What is your preferred Ad Blocking Strategy?

Privately, I use PI-Hole, installed on one of my public webservers. Simply because of its web interface. And on my Windows-Notebook I have a huge hostfile to block ads. Very handy, when on the road and having mobile connection. However, on local openwrt router I use my own DNS-resolver, based on commercial projects for various WISPs, to implement an openDNS-clone, to do parental control. This is a customized DNS-resolver (not dnsmasq), using blacklists in a mem-res DB, easy to modify individually.

1 Like

@moeller0 that's indeed totally counterproductive if the DNS requests would be transmitted in clear text again after 300.000 requests per month. Not sure how quickly you reach that limit. But the Pro Plan for 1.99 USD per month sounds pretty fair...

In the end of the day the question is really who do you trust? If you do not trust your ISP or local authorities, can you trust a private company and their DNS resolvers? I mean if you check which organizations and companies are operating the 13 Root Name Servers of the Internet, you could really develop some strong doubts:

Is it feasible to operate your own DNS resolvers on a spare machine in your local network, let's say on a Raspberry Pi 5? So instead of relying on CloudFlare, Google, NextDNS, etc., your local DNS server would be used for answering authoritive zone information for any domain that you visit with a host on your network.

Has anyone experience with that?

Pi-hole with Unbound and the Brave Browser.

Why I use Unbound.

1 Like

Pi-hole on a Pi zero w and unbound.

1 Like

I wish they would make a Pi zero version with an ethernet port. :slight_smile:

It actually pulls more power to add an ethernet dongle.

It works fine with a static IP address and a reserved address in OpenWrt.

1 Like

I think this explains it fairly well:


1 Like

I had not read the footnote too closely, but I assumed that it is only the additional filtering that is stopped... not the oH part, but the point is for both alternatives one should keep that in mind.

Yes, that is what I am doing (under turrrisOS all that mode requires is not checking the "Use forwarding" checkbox), turris uses nic.cz"s own in house developed knot resolver, but I am sure there are recipes out for doing the same with upstream OpenWrt likely with a choice of resolvers. The load is not all that high, so this duty can be run on a router (depending on the hardware). I like knot as it also offers DNSSEC, but I am sure the recipes for OpenWrt proper have this covered as well. But keep in mind your DNS requests still go out in the open, and can be intercepted/recorded.

1 Like

I ran pihole in a pi3 b - 100mbit port. I recently went with the pi4 for the 1gbit port and faster cpu. It makes a difference web browsing, plowing thru the many dns requests a heavily ad-burdened page typically has.

It's also overkill in terms of cpu but for the money it's a good pihole performance upgrade.

Everything that is and is not an ad makes the same DNS request. Dropping a DNS request will actually leave a blank space faster than allowing the lookup through.

The only time I see my CPU usage over 0.3 is on Sunday when it updates Gravity.
But I get it:
You have a Pi4 and you want it to accomplish something.

I have a Prime Video page open so it's working a little harder than most days.

1 Like

Correct, up to a point. Assuming the same large # of dns requests on a given page - ads or not - the 1gbit port makes a difference in the amount of time it takes to load that page.

I'm not counting milliamps of current used, and the dollar difference for the pi4 over the pi0w didn't matter to me. I bought the pi4 expressly as an upgrade to pihole on a 3b and got a more responsive browsing experience.

I'll toss it on a Pi Zero 2 and see I notice it to be any snappier.

Right now I'm making a guide to using a Pi 2 zero as a travel router (because I forgot how to do it right with relayd and travelmate: it was almost a year ago).

I, finally got all the stuff, new, to play with it and I need the 2nd Pi 02 for expanding the file system.

You should add Unbound. It is much snappier; after it fetches its first DNS request for a URL.
(which I have yet to ever do right).

Are there any advantages of using the Pi zero 2W over the Pi 3B+ for a Pi-hole setup?

I think the Pi 3 design is now quiet dated from 2017. Not sure if that could become a security issue in the near future...

However, I like the circumstance that the 3B+ has a proper ethernet port, but I guess you could also connect a USB ethernet adapter to the zero 2W. Not sure how stable that would run, but I am not a big fan of the idea of having to run my DNS resolver running over Wifi for the entire network.

Or is it bettter to directly go for the Pi 4?

I still have a spare Pi 5 with 8GB but I feel it would be total overkill for just a Pi-hole setup...

Best reason: the cost.

You do not need Ethernet: the radio will talk to the router just fine; albeit on 2.4GHz.

Well, it is not from the whole network on the radio: network asks router, router asks Pi. Distance , if that is what you are referring to, would be just as close as if you wired it in.

If you have money is no object: a pi4 after the Pi foundation basic kit with 2GB is ~$90.00-$100 depending what kit parts you need while a Pi zero w is ~$34.00-$40, based on kit and and a Pi zero2 kit is ~$49.00-$50.00 again based on the bits you want in your kit.

I, personally do not think you will see a performance difference, but I'm not going to try to figure out how to benchmark them. Dropping URLs is just like looking at a page of words, in alphabetical order looking for a match.

There is a URL with over 1,000 ads but I canot find it.

1 Like

I personally have a pihole with unbound setup and then I use brave browser on all of my devices so adblocking is built in

I would not really recommend to outsource the DNS server to a wirelessly connected system. DNS is one of the major contributors to the perceived 'internet snappiness', wireless (regardless of its quality and performance) always has some amount of additional latency and packet drops.


The Pi 3B+ ships with an ethernet port and seems to be a popular choice to run Pi-hole. Waveshare offers an ethernet hat for the Pi zero 2w. Cost-wise you end up with more or less the same depending on your region. Not sure what's the best hardware choice in 2024. I personally like to segregate tasks in my network and not throw too many tasks on one system. So the chosen hardware should be appropriate for the specific task...

It is not like you cannot unplug the ethernet, turn on the radio and see for yourself.

I cannot imagine you would notice a difference in the, maybe, 1ms difference.

I cannot tell if you are being serious or not:

You have always seen packet loss when pinging google.com on a wireless device?

You always see increased latency pinging your home router using a wireless device?

Please ping your router using a laptop using both wireless and wired and post the additional latency and packet loss at a distance of a few inches..

1 Like

I just noticed that the Pi zero 2W has a micro USB On-The-Go (OTG) port:


So I guess with a micro-USB male to USB-A female converter you could connect a normal ethernet USB Gigabit adapter, right?