# How to set up your network protection with Pi-hole
## Introduction
These days, the internet is full of advertisements and malicious websites. Due to this, many people resort to using third-party tools, such as [ad blockers](https://nordvpn.com/blog/what-is-ad-blocking/) or [threat protection tools](https://nordvpn.com/features/threat-protection/), to overcome the sheer amount of danger online. One such tool that enthusiasts tend to use more than others is Pi-hole.
[Pi-hole](https://docs.pi-hole.net/) allows you to transform your device to a local [DNS server](https://nordvpn.com/blog/what-is-dns-server/), which can be used as a network-wide ad blocker. While advertisement blocking is Pi-hole’s main purpose, you can use it for a variety of other options, such as local DNS mapping and website blacklisting.
On its own, Pi-hole only functions on the [local area network](https://nordvpn.com/blog/what-is-lan/) (LAN). However, with the power of [Meshnet](https://nordvpn.com/meshnet/), you can use Pi-hole on your devices remotely. Meshnet allows you to establish a secure and encrypted connection between your end device and the Pi-hole server.
While you can deploy a [Pi-hole Docker container](https://github.com/pi-hole/docker-pi-hole) on Windows and macOS, this guide will walk you through the standard installation on Linux. It will also show how to configure your devices for remote use by setting the Pi-hole Meshnet IP address as your DNS address.
See the following overview video for additional information and instructions for the Pi-hole setup.
{% embed url="" %}
Alternatively, proceed with the detailed text-based instructions provided on this page.
## Before you begin
Ensure that the machine you will use for Pi-hole meets the following criteria:
* Linux distribution using Systemd or SysVinit
* 2 GB of free disk space or more
* 512 MB RAM or more
* Static LAN IP address
* [Meshnet is enabled on the Linux](https://meshnet.nordvpn.com/getting-started/how-to-start-using-meshnet/using-meshnet-on-linux) machine and all client devices that will be using Pi-hole
For more detailed information, refer to the [Pi-hole Prerequisites](https://docs.pi-hole.net/main/prerequisites/) documentation.
{% hint style="info" %}
**Note**
Changing DNS addresses while using cellular data and keeping the Meshnet connection active is not possible. If you are using a mobile device with a cellular connection, you will need to use Pi-hole [with a VPN connection](#with-a-vpn-connection).
{% endhint %}
## Install Pi-hole
1. Open **Terminal** and run the following command to download and execute the Pi-hole installation script:
curl -sSL https://install.pi-hole.net | bash
\
For alternative installation methods, refer to the [Pi-hole installation](https://docs.pi-hole.net/main/basic-install/) page.
2. Enter the sudo password of your Linux machine.
3. In the installation dialog, select **OK** until you reach the **Static IP needed** window. If your device already has a static LAN IP address configured, select **Continue**. Otherwise, complete the necessary IP adjustments in your network.
4. Choose the network interface that your device is using (for example, `eth0`, `wlan0`, `enp0s3`) and then choose **Select**.
5. Select your preferred upstream DNS provider and select **OK**.
6. Complete the installation process by choosing the blocklist, installing the Admin Web Interface with the required modules, and configuring the query logging settings.
7. In the **Installation complete** window, note down the address and password for the Pi-hole web interface and select **OK**.
{% hint style="success" %}
**Tip**
Make sure to change the password of your Pi-hole web interface to a unique and secure one. You can do so by executing the following command in the terminal:
{% code overflow="wrap" %}
```bash
sudo pihole setpassword
```
{% endcode %}
{% endhint %}
## Allow Meshnet connections in Pi-hole settings
Default Pi-hole settings allow requests only from the same local subnet of the host device (for example, `192.168.1.0/24`). Since Meshnet IP addresses use a different subnet, Pi-hole will ignore all queries to the server.
To allow remote Meshnet connections to your Pi-hole, complete the following steps:
1. Open your browser, enter the URL of the Pi-hole web interface that was provided in the **Installation complete** window, and log in.
* If you are accessing the web interface from the host device directly, you can use this URL:\
`http://localhost/admin`
* Otherwise, use the device’s local IP address instead of the `localhost` part.
2. From the left side menu, under **System**, go to **Settings** > **DNS**.
3. In the upper-right corner, click the **Basic** toggle to switch to the Expert view.
4. Under **Interface**, select the **Permit all origins** option.
5. Click **Save and apply**.
Pi-hole is now installed and prepared for use via Meshnet.
{% hint style="success" %}
**Tip**
If you want to change the upstream DNS addresses for your Pi-hole in the future, you can do so on the same **DNS** tab, under **Upstream DNS servers**.
