Have to say I've never had a single issue with pihole unlike the OP. It's literally been "install and forget" - not a single outage in maybe 3 years of use. When I use the Internet elsewhere I see what a good job it does when I'm at home...
Have to say I've never had a single issue with pihole unlike the OP. It's literally been "install and forget" - not a single outage in maybe 3 years of use. When I use the Internet elsewhere I see what a good job it does when I'm at home...
I'm also a very happy NextDNS user. A couple other thoughts for anyone considering this:
• The free plan supports 300,000 queries/month (all features, unlimited devices, unlimited configurations) and is a great and simple way to test drive it.
• If you like the idea but want more knobs, many people are also happy with competitor Control D. I'd just caution that the two-year-old comparison¹ on their site is just wrong about several claims (including "lower latency") and is not without problems itself². I looked at them and chose NextDNS as a better "set and forget" option that also plays well with Tailscale³.
¹ https://controld.com/blog/control-d-vs-nextdns/ ² https://www.reddit.com/r/ControlD/comments/1irgehp/178ms_lat... ³ https://tailscale.com/kb/1218/nextdns
I’m also a happy Tailscale/NextDNS user, but for what it is worth Tailscale integrates with ControlD now too.
I switched from NextDNS to ControlD because of bugs and feature requests that have been sitting untouched for literally years.
I couldn’t even reach anyone to cancel my NextDNS subscription, so I did a chargeback - which went through because the card company was also unable to reach anyone there. It seems to be running in zombie mode.
I just learned about ControlD today and It seems their $2/mo per endpoint is pretty pricey. Do you just set it on your home router and that's it? I use my NextDNS with many different profiles and many unique devices. Are the ControlD features that much better?
Edit: I totally missed they have a Personal tab at the top that has different pricing. It is still more expensive for their full control plan.
https://www.stacksocial.com/sales/control-d-5-year-subscript...
ControlD over NextDNS - one is on zombie mode it seems, the other isnt...
NextDNS is very much alive, although progress is measured and calm¹ as compared to Control D. But it's also been rock-solid for me for years, where Control D seems to be less so².
¹ https://github.com/nextdns/nextdns/releases ² https://www.reddit.com/r/ControlD/comments/1irgehp/178ms_lat...
Only 10 devices is a crazy limitation. I probably have close to 100 devices going through my DNS.
What feature(s) are you missing? NextDNS is pretty mature, I haven't ran into anything I needed.
For me, I have an option from my user account in Nextdns to cancel the subscription. Didn't that work for you?
Nope, every time I’d tried to do that I got a 500 error.
Similar experience but I used a Privacy card and just closed it.
I came to a similar conclusion. I love tinkering and messing with stuff. Those in my household also enjoy (tolerate) my tinkering. What they don't enjoy is when that tinkering impacts them and is unreliable. The amount of time I spent on a monthly basis keeping PiHole working (through updates, list updates, and the random "PiHole just stopped resolving all requests" was laid bare when I paid $19… and didn't ever have to touch it again. The bonus is that I can access it on every device I own, anywhere in the world. I appreciate PiHole and I know there are use-cases for it; I just couldn't go back after trying NextDNS.
This is, almost verbatim, my exact same experience. Used pi-hole as an excuse to get a Raspberry Pi. Used it for a long time but got tired of troubleshooting. Discovered NextDNS (from this site), and have been a happy customer since. NextDNS has not been perfect (it looks like they abandoned their app(s)), but it has the added benefit of working outside of my home network.
Regarding the client apps, I find them to be mostly not neccessary now that you can identify clients to DNS-over-TLS and DNS-over-HTTPS endpoints. What do you miss?
Being able to disable it on the fly is the number one thing I miss the most. Additionally, it would be nice to interface through the app instead of the website, but that's definitely under nice-to-have; the website is functional on a mobile device.
It is understandable that one would be frustrated with a Raspberry Pi handling critical network services like DNS.
I've been running pi-hole in KVM guest virtual machines for more years than I can remember and never had any problems. I would expect a Raspberry Pi to eventually choke on the demand of providing 24/7 service to a network.
But not everyone has a hypervisor in their basement. Forking over $20/year is definitely better on the budget than buying a server.
But if you already have a server or some reliable hardware in your LAN, there's no good reason to leave anything important up to a Raspberry Pi.
You can set a Pi to have a read only filesystem on card/stick with an overlay with a RAM based filesystem. Ship logs elsewhere or have a second card/stick.
