A simple automated setup for running a private, ad-free, privacy defending DNS server on a Raspberry Pi 5.
This project turns your Raspberry Pi into a private DNS server that:
- Blocks ads and trackers at the network level (using Pi-hole)
- Protects your privacy by running your own DNS resolver (using Unbound)
- Works for all devices on your home network—phones, computers, tablets, etc.
Think of it like an ad blocker for your entire network, not just one device.
- Raspberry Pi 5 (running Raspberry Pi OS Lite 64-bit - 2GB RAM is sufficient)
- Power supply for the Pi
- Ethernet cable (recommended for reliability)
- Way to access the Pi (keyboard + monitor, or SSH from another computer)
- Download Raspberry Pi OS Lite (64-bit) from raspberrypi.com/software
- Write it to an SD card using the Raspberry Pi Imager
- Power on your Pi and connect it to your network
- Log in as the default user (usually
pi)
- On your Pi, download the setup script:
cd /home/pi wget https://raw.githubusercontent.com/viv-4/pi-vacy/refs/heads/main/setup.sh - Run the script:
sudo ./setup.sh
- Wait for it to complete (5-10 minutes)
That's it! The script automatically:
- Installs system & security updates
- Installs Docker
- Sets up Pi-hole (ad blocker)
- Sets up Unbound (private DNS)
- Starts everything running
- Log into your home router settings
- Find the DNS settings
- Set the DNS server to your Pi's IP address (e.g.,
192.168.1.100) - All devices on your network now use your private DNS
- Go to Settings → Network/WiFi
- Find DNS settings
- Enter your Pi's IP address as the DNS server
Once running, you can manage everything through Pi-hole's web interface:
- Open a web browser
- Go to:
http://<your-pi-ip>:8085/admin - Log in with your password (output by setup script or found in
.envfile in same location)
From here you can:
- View blocked ads/trackers
- See which devices are using the DNS
- Add custom blocklists
- Configure whitelists/blacklists
By default a block list containing ad and malicious domains is installed.
You can add more lists from the Pi-hole admin interface.
eg. Various Lists can be found at: https://github.com/zachlagden/Pi-hole-Optimized-Blocklists
- Recommend the
all_domains.txtlist for maximum blocking. - If this blocks too much use
comprehensive.txtinstead. - To block adult content add
nsfw.txtas well.
- Copy the link of a list and add it under Lists -> Add a new subscribed list.
- repeat for multiple lists
- Update Gravity to apply the new lists: Tools -> Update Gravity -> Update
Nothing is blocking ads?
- Make sure your router is pointing to the Pi's DNS, or configure devices individually
Can't access the web interface?
- Find your Pi's IP: On the Pi, run
hostname -I - Make sure you're on the same network
- Check that Docker containers are running:
docker ps
Containers not running?
- Check logs:
docker logs pihole - Restart:
docker compose restart
- Docker - Container system (like lightweight virtual machines)
- Pi-hole - Ad/tracker blocker
- Unbound - Private DNS resolver
- Autoheal - Keeps containers running if they crash
- By default Unbound does not expose it's ports outside the Pi & PiHole is configured to only be exposed to the trusted local network.
- If you want to access DNS or blocking from outside your local network, you will need to set up port forwarding on your router to PiHole.
- This is not recommended as it exposes your DNS server to be used by others to perform malicious activities.
- If you do need external access, consider adding a VPN to your Pi and only expose the VPN port through your router.
- Be aware this adds an external security risk to your network, which is otherwise not exposed, if not configured properly or vulnerabilities are found in the VPN software.