DownloadBlog
Search
K
Links

How to set up your network protection with Pi-hole

Learn how to use Pi-hole for remote network protection over Meshnet.

Introduction

These days, the internet is full of advertisements and malicious websites. Due to this, many people resort to using third-party tools, such as ad blockers or threat protection tools, in order to overcome the sheer amount of danger online. One such tool that enthusiasts tend to use more than others is Pi-hole.
Pi-hole allows you to transform your device to a local DNS server, which can be used as a network-wide ad blocker. While advertisement blocking is Pi-hole’s main purpose, you can use it for a variety of other options, such as local DNS mapping and website blacklisting.
On its own, Pi-hole only functions on the local area network (LAN). However, with the power of Meshnet, you can use Pi-hole on your devices remotely. Meshnet allows you to establish a secure and encrypted connection between your end device and the Pi-hole server.
While you can deploy a Pi-hole Docker container on Windows and macOS, this guide will walk you through the standard installation on Linux. It will also show how to configure your devices for remote use by setting the Pi-hole Meshnet IP address as your DNS address.

Before you begin

Ensure that the machine you will use for Pi-hole meets the following criteria:
  • Linux distribution using Systemd or SysVinit
  • 2 GB of free disk space or more
  • 512 MB RAM or more
  • Static LAN IP address
  • Meshnet is enabled on the Linux machine and all client devices that will be using Pi-hole
For more detailed information, refer to the Pi-hole Prerequisites documentation.
Note
Changing DNS addresses while using cellular data and keeping the Meshnet connection active is not possible. If you are using a mobile device with a cellular connection, you will need to use Pi-hole with a VPN connection.

Install Pi-hole

  1. 1.
    Open Terminal and run the following command to download and execute the Pi-hole installation script:
    curl -sSL https://install.pi-hole.net | bash
    For alternative installation methods, refer to the Pi-hole installation page.
  2. 2.
    Enter the sudo password of your Linux machine.
  3. 3.
    In the installation dialog, select OK until you reach the Static IP needed window. If your device already has a static LAN IP address configured, select Continue. Otherwise, complete the necessary IP adjustments in your network.
  4. 4.
    Choose the network interface that your device is using (for example, eth0, wlan0, enp0s3) and then choose Select.
    Available network interfaces listed in Pi-hole installation window.
  5. 5.
    Select your preferred upstream DNS provider and select OK.
  6. 6.
    Complete the installation process by choosing the blocklist, installing the Admin Web Interface with the required modules, and configuring the query logging settings.
  7. 7.
    In the Installation complete window, note down the address and password for the Pi-hole web interface and select OK.
    Pi-hole web UI address and password highlighted in the installation window.
Tip
Make sure to change the password of your Pi-hole web interface to a unique and secure one. You can do so by executing the following command in the terminal:
pihole -a -p

Allow Meshnet connections in Pi-hole settings

Default Pi-hole settings allow requests only from the same local subnet of the host device (for example, 192.168.1.0/24). Since Meshnet IP addresses use a different subnet, Pi-hole will ignore all queries to the server.
To allow remote Meshnet connections to your Pi-hole, complete the following steps:
  1. 1.
    Open your browser, enter the URL of the Pi-hole web interface that was provided in the Installation complete window, and log in.
    • If you are accessing the web interface from the host device directly, you can use this URL: http://localhost/admin
    • Otherwise, use the device’s local IP address instead of the localhost part.
  2. 2.
    Go to Settings and select the DNS tab.
  3. 3.
    In the Interface section, select the Permit all origins option.
    Permit all origins option selected in Pi-hole's interface settings.
  4. 4.
    Click Save.
Alternatively, you can run the following command in Terminal to enable listening on all network interfaces:
pihole -a -i all
Tip
If you want to change the upstream DNS addresses for your Pi-hole in the future, you can do so on the same DNS tab, under Upstream DNS servers.
Pi-hole is now installed and prepared for use via Meshnet.

Import blocklists to Pi-hole

With the additional features Pi-hole offers, you can further enhance your network security. One example is to import custom website blocklists to protect your devices from malicious and dangerous URLs or phishing domains.
For this guide, blocklists from the firebog.net website will be used.

