What does Pi-hole do?

Pi-hole is a DNS sinkhole — it acts as a DNS server for your network and intercepts DNS requests for known ad and tracker domains, returning nothing instead of the real IP. The result: ads never load on any device on your network, including phones, smart TVs, and IoT devices that cannot run browser extensions.

Does Pi-hole slow down my internet?

No — Pi-hole typically speeds up browsing because it blocks hundreds of ad network requests that your browser would normally make. DNS queries to Pi-hole resolve in under 1ms on a local network. Pi-hole also caches DNS responses, making frequently-visited domains resolve faster than going to an external DNS server.

What is Pi-hole's default admin password?

Pi-hole generates a random admin password during installation and displays it in the terminal. If you forget it, reset it with: pihole -a -p (from the terminal on the Pi-hole server) or sudo pihole setpassword in newer versions.

Pi-hole — Network-Wide Ad Blocking

Pi-hole is a DNS-based ad and tracker blocker that runs on your local network. Instead of blocking ads in a browser extension (which only works on one device), Pi-hole blocks ad domains for every device on your network — phones, tablets, game consoles, smart TVs, and IoT devices — without installing anything on them.

Admin panel:pi.hole/admin

Or by IP: http://[pihole-ip]/admin · Default port: 80 (HTTP)

How Pi-hole Works

When a device on your network requests the IP for ads.doubleclick.net, it asks Pi-hole (your DNS server) instead of your ISP's DNS. Pi-hole checks its blocklist — if the domain is on it, Pi-hole returns nothing (or a blank response). The browser gets no IP, makes no request, and the ad never loads. If the domain is not blocked, Pi-hole forwards the query to an upstream DNS resolver (Cloudflare, Google, or your ISP's DNS) and returns the real IP.

Installation Options

Option 1: One-Line Install (Raspberry Pi or Ubuntu/Debian)

curl -sSL https://install.pi-hole.net | bash

The installer walks through configuration: network interface, upstream DNS, blocklists, and admin password. Assign a static IP to your Pi-hole server first (via DHCP reservation on your router) — essential for using it as a DNS server.

Option 2: Docker

docker run -d \
  --name pihole \
  --net=host \
  -e TZ="America/Chicago" \
  -e WEBPASSWORD="yourpassword" \
  -e FTLCONF_LOCAL_IPV4="192.168.1.100" \
  -v "$(pwd)/etc-pihole:/etc/pihole" \
  -v "$(pwd)/etc-dnsmasq.d:/etc/dnsmasq.d" \
  --restart=unless-stopped \
  pihole/pihole:latest

After Install — Point Your Router to Pi-hole

Installing Pi-hole alone does nothing. You must configure your network to use Pi-hole as its DNS server. Two ways:

Router-level (recommended — covers all devices): Log into your router admin panel → find DNS settings under LAN or DHCP settings → set Primary DNS to your Pi-hole's IP address → set Secondary DNS to a fallback like 8.8.8.8 (or leave blank to force all traffic through Pi-hole). Devices will receive the Pi-hole IP via DHCP.

Per-device: Configure each device to use the Pi-hole IP as its DNS manually. Necessary if your ISP gateway does not allow changing DNS, but time-consuming for large networks.

Admin Dashboard (pi.hole/admin)

The Pi-hole admin panel shows:

Section	What You Find
Dashboard	Queries today, blocked percentage, top blocked domains, query types over time
Query Log	Live and historical DNS queries with blocked/allowed status per domain
Blocklists	Add and manage blocklist URLs (adlists)
Allowlist	Whitelist specific domains blocked in error (false positives)
Clients	Per-device query statistics — see which device is making the most requests
Settings	DNS configuration, upstream servers, blocking mode, DHCP server option

Recommended Blocklists

List	Domains	Focus
StevenBlack's Unified (default)	~130,000	Ads, malware, tracking
oisd.nl full	~1,000,000	Most comprehensive, low false positives
hagezi/dns-blocklists	Multiple tiers	Community-maintained, updated frequently
OISD basic	~400,000	Conservative, very few false positives

Add blocklists: Pi-hole admin → Settings → Blocklists → paste URL → Save and Update. After adding, go to Tools → Update Gravity to download and apply the new lists.

Common False Positives — What to Allowlist

Occasionally Pi-hole blocks a domain that breaks a legitimate service. Common fixes:

Broken Service	Domain to Allow
Samsung Smart TV updates	samsungcloudsolution.com
Microsoft Office activation	officeclient.microsoft.com
Spotify	spclient.wg.spotify.com
LG Smart TV	lgtvsdp.com
Ring doorbells	loop.ring.com

When something breaks: check Pi-hole's query log filtered by the affected device's IP, look for blocked (red) queries around the time of the issue, and add them to the allowlist.

Troubleshooting

Pi-hole blocking but queries not going to it: Verify devices are getting the Pi-hole IP as their DNS. On Windows: ipconfig /all — look for "DNS Servers." Should show the Pi-hole IP.

Some devices ignoring Pi-hole: Smart TVs and Chromecast devices sometimes hardcode Google's 8.8.8.8 DNS. Block outbound DNS to bypass Pi-hole: add a firewall rule on your router blocking port 53 to any destination except the Pi-hole IP. Devices then cannot bypass Pi-hole.

Reset admin password: SSH into your Pi-hole server and run: pihole -a -p

DNS resolution failing after update: Run pihole -r (reconfigure/repair) which reinstalls without wiping your settings.