{% endhint %}
## Import blocklists to Pi-hole
With the additional features Pi-hole offers, you can further enhance your network security. One example is to import custom website blocklists to protect your devices from malicious and dangerous URLs or phishing domains. For this guide, blocklists from the [firebog.net](https://firebog.net/) website will be used.
### Add URLs
To add blocklist URLs to Pi-hole:
1. Open your Pi-hole web interface.
2. From the menu on the left, under **Group management**, select **Lists**.
3. In the **Address** field, enter your preferred blocklist URL. Click **Add**.
You will see the newly added blocklist under **Subscribed lists**.
### Update gravity script
To start using the newly imported blocklists, update Pi-hole’s [gravity script](https://docs.pi-hole.net/core/pihole-command/#gravity).
1. Open Pi-hole’s web interface.
2. From the left side menu, under **System**, go to **Tools** > **Update gravity**.
3. Press **Update** and wait for the process to finish.
4. Once done, you will see a success message.
Alternatively, you can run the following command in **Terminal**:
{% code overflow="wrap" %}
```bash
sudo pihole updateGravity
```
{% endcode %}
## Use your Pi-hole DNS over Meshnet
The Pi-hole configuration is now finished. However, to use Pi-hole and all of its features, you need to set up its Meshnet IP address as the DNS server on each of your client devices.
### Without a VPN connection
{% tabs %}
{% tab title="Windows" %}
### Windows 11
1. Right-click **Start** and select **Network connections**.
2. Choose the network type your device is using (Wi-Fi or Ethernet).
3. Find the **DNS server assignment** option and click **Edit**.
4. Choose **Manual** from the dropdown menu and enable **IPv4**.
5. Fill in the DNS fields.
* **Preferred DNS server**: the Meshnet IP of the Pi-hole device
* **Alternate DNS server**: the DNS address of another provider
6. Click **Save**.
### Windows 10
1. Right-click **Start** and select **Network connections**.
2. Select **Change adapter options**.
3. Right-click your current network adapter (Wi-Fi or Ethernet) and choose **Properties**.
4. In the new window, select **Internet Protocol Version 4 (TCP/IPv4)** and click **Properties**.
5. Select **Use the following DNS server addresses** and fill in the fields underneath.
* **Preferred DNS server**: the Meshnet IP of the Pi-hole device
* **Alternate DNS server**: the DNS address of another provider
6. Click **OK** twice to apply the changes.
{% endtab %}
{% tab title="Android" %}
{% hint style="info" %}
**Note**
These instructions detail how to change your DNS addresses on Android 16. If you are using a different version of Android, consult your device's specific documentation for guidance, as the procedure may differ.
{% endhint %}
1. Open the **Settings** menu.
2. Go to **Network & internet** > **Internet**, find your current Wi-Fi network, and tap the gear button.
3. In the upper-right corner, select **Modify**.
4. Expand the **Advanced settings** dropdown, and change the **IP settings** value to **Static**.
5. Enter your device's local IP address, network gateway, and network prefix length.
6. Fill in the required DNS addresses.
* Under **DNS 1**, enter the Meshnet IP of the Pi-hole device.
* Under **DNS 2**, enter the DNS address of another provider.
7. Tap **Save**.
{% endtab %}
{% tab title="iOS" %}
1. Open **Settings**.
2. Tap **Wi-Fi**, find your current network, and tap the Info button.
3. Under **DNS**, tap **Configure DNS**, and choose **Manual**.
4. Select **Add server** and enter the Meshnet IP of the Pi-hole device.
5. Ensure that the added IP address is at the top.
6. Tap **Save**.
{% endtab %}
{% tab title="macOS" %}
### macOS Ventura 13 and newer
1. Go to **System settings** and click **Network**.
2. Select the network interface you use (Wi-Fi or Ethernet) and click **Details**.
3. Open the **DNS** tab and click the plus (+) button at the bottom to add the Meshnet IP address of the Pi-hole device.
4. Ensure that the added IP address is at the top.
5. Click **OK** to save the changes.
### macOS Monterey 12 and older
1. Go to **System preferences** and click **Network**.
2. Select the network interface you use (Wi-Fi or Ethernet) and click **Advanced.**
3. Open the **DNS** tab and add the Meshnet IP address of the Pi-hole device by clicking the plus (+) icon.
4. Ensure that the added IP address is at the top.
5. Click **OK** and then click **Apply**.
{% endtab %}
{% tab title="Linux" %}
### Method 1: Using Network Manager
1. Open **Settings**, and then open either the **Network** or the **Wi-Fi** section (depending on your network type).
2. Click the gear button and go to the **IPv4** tab.
3. Next to **DNS**, turn off the **Automatic** toggle.
4. Enter the Meshnet IP of the Pi-hole device and the DNS of another provider, separated by a comma, in the specified field.
