Wouldn’t it be great to have your Pi-Hole hosted in the cloud and accessible everywhere? Perhaps you could use its ad blocking on your smartphone. Or at work. Or, when your laptop connects to a Wi-Fi network outside your home.
I tried, but it is tricky. A typical Raspberry Pi sits behind a home router. Exposing it to the public internet requires effort. What’s probably worse, PiHole is not designed to support modern, secure DNS protocols. Sending unencrypted DNS queries via the public internet infrastructure seems very uncomfortable in 2023. I ended up with an alternative solution, and here are my learnings.
What is the real use case for Pi-Hole
PiHole’s main objective is to block domains serving advertising. You can also configure it to block other kinds of domains. For example, tracking, malware or just pages that waste your attention/time.
I guess that many of us started using it for a different reason, though. We bought a Raspberry Pi because it’s cool. Only then we looked for different ways how we could utilize such a device. And Pi-Hole is one of the most popular applications, designed specifically for Raspberry Pi. But is a server sitting in a local network the best place to host a DNS server these days? I think it no longer is.
Reaching PiHole from a smartphone. What are the options?
PiHole seems designed with an assumption that it sits on your local network. It means that your mobile devices cannot use it when they connect to other networks. For example, if your smartphone uses your carrier’s cellular network, your Raspberry Pi is unreachable to you. In such a situation, you cannot use your customized DNS server, unless you build an even more elaborate setup, like VPN to your home network.
I got determined to set up a DNS server reachable both from my home and from my smartphone, workplace, or family home. At this point, I could think of three options:
- Keeping PiHole on a Raspberry Pi and exposing it to the internet (with a public IP or VPN).
- Hosting PiHole in the cloud, in some VM or container. I considered setting up a cheap Linux VM in Azure.
- Finding a cloud-native alternative service.
Keeping PiHole on a Raspberry Pi requires exposing it to a public internet or setting up a VPN to a home network. It seemed overly complicated. I would rather not spend time configuring VPNs on all my devices. I don’t like dealing with VPNs, and the friction was enough for me to give up this option.
Hosting PiHole in the cloud, seemed tempting. However, PiHole is designed to serve as a DNS server in a local network. It lacks a security level I would want to have in the cloud. Notably, at least currently, it does not serve data using a secure protocol like DNS-over-HTTPS, DNS-over-TLS or similar. And sending unencrypted DNS queries over the public internet is something I do not agree to. This problem could be worked around if we expose an additional HTTP server component to handle DoH requests. But with each piece, the setup becomes more and more complicated. Another issue is the cost of hosting. This would require a VM running most of the day. With current pricing of VMs in cloud, it would cost at least a few dollars a month.
Finding a cloud-native alternative service turned out to help me escape the pickle. I found NextDNS, and I’m delighted with this service. Please note, I’m using affiliate links here to link to them (thanks if you use them!). But it is my honest recommendation as a user. I published the first version of this blog post before I thought of any affiliate links.
Discovering NextDNS: an appealing alternative solution
NextDNS has a similar set of features as PiHole, but it’s a software-as-a-service natively hosted in the cloud. You can access your customized DNS server from a public internet. So unlike when you use PiHole, you can set up your Android, iPhone, and laptops to use your own DNS server. And it will work regardless of where are you connecting from.
NextDNS lets you block domains with advertisements, malware or other stuff you’d rather avoid. It’s super-easy to manage. You just choose to which blocklists you wish to subscribe. You can also create your personal blocklist and allowlist. The service allows you to use all modern secure protocols for querying DNS server.
So if you like the experience known from Pi-Hole, my recommendation is to give it a try. I think you’ll appreciate how good a piece of software this is. I have used it for a few months now. And, with all the respect to the Pi-Hole that served me for years, I am supper happy about the transition.