experience setting up a Raspberry Pi Zero W as a personal DNS server. Before we start I’d like to mention our sponsor with this short 2-minute video! Jokes aside I decided to create my own write-up for creating what's known as a Pi-Hole. This write-up is aimed at beginners, although there may be some useful information for Cybersecurity/Networking students.
A Pi-Hole is a Raspberry Pi configured as a DNS server that can be used to block thousands of domains (websites) hosting advertisements! There are a few benefits of creating a Pi-Hole. We will see fewer advertisements while surfing the internet. Second, our internet speed will improve, reducing the amount of bandwidth from advertisers to sell you all those goodies! We’ll be able to block advertisements on smart-TV TVs where you can’t install well-known Ad-blockers and even our refrigerators(coming soon to a fridge by you)! We’re one step ahead of the game.
Before we start, let’s talk about how a Pi-Hole works. A Pi-Hole is a DNS server. What’s DNS you say? DNS stands for Domain Name System. Domains are websites, like the one you’re reading this on. Each website has an address, called an IP address. 162.159.153.4 is Medium’s IP address. When we type in medium.com, our computer sends a message to a DNS server. The DNS server checks its records and says “www.medium.com’s address is 162.159.153.4” and sends your request on its way to mediums servers! This is a very simple explanation of how DNS works. Similar to address books, they give us directions to find a websites (domains) address so we can access their content.
Your local ISP such as Verizon or Comcast hosts their own DNS servers, so does Google! Google’s DNS is 8.8.8.8 or 8.8.4.4 for IPv4 addresses. To find your DNS server on windows, type in ipconfig/all in command prompt and hit enter. Scrolling down you should see an IP such as 192.168.1.1 or 10.0.0.1 next to “DNS Servers”. This is also known as your default gateway or your home router. The common home router is actually an access point, a switch, and more! That’s a story for another time though. To find your DNS on Linux, print the DNS config file by typing “cat /etc/resolv.conf” in the terminal.
Now that we know some basics, let’s move on :)
A Raspberry Pi Zero W is one of the most basic Raspberry Pi’s you can buy. Costing just $10 at some retailers, and an entire kit with all you need for just about $60. For this project, we’ll be using a Pi Zero W, a 32 GB Samsung EVO plus U1 micro SD card, a USB to micro SD card writer, and a standard micro USB charging/data cable.
While I include both sides of the Pi Zero, you’ll only need one for this project! Also, a 32 GB micro SD is a bit overkill. You can save yourself some money and purchase an 8 GB one if you’d so like.
Let’s begin by downloading the Raspberry Pi imaging tool. This will make our installation easier as we aren’t using an HDMI cable. Also known as a headless installation, we’ll be altering the files of our micro SD to set up our Pi-Hole without a keyboard or monitor. https://www.raspberrypi.org/software/
Click “Choose OS” and select Raspberry PI OS (32-BIT)
Then plug in your USB to Micro SD card writer, carefully choose the correct storage device (USB 32 GB) from the drop-down list. Click “WRITE”, and then “YES”.
Wait for the installer to write your image onto the SD card. What this is doing is turning your SD card into a computer, an operating system(OS). You can also turn regular USBs into OSs such as Linux or even windows! Raspberry Pi OS is a Debian-based distribution, Linux!
When the installation finishes, click OK. Then remove your USB adapter and reinsert it into your computer. Under Files, click on the boot partition. Here it is (D:)
We’ll be creating two files to help us connect to WiFi, and access our Pi through SSH(Secure Shell! Port 22)
Before we create the files, we need to download Notepad ++. This will allow us to convert one of our files into a format readable by our Raspberry Pi.
Open Notepad ++, select “edit” in the menu bar. Hover over EOL conversion, and select UNIX (LF)
Copy the code below. There are 3 things we must change. After “country=” enter your 2 digit country code, such as US, EU, etc…(lowercase letters!). Then enter your SSID, the name of your WiFi network after “ssid=”. Make sure to be case-sensitive! Something as small as a lower case letter can mess us up here. Lastly, enter the password to your WiFi after “psk=”.
Awesome! Now shortly after we plug in our Pi Zero, it will automatically connect to our WiFi network. Alas, we have a problem. We need a way to connect to the Pi and send it commands! Don’t worry, the solution is easy. Create another blank text document named “ssh”. This will tell our Pi to allow connections on port 22, where we can securely login and send it commands! This can be done by right-clicking inside of the boot partition and creating a notepad(not Notepad ++) document named ssh. When creating this file, make sure to name it “ssh” without any extensions such as .txt and so forth.
