I am Done with Pi-hole

Pi-hole, it's you not me.

Look, I have been a Pi-hole user for years. I have written Pi-hole tutorials. I have deployed it on various clouds and on my home server. I have also been a somewhat outspoken critic of Pi-hole and the whole community around the project.

With that intro out of the way, here is why I will no longer be running Pi-hole or recommending it to anyone.

Lack of Innovation

Over the last few years, it seems that Pi-hole has let other DNS providers take the lead when it comes to innovating and adopting new DNS protocols.

AdGuard Home supports DNS-over-HTTPS (DoH), DNS-over-TLS (DoT), or DNS-over-QUIC (DoQ), right out of the box. Pi-hole, on the other hand, requires a more detailed setup and piggybacks off of Cloudflare.

I can’t say that I ever got excited by a new Pi-hole feature. This might be because there are rarely any feature drops.

AdGuard Home is Just So Good

I have been using AdGuard Home for a few weeks now and I can say without a doubt I notice a difference. This may of course be my personal experience but looking through the logs and seeing the overall statistics, it seems to be faster, it is better at blocking what I want blocked and not blocking what I don’t want blocked, and it just works.

Don’t get me wrong, Pi-hole did “just work” for me not too long ago. Over the last few months, however, something changed, and it wasn’t my setup.

Too Many Weird Issues

When I was running Pi-hole, I would encounter some weird issues. Often the Pi-hole web interface would get the temp of my server wrong, the amount of RAM or CPU cores wrong, or the server would suddenly crash and restart.

It might just be a “me” thing, but I have not had those issues with AdGuard Home.

Running Pi-hole In the Cloud is Frowned Upon?!

Something that really made me rethink the whole Pi-hole thing was when I wrote up a tutorial on how to run Pi-hole on AWS EC2. I like to run my resolvers in a cloud so that I can reboot my servers and not have the rest of my network affected.

In my tutorial, I specifically mentioned that your security lists need to be set up in such a way that all incoming traffic that is not from your public IP should be dropped.

I posted my article on r/pihole and within 10 minutes, a mod of the subreddit had take down my post saying that in using an AWS EC2 instance, I was creating an open resolver (which is bad) and that my post went against guidelines. This all fine and all except for the fact that the article I mentioned earlier shows readers how to create a virtual cloud network security group in AWS that only allows traffic from the public IP of their choosing. After I pointed this out and asked the mod to read the article, he deleted his comments but the post remained inactive (all good, really).

~ jmcglock.substack.com/p/addressing-the-mods-on-rpihole

The pihole mods were correct in saying that open resolvers = very bad. They apparently did not read the actual article however since I explicitly explained how to not make your Pi-hole an open resolver.

The Conclusion

I am done with Pi-hole. I am currently running AdGuard Home on an Oracle Cloud instance and I am loving it (ba da ba ba ba). I don’t have animosity towards Pi-hole, it just doesn't work for me.

Cheers,

Joe