5. Click **Apply**.
6. Open **Terminal** and run the following command to restart the Network Manager daemon:
sudo systemctl restart NetworkManager
7. Enter your sudo password.
### Method 2: Using Terminal
1. Open **Terminal** and run the following command:
sudo nano /etc/systemd/resolved.conf
2. Locate the `DNS` and `FallbackDNS` lines.
3. Uncomment the lines by removing the hash (#) symbols.
4. Enter the DNS addresses following the equals (=) sign.\
\
`DNS=`\
`FallbackDNS=`
5. Press **Ctrl** + **X**, **Y**, and **Enter** to exit and save the changes.
6. Run the following command to ensure that the network changes are applied:
sudo systemctl restart systemd-resolved
7. Enter your sudo password.
{% hint style="info" %}
**Note**
Changes in the `/etc/systemd/resolved.conf` file have a higher priority than settings in the Network Manager. Due to this, ensure that there are no custom configurations in the previously mentioned`resolved.conf` file if you apply the DNS change directly via the Network Manager settings. Otherwise, the specified DNS addresses will not be used.
{% endhint %}
{% endtab %}
{% tab title="Android TV" %}
1. Open the Android TV **Settings** menu.
2. Select **Network & internet**.
3. Choose your network and change the **IP settings** value to **Static**.
4. Enter your device's local IP address, network gateway, and network prefix length.
5. Type in the DNS addresses:
* In the **DNS 1** field, enter the Meshnet IP address of your Pi-hole device.
* In the **DNS 2** field, enter the DNS address of another provider.
{% endtab %}
{% endtabs %}
### With a VPN connection
Meshnet allows you to use your custom, self-hosted DNS server alongside a VPN connection via the NordVPN app. Follow these steps to use your Pi-hole DNS when connected to a VPN server:
{% tabs %}
{% tab title="Windows" %}
1. Open the **NordVPN** app.
2. Navigate to the **Devices in Meshnet** tab and copy the Meshnet IP address of your Pi-hole device.
3. In the lower-left corner, click **Settings** .
4. Select the **Connection and security** section.
5. Turn on the **Use custom DNS** toggle and click the dropdown arrow.
6. In the first field, paste the copied Meshnet IP address.
7. Click the Save checkmark.
Now, when you establish a VPN connection to a NordVPN server, the DNS addresses that you specified will be used for the connection.
{% hint style="info" %}
**Note**
In **Threat protection pro** > **Advanced browsing protection**, ensure that the **DNS filtering** toggle is turned off. Otherwise, the [Threat Protection feature](https://nordvpn.com/features/threat-protection/) will overwrite the custom DNS change.
{% endhint %}
{% endtab %}
{% tab title="Android" %}
1. Open the **NordVPN** app.
2. Navigate to **Products** > **Meshnet** > **Manage devices** and copy the Meshnet IP address of your Pi-hole device.
3. Go to the **Profile** menu, and then go to **Settings** > **DNS**.
4. Select **Use custom DNS**, paste the copied Meshnet IP address, and tap **Add**.
Now, when you establish a VPN connection to a NordVPN server, the DNS addresses that you specified will be used for the connection.
{% hint style="info" %}
**Note**
On the **Threat protection** tab, ensure that the **Use threat protection** option is turned off. Otherwise, the [Threat Protection feature](https://nordvpn.com/features/threat-protection/) will overwrite the custom DNS change.
{% endhint %}
{% endtab %}
{% tab title="iOS" %}
1. Open the **NordVPN** app.
2. Navigate to **Products** > **Meshnet** > **Manage devices** and copy the Meshnet IP address of your Pi-hole device by tapping it.
3. Go to the **Profile** menu and select **Settings** .
4. Under **VPN connection**, tap **Location and protocol**.
5. In the **Enter custom DNS address** field, paste the copied Meshnet IP address.
Now, when you establish a VPN connection to a NordVPN server, the DNS addresses that you specified will be used for the connection.
{% hint style="info" %}
**Note**
On the **Threat protection** tab, ensure that threat protection is turned off. Otherwise, the [Threat Protection feature](https://nordvpn.com/features/threat-protection/) will overwrite the custom DNS change.
{% endhint %}
{% endtab %}
{% tab title="macOS" %}
{% hint style="info" %}
**Note**
The custom DNS feature is available only on the [direct download](https://nordvpn.com/download/mac/) version of the NordVPN app.