A Pi can run for a very long time if you are careful. I run my dad's phones with one with Raspbx. It has two USB sticks in it. Both are bootable and the live one copies itself to the other monthly. Its unlikely that both sticks will die at the same time - glacial speed RAID 1!
I've just been dumping ad blocking hosts files into /etc/hosts.d/ on my router since long before pi-hole was a thing.
I find pi-hole fascinating since it shows there is a sizeable market for open Linux routers in the home, but for some reason people seem fixated with running it on a raspberry pi. That’s fine, but it seems like the worst of all worlds? I wouldn’t say the Pi is particularly reliable, and it doesn’t have a switch chip inside it, or enough beef for heavier processing.
It’s all just standard *nix software that will work on anything from my SFP module running openwrt, to a reflashed MIPS Ubiquiti router, to my x86 FreeBSD box.
The Pi is familiar and comfortable for a lot of people who wouldn't otherwise use Linux or run any kind of server. It's genuinely not the best option in a lot of respects, but it's also the only thing a lot of people know and going to a dedicated server or generic Linux/BSD router seems intimidating, even if they appreciate the possible advantages.
Pi Hole was started specifically as a project targeting the Pi. It wasn't the first to do ad blocking DNS by a long shot, but it did marry a nice web UI to DNS and made it a lot more accessible. Nowadays I think there are much better options like AdGuard that do the same thing, but "running PiHole on a Pi" is a tangible thing to do with the RasPi you got as a gift and is an approachable project for a lot of Linux beginners with real benefits. You can find a million people on YouTube recommending exactly that, and walking you through how to do it step-by-step on a RasPi. Lot of people who are interested in tech but not so skilled probably don't have dedicated servers or know how to set one up, and I expect PiHole on a RasPi gets a lot of momentum from that as something cool and actually useful to do that isn't actually difficult/there are a million tutorials for.
Tl;dr is I agree with you, there are clearly technically superior options. But for a lot of the people you're referring to the alternative is not to run something better on a dedicated server/router, it's to do nothing at all and go back to using the router from your ISP.
I'm one of those users -- I set up a pihole as my DHCP server to get ad blocking on all devices on my network a few years ago and haven't really thought about it since. Raspberry Pi was familiar enough. Networking in general is mostly Greek to me, so it wasn't the easiest thing to do, but it's pretty much been set-and-forget since the initial setup (aside from updating pihole itself and the web interface every few months).
I've seen AdGuard recommended a lot recently but from what I can tell this doesn't do the same thing as a DHCP pihole.
Something I'd love to do some day is replace my consumer router with something open source and run an all-in-one solution (ad blocking for all devices on network, DoH, as well as just a generally competent home router for a small apartment). Do you have any recommendations for where to start if I were to go down this road?
Easiest first step is to see if your current router has support for OpenWRT. I find OpenWRT kinda hard to use, but a lot of people swear by it and it's very capable even.
More powerful options are projects like PfSense or Opnsense, but those require more expensive hardware and for most uses you probably also need a separate switch. I personally use PfSense and find it relatively easy to use while being extremely powerful, absolutely jam packed with features but an accessible WebUI and clear documentation.
Probably the best all round option are the semi open, prosumer-ish products from companies like Ubiquiti or gl.inet (the latter is even based on OpenWRT, but with a nicer UI... I have one of their routers as a travel router). Ubiquiti's Unifi routers are very easy to use and jam packed with features for a pretty great price, but their platform is not truly open source. Still, gl.inet or Unifi are what I would probably most recommend to someone like you looking to upgrade but feeling overwhelmed by lack of knowledge.
Beware it's fun to tinker and that's how I learnd pretty much everything I know about networking, but breaking the Internet will not endear your new toys to your family. It's good to have a spare in case you mess up so you can keep the bits flowing while you undo your mistake. Anything you choose is going to be an ongoing learning experience if you're starting from no knowledge, but there are lots of high quality tutorials on places like YouTube.
Thanks a bunch. I have actually used unifi routers in the past and didn't always have a great experience with them, but it's been a while and I feel like I might be ready to try again. Will also look into gl.inet, thanks!