Add URLs

To add blocklist URLs to Pi-hole:
  1. 1.
    Open your Pi-hole web interface.
  2. 2.
    Select Adlists.
  3. 3.
    In the Address field, enter your preferred blocklist URL. Click Add.
    Blocklist URL entered in Pi-hole settings.
You will see the newly added blocklist in the List of adlists section.
Blocklist successfully added to Pi-hole.

Update gravity script

To start using the newly imported blocklists, update Pi-hole’s gravity script.
  1. 1.
    Open Pi-hole’s web interface and expand Tools.
  2. 2.
    Click Update gravity.
    Update gravity option highlighted in the Tools section of the Pi-hole web UI.
  3. 3.
    In the new window, press Update and wait for the process to finish.
  4. 4.
    Once done, you will see a success message.
Alternatively, you can run the following command in Terminal:
pihole -g

Use your Pi-hole DNS over Meshnet

The Pi-hole configuration is now finished. However, to use Pi-hole and all of its features, you need to set up its Meshnet IP address as the DNS server on each of your client devices.

Without a VPN connection

Windows
Android
iOS
macOS
Linux
Android TV

Windows 11

  1. 1.
    Right-click Start
     and select Network connections.
  2. 2.
    Choose the network type your device is using (Wi-Fi or Ethernet).
  3. 3.
    Find the DNS server assignment option and click Edit.
  4. 4.
    Choose Manual from the dropdown menu and enable IPv4.
  5. 5.
    Fill in the DNS fields.
    • Preferred DNS server: the Meshnet IP of the Pi-hole device
    • Alternate DNS server: the DNS address of another provider
    Pi-hole and alternate DNS addresses entered in Windows settings.
  6. 6.
    Click Save.

Windows 10

  1. 1.
    Right-click Start
     and select Network connections.
  2. 2.
    Select Change adapter options.
  3. 3.
    Right-click your current network adapter (Wi-Fi or Ethernet) and choose Properties.
  4. 4.
    In the new window, select Internet Protocol Version 4 (TCP/IPv4) and click Properties.
  5. 5.
    Select Use the following DNS server addresses and fill in the fields underneath.
    • Preferred DNS server: the Meshnet IP of the Pi-hole device
    • Alternate DNS server: the DNS address of another provider
    Pi-hole and alternate DNS addresses entered.
  6. 6.
    Click OK twice to apply the changes.
  1. 1.
    Open the Settings menu.
  2. 2.
    Go to Connections and select Wi-Fi.
  3. 3.
    Find your current Wi-Fi network and tap the gear button.
  4. 4.
    Go to Advanced/View more.
  5. 5.
    Change the IP settings value to Static.
  6. 6.
    Fill in the required DNS addresses.
    • Under DNS 1, enter the Meshnet IP of the Pi-hole device.
    • Under DNS 2, enter the DNS address of another provider.
      Pi-hole and alternate DNS entered in Android settings.
  7. 7.
    Tap Save (if such a button is present).
  1. 1.
    Open Settings.
  2. 2.
    Tap Wi-Fi, find your current network and tap the Info
     button.
  3. 3.
    Tap Configure DNS and choose Manual.
  4. 4.
    Select Add server and enter the Meshnet IP of the Pi-hole device.
    Pi-hole Meshnet IP entered in iOS DNS settings.
  5. 5.
    Ensure that the added IP address is at the top.
  6. 6.
    Tap Save.

macOS Ventura 13 and newer

  1. 1.
    Go to System settings and click Network.
  2. 2.
    Select the network interface you use (Wi-Fi or Ethernet) and click Details.
  3. 3.
    Open the DNS tab and click the plus (+) button at the bottom to add the Meshnet IP address of the Pi-hole device.
  4. 4.
    Ensure that the added IP address is at the top.
    Pi-hole DNS entered in macOS DNS settings.
  5. 5.
    Click OK to save the changes.

macOS Monterey 12 and older

  1. 1.
    Go to System preferences and click Network.
  2. 2.
    Select the network interface you use (Wi-Fi or Ethernet) and click Advanced.
  3. 3.
    Open the DNS tab and add the Meshnet IP address of the Pi-hole device by clicking the plus (+) icon.
  4. 4.
    Ensure that the added IP address is at the top.
    Pi-hole DNS entered in macOS DNS settings.
  5. 5.
    Click OK and then click Apply.