{% endhint %}
1. Open the **NordVPN** app.
2. Navigate to the **Meshnet** tab and copy the Meshnet IP address of your Pi-hole device.
3. In the upper-right corner, click **Profile** > **Settings** and go to **Custom DNS**.
4. Click **Add new DNS**.
5. In the new entry, paste the copied Meshnet IP address.
6. Turn on the **Use custom DNS servers** toggle.
Now, when you establish a VPN connection to a NordVPN server, the DNS addresses that you specified will be used for the connection.
{% hint style="info" %}
**Note**
In **Threat protection pro** > **Overview**, ensure that the **DNS filtering** toggle is turned off. Otherwise, the [Threat Protection feature](https://nordvpn.com/features/threat-protection/) will overwrite the custom DNS change.
{% endhint %}
{% endtab %}
{% tab title="Linux" %}
1. Open **Terminal**.
2. Run the following command, replacing `` with your Pi-hole device's Meshnet IP address:
nordvpn set dns <MeshnetIP>
**Example**
Now, when you establish a VPN connection to a NordVPN server, the DNS addresses that you specified will be used for the connection.
{% hint style="info" %}
**Note**
Make sure that **Threat protection lite** is turned off. Otherwise, the [Threat Protection feature](https://nordvpn.com/features/threat-protection/) will overwrite the custom DNS change.
To disable **Threat Protection lite**, use the `nordvpn set tplite off` command.
{% endhint %}
{% endtab %}
{% tab title="Android TV" %}
1. Open the **NordVPN** app.
2. Navigate to **Settings** > **DNS server**.
3. Choose **Custom** and select **Add server**.
4. Enter the Meshnet IP address of your Pi-hole device and choose **Add custom DNS**.
Now, when you establish a VPN connection to a NordVPN server, the DNS address that you specified will be used for the connection.
{% hint style="info" %}
**Note**
In **Settings** > **Threat protection**, ensure that the **Threat Protection** toggle is turned off. Otherwise, the [Threat Protection feature](https://nordvpn.com/features/threat-protection/) will overwrite the custom DNS change.
{% endhint %}
{% endtab %}
{% endtabs %}
{% hint style="success" %}
**Tip**
If you're looking for alternate DNS addresses, here are some of the most popular free DNS providers:
* Google — `8.8.8.8` and `8.8.4.4`
* Cloudflare — `1.1.1.1` and `1.0.0.1`
* AdGuard — `94.140.14.14` and `94.140.15.15`
* Quad9 — `9.9.9.9` and `149.112.112.112`
* OpenDNS — `208.67.222.222` and `208.67.220.220`
You can also use the same upstream DNS addresses from the Pi-hole configuration.
{% endhint %}
After changing the DNS server to the Pi-hole’s Meshnet IP address, the setup is finished. Now you can safely use Pi-hole’s protection features while being away from your home network.
and select **Network connections**.
2. Choose the network type your device is using (Wi-Fi or Ethernet).
3. Find the **DNS server assignment** option and click **Edit**.
4. Choose **Manual** from the dropdown menu and enable **IPv4**.
5. Fill in the DNS fields.
* **Preferred DNS server**: the Meshnet IP of the Pi-hole device
* **Alternate DNS server**: the DNS address of another provider
and select **Network connections**.
2. Select **Change adapter options**.
3. Right-click your current network adapter (Wi-Fi or Ethernet) and choose **Properties**.
4. In the new window, select **Internet Protocol Version 4 (TCP/IPv4)** and click **Properties**.
5. Select **Use the following DNS server addresses** and fill in the fields underneath.
* **Preferred DNS server**: the Meshnet IP of the Pi-hole device
* **Alternate DNS server**: the DNS address of another provider
button.
3. Under **DNS**, tap **Configure DNS**, and choose **Manual**.
4. Select **Add server** and enter the Meshnet IP of the Pi-hole device.
tab and copy the Meshnet IP address of your Pi-hole device.
3. In the lower-left corner, click **Settings** 
.
4. Select the **Connection and security** section.
5. Turn on the **Use custom DNS** toggle and click the dropdown arrow.
6. In the first field, paste the copied Meshnet IP address.
> **Advanced browsing protection**, ensure that the **DNS filtering** toggle is turned off. Otherwise, the [Threat Protection feature](https://nordvpn.com/features/threat-protection/) will overwrite the custom DNS change.
{% endhint %}
{% endtab %}
{% tab title="Android" %}
1. Open the **NordVPN** app.
2. Navigate to **Products** 
> **Meshnet** 
menu, and then go to **Settings** 