Unifi has improved a lot in very recent times in terms of both features and ease of use. I wasn't that keen on their router/firewalls previously, but I quite like them now and the prices on some of their gateway hardware are unbeatable. The Unifi Express is $150 and includes a built in access point and runs their software stack so you don't need to host it elsewhere like you used to. Only real downside is it doesn't have a built-in switch, but a cheap dumb switch should be plenty for normal uses and you always have the option to buy a Unifi (or other brand) managed switch if you want to do more advanced stuff.
Some of Ubiquiti's old EdgeRouter line supports OpenWRT. I'm running it on a Ubiquiti EdgeRouter X. I doubt any of their newer Unifi stuff does though.
In classic HN fashion I forgot to mention that the nice web UI must play a key role here, and make up for all the other UX issues that come with using a pi rather than just “apt-get dnsmasq”
Similar here. I use Unbound DNS plus 1Hosts [1] and a few others here and there and I block all the DoH/DoT servers. I also blackhole route known malicious networks.
Works great for PCs, but my pi-hole doubles as a VPN and lets me block ads on my iPhone too.
My router supports DNS blocklists and VPN too.
> my pi-hole doubles as a VPN
So does any non-trash router.
How do you keep them updated?
curl in a cronjob
Wow! I could have written this. PiHole works great... until your personal server does something weird or hangs or crashes or power flickers.
NextDNS just works. Allowlists are pretty easy to implement too for those edge cases.
Is this a paid article (ad)?
No, I just wanted to put everything in the title so it didn't sound like clickbait. I laid out my experience with Pi-hole and why I chose a different service instead
Thanks Matt
Some of the language does sound like they're pitching a gizmo on TV, to separate retirees from their money. But still within the range of how genuine people sound enthusiastic when they've found a lifehack.
I disagree with the author that NextDNS is “essentially a finished product”.
For me NextDNS is not that usable and is not a finished product because:
a) I need the ability to turn it off temporarily once in a while (even if it’s on a family member’s device)
b) the NextDNS client apps on iOS/iPadOS are abandoned (not updated for years) and the toggle to turn off or on doesn’t reliably work
c) there is hardly any support in the community forums
With the abandoned and flakey client apps, visiting test.nextdns.com would show “unconfigured” or a NextDNS server information randomly. I never know whether it’s really on or not.
Using a VPN profile is recommended through it cannot be easily turned off and on. But even the VPN profile doesn’t work on my Apple TV.
The NextDNS DNS servers around the world seem to work, but the experience on devices is unreliable and poor. If the founders could employ someone to improve the apps and how it works, I’d use it. I had considered a paid subscription a few years ago but didn’t go through because of these experiences.
Does anyone out there have a working Apple Shortcut that can toggle on/off a denied domain like YouTube? That's one feature I had in Pihole that I can't seem to replicate.
Update.. as usual I was trying this all day and only after posting this does this work - Here's a bash script https://gist.github.com/willwade/251fa791da27267b5470c75a7b5... - a shortcut for this is way more complicated
No issues with NextDNS (I've deployed it for people who don't have the chops to wrangle a Pi-hole), but this reads very, very much like an ad.
That aside, I've had pretty much the same issues with NextDNS that I've had with Pi-hole -- issues that have nothing to do with the infrastructure per se. (The classic example is of an app that doesn't work because domain `X` is being blocked, thus kicking up the usual 15 - 30 minute-long log search and DNS cache-clearing to find and whitelist the domain.)
+1 for NextDNS. Have been using them for years for blocking ads but also helped me troubleshoot some issues, as I could live track DNS queries by device.
Note the free plan is great for several devices as long as they’re not Apple. For some reason, 2+ Apple devices blow through the 300,000 query limit really easily. When I used a Pixel 2 I think it averaged 60,000 and fit in the quota with my other devices, and when I switched to iPhone it pushed the total over 300,000. But they’re cheap and definitely worth it.
Related yesterday: https://news.ycombinator.com/item?id=43093328 Pi-hole v6
Always seems that people forget piholes run really well in a docker container basically anywhere.
The pi bit of it is less important than the hole bit of it.
and with things like Tailscale or ZeroTier you can run your pihole at home and use it from anywhere on mobile devices too
I run a couple at home and they've been rock solid in containers on mini-pcs for a long time.
I have an excellent experience with PiHole but why I like it is not for the ad block (this too of course)
It is the only product I know (short of running dnsmasq standalone) to run a DHCP linked with a DNS and what registers in the DHCP is also registered in the DNS.
Next DNS is IMO the best solution for phones. It's plug and play and I've never hit the free limit.