Method 1: Using Network Manager

  1. 1.
    Open Settings, and then open either the Network or the Wi-Fi section (depending on your network type).
  2. 2.
    Click the gear button and go to the IPv4 tab.
  3. 3.
    Next to DNS, disable the Automatic toggle.
  4. 4.
    Enter the Meshnet IP of the Pi-hole device and the DNS of another provider separated by a comma in the specified field.
    Pi-hole Meshnet IP and alternate DNS address entered in Linux network settings.
  5. 5.
    Click Apply.
  6. 6.
    Open Terminal and run the following command to restart the Network Manager daemon:
    sudo systemctl restart NetworkManager
  7. 7.
    Enter your sudo password.

Method 2: Using Terminal

  1. 1.
    Open Terminal and run the following command:
    sudo nano /etc/systemd/resolved.conf
  2. 2.
    Locate the DNS and FallbackDNS lines.
  3. 3.
    Uncomment the lines by removing the hash (#) symbols.
  4. 4.
    Enter the DNS addresses following the equals (=) sign. DNS=<Meshnet IP of the Pi-hole device> FallbackDNS=<DNS of another provider>
    Pi-hole Meshnet IP and alternate DNS address entered in the resolved.conf file.
  5. 5.
    Press Ctrl + X, Y, and Enter to exit and save the changes.
  6. 6.
    Run the following command to ensure that the network changes are applied:
    sudo systemctl restart systemd-resolved
  7. 7.
    Enter your sudo password.
Note
Changes in the /etc/systemd/resolved.conf file have a higher priority than settings in the Network Manager. Due to this, ensure that there are no custom configurations in the previously mentionedresolved.conf file if you apply the DNS change directly via the Network Manager settings. Otherwise, the specified DNS addresses will not be used.
  1. 1.
    Open the Android TV Settings menu.
  2. 2.
    Select Network & internet.
  3. 3.
    Choose your network and change the IP settings value to Static.
  4. 4.
    Enter your device's local IP address, network gateway, and network prefix length.
  5. 5.
    Type in the DNS addresses:
    • In the DNS 1 field, enter the Meshnet IP address of your Pi-hole device.
      Meshnet IP address entered in the DNS 1 field.
    • In the DNS 2 field, enter the DNS address of another provider.