When our Pi zero is powered on, it scours the boot partition for files related to our machines operation. The “ssh” file enables ssh on startup, which is usually disabled for security reasons. We’ll talk more about this below. Next, our wpa_supplicant.conf configuration file automatically scans for WiFi networks, and enters the password for our specified SSID.
There is another method to enable SSH and configure WiFi without having to create the above files.
In our Raspberry Pi imaging tool, hold “CTRL+SHIFT” and click “X”. This will bring up a hidden menu shown below.
Scrolling down we can configure our network settings and a few other options which we’ll leave untouched for now. Make sure to also set your “Wifi country” respectively.
Oh boy, the moment we’ve been waiting for! Let’s power up our Pi and check to see if everything is running smoothly. We can do this multiple ways, but we’ll stick to something simple. Going to command prompt, type in “ipconfig/ all”. Search for your default gateways IP address.
Entering this into your browsers URL bar should bring you to your routers portal. On the back of your router, there should be another password for administration purposes. Logging into our router, we can search for all devices connected to our network, and information related to them!
Let’s find our Raspberry Pi’s IP address. For Verizon routers, I click on WiFi, and then Network. This gives me a list of IP addresses, and device names. Scrolling down our list we see the following:
Below this is an “active” indicator. It works! Congratulations, you just set up a headless Raspberry Pi Zero! Now lets connect via SSH and set up our personal Ad-Blocker!
Going to command prompt, enter “ssh [pi@pi’sIP]”. You will be prompted with a warning, enter “yes”.
Before we get to blocking advertisements, we need to secure our Pi Zero. As suggested, enter “passwd”. You will be prompted to create a new password for the default user, “pi”. Make sure this password is secure!
To install the Pi-hole software, we need to have admin privileges. On Linux/UNIX systems, this is called root privileges. Enter “sudo su” to login as root. Then enter passwd and create a very secure password for root!
Next type in “curl -sSL https://install.pi-hole.net | bash”. The “curl” command connects to a webpage, and transfers data to/from a server. To find out more, type in “man curl” in any Linux/UNIX terminal. This will bring you to the manual page for the command. https://man7.org/linux/man-pages/man1/curl.1.html
You may see a recommendation to update your packages. After Pi-hole’s software is finished installing, we’ll do just that! Before we’re able to update our packages, we’ll be met with a TUI(terminal user interface). This blue screen will have several options. Using tab click OK, choose google as your DNS, and accept the recommended packages.
After your installation completes, you’ll be prompted with instructions to configure your devices and log in to your Pi-Hole interface. Write down your password, I didn’t include mine in the screencap. It’s right below the following.
Let’s head on over to our admin panel and check out the interface!
She’s a beauty 😍! Before you start to see data on the advertisements our new black hole has devoured, we have to configure our devices to use our Pi Zero as a DNS server.
Type in “Network” in the Windows search bar. Click “Network Status”., and then click “Properties”
Scroll down and click on “Edit” under IP settings. Here we will manually assign an IP address, a subnet prefix length(subnet mask), your default gateway, and a DNS server. Let's stick to the basics and only change our DNS server. Here is what mine looks like after choosing manual:
After setting static IPs, check to see if you can reach websites. If not, your default gateway, IP address, or subnet prefix may be wrong. Possibly your DNS. Remember, your DNS will be the IP address of your Pi! Depending on your network, your results may vary. You can always contact me for help! My email is cybersecstudies.github@gmail.com
Type in your Pi’s IP and /admin afterward the URL like so: 192.168.1.153/admin
You may also access the admin panel by going to http://pi.hole/admin/
Voila! Your very own network-wide Ad-Blocker! I really hope you guys enjoyed this post! In the future I may do an in-depth guide, changing settings and configuration. Also, using a newer Raspberry Pi with ethernet will lead to much better results!
Well my fellow Raspberry Pi connoisseurs, I bid you farewell and wish you a wonderful day! Until my next project, yours truly…
-Brandon/CyberSecStudies
DISCLAIMER: I DO NOT CLAIM OWNERSHIP TO ANY OF THE SOFTWARE OR HARDWARE USED IN THIS POST.
