Hey guys, I recently bought an orange pi zero 2 and, as the title suggests, I want to put an ad blocker on it. Those are the options. I also will put openvpn for external connection to my network. Does anyone have experience with them? What would you suggest?

  • whenever8186@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    I also started on pihole, but switched to Blocky because Blocky is way more DevOps friendly (I run this stuff on microk8s on a Pi cluster).

    Then I just ditched it altogether and now use NextDNS. Well worth paying the small fee for. But you obviously don’t get the same DIY satisfaction out of it.

    • Kaldo@kbin.social
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      Tbh I just run pihole as a background service on my PC since I can’t easily access router to change DNS for the whole network anyway. It never seemed that much work, what devops issues were you running into with it and Blocky to justify paying a service for it?

      • whenever8186@lemmy.world
        link
        fedilink
        arrow-up
        2
        ·
        1 year ago

        My main issue with PiHole was that the container wouldn’t work on later versions of Ubuntu for some reason (if I remember correctly, anything later than 18.04). I never did figure it out. The other reason was since I was running it in Kubernetes, the whole point is to have multiple replicas running for redundancy, but PiHole’s UI is coupled with its backend DNS service so if you have 3 PiHole instances running, you had 3 GUI instances as well. You could load balance the DNS requests (I used MetalLB), but visiting the UI was pointless. Also, the config was very scripty and not really container friendly - I mean it worked but it wasn’t designed as a cloud native application. No fault of its own but it didn’t really suit the way I like to do things.

        Enter Blocky, which doesn’t have a UI and has a very simple YAML config that is easily mounted to a container. It scaled much easier, used way less resources and was just simpler to manage. It was really exactly what I was looking for.

        However, ultimately running the DNS service for my house out of a Pi cluster wasn’t really my best idea. It has to work 100% of the time, and I would have frequent outages. We are a family of 5, so imagine lots of ‘Dad! The TV’s not working!!’ and stuff like that every time. This thing was a pet project, and I didn’t have it set up as a ‘production’ service, which is what it really should be. Sometimes the metallb pods would fall over, or the kubernetes TLS certificates would expire for the cluster, etc. I didn’t have proper monitoring and alerting setup, etc. I just couldn’t be bothered putting the effort into it that it required.

        NextDNS does exactly the same thing, with probably even better controls, is more reliable, has great logging and costs bugger all.

    • knoland@kbin.social
      link
      fedilink
      arrow-up
      2
      arrow-down
      1
      ·
      1 year ago

      But NextDNS is closed source isn’t it? Personally I wouldn’t trust proprietary software with my entire DNS request history.

      • whenever8186@lemmy.world
        link
        fedilink
        arrow-up
        3
        ·
        1 year ago

        Well it’s a service I’m paying for, so yes a bit of trust is required. Their privacy policy looks decent as well. As it stands, I trust them more with it than I would my ISP, Google or Microsoft.

        You can choose what region to log to (I chose Switzerland) and you can also configure the retention period.

        https://nextdns.io/privacy