With a VPN connection

Meshnet allows you to use your custom, self-hosted DNS server alongside a VPN connection via the NordVPN app. Follow these steps to use your Pi-hole DNS when connected to a VPN server:
Windows
Android
iOS
macOS
Linux
Android TV
  1. 1.
    Open the NordVPN app.
  2. 2.
    Navigate to the Meshnet
     tab and copy the Meshnet IP address of your Pi-hole device.
    Clicking the Meshnet IP address of the Meshnet peer device to copy it to the clipboard.
  3. 3.
    In the lower-left corner, click Settings
    .
  4. 4.
    Select the Connection section.
  5. 5.
    Enable the Use custom DNS toggle and click the dropdown arrow.
  6. 6.
    In the first field, paste the copied Meshnet IP address.
    Entering the Meshnet IP address in the Use custom DNS section in the NordVPN app settings.
  7. 7.
    On the right, click the Save
     checkmark.
Now, when you establish a VPN connection to a NordVPN server, the DNS addresses that you specified will be used for the connection.
Note
On the Threat protection
 tab, make sure that the Threat protection lite toggle is disabled. Otherwise, the custom DNS change will be overwritten by the Threat Protection feature.
  1. 1.
    Open the NordVPN app.
  2. 2.
    Navigate to the Meshnet
     tab and copy the Meshnet IP address of your Pi-hole device.
  3. 3.
    In the lower-right corner, tap Profile, and then select Settings.
  4. 4.
    Under VPN and security, tap DNS.
  5. 5.
    Select Custom, paste the copied Meshnet IP address, and tap Add.
    Entering the Meshnet IP address as the custom DNS server in the NordVPN app.
Now, when you establish a VPN connection to a NordVPN server, the DNS addresses that you specified will be used for the connection.
Note
In the Settings menu, make sure that the Threat protection lite toggle is disabled. Otherwise, the custom DNS change will be overwritten by the Threat Protection feature.
  1. 1.
    Open the NordVPN app.
  2. 2.
    Navigate to the Meshnet
     tab and copy the Meshnet IP address of your Pi-hole device by tapping it.
    Tapping the Meshnet IP address of the peer device to copy it.
  3. 3.
    In the lower-right corner, tap Profile
    .
  4. 4.
    In the upper-right corner, select Settings
    .
  5. 5.
    Under VPN connection, tap Protocol.
  6. 6.
    In the Enter custom DNS address field, paste the copied Meshnet IP address.
    Entering the Meshnet IP address as the custom DNS server in the NordVPN app.
Now, when you establish a VPN connection to a NordVPN server, the DNS addresses that you specified will be used for the connection.
Note
In the Profile
 menu, make sure that the Threat protection lite toggle is disabled. Otherwise, the custom DNS change will be overwritten by the Threat Protection feature.
Note
The custom DNS feature is available only on the sideload version of the NordVPN app.
  1. 1.
    Open the NordVPN app.
  2. 2.
    Navigate to the Meshnet
     tab and copy the Meshnet IP address of your Pi-hole device.
    Clicking the Meshnet IP address of the peer device to copy it to the clipboard.
  3. 3.
    In the lower-left corner, click Settings
    .
  4. 4.
    On the left, select the DNS section.
  5. 5.
    Click Add new DNS.
  6. 6.
    In the new entry, paste the copied Meshnet IP address.
  7. 7.
    Turn on the Enable custom DNS servers toggle.
    Enabling the custom DNS toggle in the NordVPN app settings.
Now, when you establish a VPN connection to a NordVPN server, the DNS addresses that you specified will be used for the connection.
Note
On the Threat protection
 tab, make sure that the Use lite version toggle is disabled. Otherwise, the custom DNS change will be overwritten by the Threat Protection feature.
  1. 1.
    Open Terminal.
  2. 2.
    Run the following command, replacing <MeshnetIP> with your Pi-hole device's Meshnet IP address:
    nordvpn set dns <MeshnetIP>
    Example
    Running the 'nordvpn set dns' command with the Meshnet IP address of the DNS server.
Now, when you establish a VPN connection to a NordVPN server, the DNS addresses that you specified will be used for the connection.
Note
Make sure that Threat protection lite is disabled. Otherwise, the custom DNS change will be overwritten by NordVPN’s Threat Protection feature.
To disable Threat Protection lite, use the nordvpn set tplite off command.
  1. 1.
    Open the NordVPN app.
  2. 2.
    Scroll down to the Settings section and select the Settings card.
  3. 3.
    Choose DNS and select Custom.
  4. 4.
    Enter the Meshnet IP address of your Pi-hole device.
    Meshnet IP written in the 'Enter DNS server address' field.
Now, when you establish a VPN connection to a NordVPN server, the DNS address that you specified will be used for the connection.
Note
In the Settings menu, make sure that the Threat protection lite option is turned off. Otherwise, the custom DNS change will be overwritten by NordVPN’s Threat Protection feature.
Tip
If you're looking for alternate DNS addresses, here are some of the most popular free DNS providers:
  • Google — 8.8.8.8 and 8.8.4.4
  • Cloudflare — 1.1.1.1 and 1.0.0.1
  • AdGuard — 176.103.130.130 and 176.103.130.131
  • Quad9 — 9.9.9.9 and 149.112.112.112
  • OpenDNS — 208.67.222.222 and 208.67.220.220
You can also use the same upstream DNS addresses from the Pi-hole configuration.
After changing the DNS server to the Pi-hole’s Meshnet IP address, the setup is finished. Now you can safely use Pi-hole’s protection features while being away from your home network.
How-to guides - Previous
Network protection
Next
How to set up your own DNS server
Last modified 1d ago
© 2023 Nord Security. All Rights Reserved.