For home use I'm currently testing out AdGuard Home as it comes as pre installed with the Flint 2 router. I can't get it to work on my phone so I don't see myself switching away from NextDNS any time soon.
Have been using it for a long time, never have any issues and you can even use it via Tailscale which is nice: https://tailscale.com/kb/1218/nextdns
I use my pihole for tailscale too without issue - just have a tailscale node on my home network and point the tailscale DNS settings to the pi-hole's IP
Don't run the pihole on a rpi, a basic computer with a real disk controller will handle the job much better. I ran pihole on an rpi but it kept corrupting the filesystem on any power blip.
It isn't the pihole software's fault here.
A Swissbit card would have prevented this
The only issue I had was minor and had to do with updating and breaking my system. That was easily solved with one command after update so script. That issue was just fixed.
Let's not forget that if you run NextDNS, you can check the logs and be utterly surprised at what websites you dad views late at night after going to bed.
This post reads like an ad/marketing copy. Even shows the pricing right off the bat.
Same. Happy customer since 2020. It's basically set-it-and-forget-it.
I have also had 0 issues with pihole, but switched to technitium for the extra features. Only issues I have had were related to the SD card. Turned off query logging and 0 issues since. SD cards are an awful place to run an OS from.
Log to tmpfs or ramdisk
I had very similar sounding issues to the OP and thought it's probably something to do with a suboptimal SD card and/or overheating or memory. I also ended up using NextDNS and tbf really like it. Does a great job at a decent price and the admin is useful. I keep thinking I should just setup another pihole but NextDNS are at a very, very sweet price point that by the time I renew (tbf I think I fit within the free tier but wanted to support it), I just throw them another 20eur.
Same. The only outages I had were self-caused due to my (at the time) inexperience with Linux and the hardware of the RPi it was running on - namely the lack of RTC support and my unfamiliarity with fallback methods for Linux that didn't rely on HTTPS for NTP. My own fault, really, but an amazing learning experience.
Since then, it's trucked along without issue for years. Couldn't use the internet without it at this point.
Mine craps out every 2-3 months for no apparent reason. It doesn't crash, there's no errors in the logs, it just stops responding. I restart the service and it's fine. No idea why. I setup a cron to restart it weekly just to keep it from being a problem.
I have the same experience. But I'm running it on a NUC not a RasPi, which probably helps a lot.
Having said that, I have a Pi running HomeBridge to make a Pi camera and some non Apple Homekit capable IoT shit work with my phones/iPad, and I'm pretty sure the last few times it's rebooted were due to power outages, and I can't remember the last time I needed to even hit the HomeBridge web interface, never mind ssh into it. I'm a little surprised unscheduled power outages haven't borked the sd card, it's not even configured to do the ramfs overlay thing.
My last problem with pihole was that I had forgotten the root user password on the system I installed it on. Exactly because I had set it up and then literally forgotten it...
Do you think that's because of the hardware you're running it on? Do you actually use a Raspberry Pi or something more resilient?
It's running on my home server which is a low powered celeron J3120 (I think) on Ubuntu LTS , so possibly that may make a difference, although I've used pis in long term always on other applications and they've been fine but perhaps pihole may be too much for a pi.
Been running my PiHole on a ZeroPi[1] for many years without issues. Initially it was unstable, but turned out I had been scammed and the USB "charging cable" I had bought at the local electronics store had 1 Ohm resistance. Replaced it with a proper USB cable and it's been rock solid since. So solid I keep forgetting about it in fact.
[1]: https://www.friendlyelec.com/index.php?route=product/product...
For myself I’ve been running pihole on an RPi3 for 7 years and have never had one single issue with it at all. Maybe I’m just lucky I dunno. I’m always surprised when I hear people have issues with it.
I have been running pi-hole on a raspberry for years with no downtime, op is either pitching for the DNS provider or they have not deployed their pi-hole correctly.
My only financial relationship with NextDNS is the $40 I've spent on the service so far. Another comment mentioned turning off query logging since that amount of activity is hard on an SD card, so you may be onto something with deploying it incorrectly
I just run it in a Docker container on my NUC that i upgrade occasionally, no issues for years.
I had similar issues with PiHole on a RasPi. I had to restart every month or so, until I noticed power alerts. Turns out the power brick was underpowered. Is running like a charm after changing to an apporopriate power supply.
I have my cell phone routed to my pi hole for DNS even when I'm not at home using tailscale. It's a great experience