Consumer Wi-Fi routers are great at providing a basic firewall, reliable Wi-Fi, and speedy Ethernet ports for your wired connections. However, they really don't offer you much control over your network.
Luckily, for about $15 and 30 minutes of your time, you can upgrade your network security using a Raspberry Pi and a Pi-hole.
Your network can protect your devices
How does a Pi-hole work?
Patrick Campanale / How-To Geek
A Pi-hole acts as a gatekeeper that controls traffic between your devices and the rest of the internet using DNS filtering.
Domain Name System (DNS) is the system that turns the familiar URLs you use to visit websites into the IP addresses computers actually use. Every time you type in a website's address on your phone or PC, your device sends a request to a DNS server, which then returns the required IP address.
Usually, those DNS requests go straight to the DNS server set by your ISP.
A Pi-hole works by intercepting those DNS requests and comparing them to a block list that you set. If the requested domain is on the block list, then you won't be able to connect at all. If it isn't on the list, then you'll connect normally.
Your Pi-hole doesn't actually read the data you send to a site.
Say goodbye to malware, phishing, and ads
When you choose the correct block lists, you can add a meaningful layer of protection to every device of your network. Sites that normally host malware simply never connect, and are consequently never given an opportunity to infect your device. Phishing sites, which can be very convincing , won't load, and you'll never have a chance to accidentally enter your details.
It also helps cut down on ad clutter, since there are block lists that are specifically curated to block domains known to serve ads.
There are a few trade-offs and limitations.
A Pi-hole isn't a completely maintenance-free solution. Some websites host their actual content and their ads on the same domain. If you block that domain, you're going to experience issues. Sometimes you'll find that a video won't play, or maybe an app feature won't work.
When that happens, you need to allow the domain to get things working again. Additionally, you occasionally need to update your blocklists or dig through the DNS request logs to figure out why a certain site isn't working correctly.
You don't need a powerful PC or Pi to upgrade your network
Even a Pi Zero 2W will work
DNS filtering has another major perk: it doesn't require much processing power. That means you don't really need expensive hardware.
I use a Raspberry Pi Zero 2 W as a Pi-hole, and I haven't had any significant performance problems on my network. It's inexpensive and barely consumes power. The only drawback—and its fairly minor—is the lack of an Ethernet port. My Pi Zero 2W sits directly next to my router and the lack of a port hasn't been a problem. However, if you run into issues, you could add a USB to Ethernet adapter or a HAT that has an Ethernet port.
If you have a network with hundreds of devices, the Pi Zero 2W might have an issue. In that case, a Pi 4 will provide more than enough power.
Above and beyond that, however, I wouldn't recommend spending more money on hardware unless you're going to use it for other self-hosted services too. The Pi-hole just isn't demanding enough to justify the $300 price tag of the top-shelf Raspberry Pi 5.
Setting up a Pi-hole
There are a few things you need to buy if you don't have them already. They are:
-
A Raspberry Pi Zero 2W
-
A microUSB cable to deliver power
-
A small microSD card
Once you have all of that in-hand, I'd recommend installing Raspberry Pi OS Lite on the microSD card using the Raspberry Pi Imager . Be sure to enable SSH or remote connection.
Once that is done, log in to your router, find your Raspberry Pi Zero 2W's IP address and reserve it —you don't want it to change.
SSH into your Raspberry Pi , run the following commands, and follow the guided installation instructions that appear on your screen:
Finally, change the DNS server address in your router's DHCP settings from the default to your Pi Zero 2W's local IP address.
A better network on a budget
Depending on which components you get, a Pi Zero 2W might cost between $15 and $30. For that price, you get another layer of security, adblocking, and a level of control over your network that is difficult to achieve with consumer routers alone. You can even add custom blocklists if there are specific domains you'd like to block on your network.
Just remember, it isn't a complete replacement for good security practices or antivirus software. New malicious domains that aren't included in the blocklists are popping up every minute, and a healthy dose of caution is the single best tool you have to protect yourself.
