Pi-hole Setup Guide: Network-Wide Ad Blocking for Your Smart Home

Block ads on every device in your home — including smart TVs and IoT devices — with Pi-hole. Here's a complete setup guide from hardware to configuration.

Browser ad blockers are great, but they don't help with smart TVs, IoT devices, or mobile apps. Pi-hole blocks ads at the network level — before they even reach your devices.

Here's how to set up Pi-hole and reclaim your network from trackers and ads.

What is Pi-hole?

Pi-hole is a DNS sinkhole that blocks ads and trackers by intercepting DNS requests. When a device tries to reach an ad server, Pi-hole returns nothing instead of the ad.

Network-wide — Blocks ads on every device, including smart TVs
No client software — Works automatically for anything on your network
Free and open source — Community-maintained, no subscriptions
Statistics dashboard — See what's being blocked and by whom

What You Need

Raspberry Pi (any model works, Zero W is $15) or any Linux machine/VM/Docker
SD card (8GB+)
Power supply for the Pi
Ethernet recommended (WiFi works but less reliable for DNS)

Alternatively, run Pi-hole on a NAS (Synology, QNAP), in Docker, or on a VM.

Installation

Option 1: Raspberry Pi (Dedicated)

Flash Raspberry Pi OS Lite to SD card
Enable SSH (create empty file named 'ssh' in boot partition)
Boot Pi, connect via SSH: ssh pi@raspberrypi.local
Run the installer: curl -sSL https://install.pi-hole.net | bash
Follow the prompts (defaults are fine)
Note your admin password at the end

Option 2: Docker

If you already have Docker running:

docker run -d --name pihole \

-p 53:53/tcp -p 53:53/udp -p 80:80 \

-e TZ='America/Toronto' \

-e WEBPASSWORD='yourpassword' \

-v pihole_data:/etc/pihole \

-v dnsmasq_data:/etc/dnsmasq.d \

--restart=unless-stopped \

pihole/pihole

Network Configuration

For Pi-hole to work, devices need to use it as their DNS server. You have two options:

Option A: Change Router DNS (Recommended)

Log into your router's admin panel
Find DHCP settings
Set DNS server to your Pi-hole's IP address
Restart router or renew DHCP leases on devices

Now every device that gets an IP from your router will automatically use Pi-hole.

Option B: Per-Device

Manually set DNS on individual devices to the Pi-hole IP. Useful if you can't change router DNS.

Adding Block Lists

Pi-hole comes with a default block list, but you can add more:

Go to Group Management → Adlists
Add popular lists like:

https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
https://v.firebog.net/hosts/Easyprivacy.txt
https://v.firebog.net/hosts/AdguardDNS.txt

After adding lists, go to Tools → Update Gravity to download them.

The Dashboard

Access Pi-hole at http://pi.hole/admin or http://[Pi-IP]/admin

The dashboard shows:

Total queries — How many DNS requests today
Queries blocked — How many were ads/trackers
Percent blocked — Typically 15-30% for most networks
Top blocked domains — What's being blocked most
Top clients — Which devices query most (great for finding misbehaving IoT)

Whitelisting

Sometimes Pi-hole blocks something you need. To whitelist:

Go to Whitelist
Add the domain (e.g., cdn.example.com)
Save

Common domains to whitelist:

s.youtube.com — YouTube history
www.googleadservices.com — Google Shopping results
outlook.office365.com — Microsoft 365

Dealing with Hardcoded DNS

Some devices (Chromecast, Google Home, some smart TVs) ignore your network's DNS settings and use hardcoded DNS (usually 8.8.8.8).

Solution: Redirect DNS at Router

If your router supports it (UniFi, pfSense, OPNsense), create a firewall rule to redirect all port 53 traffic to Pi-hole:

Intercept any traffic to port 53 (DNS)
Redirect it to Pi-hole's IP

This forces even hardcoded DNS through Pi-hole.

Upstream DNS

Pi-hole forwards non-blocked queries to an upstream DNS provider. Good options:

Cloudflare (1.1.1.1) — Fast, privacy-focused
Quad9 (9.9.9.9) — Blocks malware at DNS level
NextDNS — Cloud Pi-hole alternative with extra features
Google (8.8.8.8) — Fast but Google logs queries

You can also enable DNS-over-HTTPS (DoH) for encrypted upstream queries.

Making Pi-hole Reliable

Redundancy

If Pi-hole goes down, your network loses DNS. Solutions:

Run two Pi-hole instances
Use your router as secondary DNS (failover)
Set up keepalived for automatic failover

Backups

Go to Settings → Teleporter to export your configuration. This includes your block lists, whitelist, and settings.

Results

After running Pi-hole for a month on my network:

~25% of queries blocked — That's a quarter of all traffic that was ads/trackers
Faster page loads — Less junk to download
Cleaner smart TV — No more ads in Samsung TV menus
Surprised by IoT devices — My robot vacuum was making 1000+ queries/day to analytics servers

Final Thoughts

Pi-hole is one of my favorite home network projects. It's easy to set up, provides immediate benefits, and gives you visibility into what your devices are doing.

The dashboard alone is worth it — seeing which devices are phoning home constantly is eye-opening. And once you've experienced ad-free smart TV menus, you'll never go back.

What is Pi-hole?

Pi-hole is a DNS sinkhole that blocks ads and trackers by intercepting DNS requests. When a device tries to reach an ad server, Pi-hole returns nothing instead of the ad.

Network-wide — Blocks ads on every device, including smart TVs
No client software — Works automatically for anything on your network
Free and open source — Community-maintained, no subscriptions
Statistics dashboard — See what's being blocked and by whom

What You Need

Raspberry Pi (any model works, Zero W is $15) or any Linux machine/VM/Docker
SD card (8GB+)
Power supply for the Pi
Ethernet recommended (WiFi works but less reliable for DNS)

Alternatively, run Pi-hole on a NAS (Synology, QNAP), in Docker, or on a VM.