I’ve spoken a number of times about pi-hole, the open-source ad-blocking software that I run on a Raspberry Pi machine at home. The Pi computer is so small it’s physically attached to my router with a piece of twine; the whole setup is tucked away out of sight.
Since all DNS queries from my router go to the Pi, all devices that connect to the house wifi are protected from ads and trackers by pi-hole – phones, tablets, laptops, my other Pi machine.
The big limitation is that this protection only applies as long as I am home and connected to wifi. If my ISP’s facing problems and I switch to 4G, or I’m simply out of the house and connected to another wifi, I’m out of luck. I have a backup [1], but it’s not as good as the Pi. I can’t have the Pi accessible from outside of the home network, even behind a firewall, because my ISP is a PPPOE connection behind a NAT. Setting up dynamic DNS for this has been impossible for me.
Now. I had come across this guide on setting up a pi-hole on Google Cloud such that the usage would fall under the Google Cloud free tier, making it essentially free. I loved the idea. My concern was that the pi-hole instance would be open to the Internet. I’d have to set up my own firewall and VPN, and it always slipped down my todo list.
Recently I learnt that the author had updated the guide, in responses to concerns just like mine, with a script that installed the Wireguard VPN and pi-hole together. It also included instructions (rather simple) on how to set up firewall rules in the Google cloud virtual machine instance. It took me well under an hour to read through and set things up end to end: my Google Cloud account, setting up and configuring my VM, installing pi-hole and Wireguard on it, setting those up, and setting up my iPhone and iPad as Wireguard clients.
I now have a globally accessible but secure personal Pi-hole whose web interface I can access via a private address as long as I’m connected to the VPN. And because I’m on the VPN, my devices’ DNS queries are encrypted – all of these independent of the network I am on. It has nothing to do with my home wifi, or the pi-hole on my Raspberry Pi anymore.
This still hasn’t sunk in as I write this a couple of hours after I set it up. I’m looking at this new pi-hole’s web admin, and the VM’s terminal over SSH, and it’s weird that now, years after I began using the original pi-hole installation on my local network, I’ve just upgraded it to work anywhere in the world.
[1] I use the DNS sink Adblock on my iPhone and iPad, which are the two main devices I use.