← Back to Artifacts

The Ultimate Pi-hole Setup Guide

Article

A comprehensive guide to setting up Pi-hole on a Raspberry Pi Zero 2 W for network-wide ad blocking, with optimizations for mobile games and remote access.

A set-and-forget network ad blocker with remote app control and heavy optimization for mobile games.

Hardware: Raspberry Pi Zero 2 W (512MB RAM)

OS: Raspberry Pi OS Lite (64-bit)

---

Phase 1: The Foundation (Installation)

We're installing the core ad-blocking software. We use the "Lite" OS to save memory.

Step 1: Initial System Update

sudo apt update && sudo apt upgrade -y

Step 2: Install Pi-hole v6

curl -sSL https://install.pi-hole.net | bash

Prompts: Select `wlan0` (Wi-Fi), accept the static IP (e.g., `192.168.1.246`), choose Google as upstream DNS, and enable the Web Interface.

Step 3: The "FTL" Restart

Sometimes the DNS engine needs a nudge to start correctly after install.

sudo systemctl restart pihole-FTL

✅ Check-in Point: Is it alive?

dig google.com @127.0.0.1

Success: You should see an `ANSWER SECTION` with an IP address.

---

Phase 2: Router Integration (The Verizon Fix)

We need to force your Verizon router to send traffic to the Pi-hole without triggering security limits.

Step 1: Router Settings

1. Log into your Verizon Router (`192.168.1.1`).

2. Navigate to Advanced > Network Settings > Network Connections > Broadband Connection (Ethernet) > Settings.

3. Primary DNS: `192.168.1.246` (Your Pi).

4. Secondary DNS: `1.1.1.1` (Cloudflare Backup).

5. Disable IPv6: Go to Advanced > Network Settings > IPv6 and turn it OFF.

Step 2: The Critical "Rate Limit" Fix

Since all traffic comes from the router, Pi-hole thinks it's a "spam attack" and blocks legitimate internet traffic. We must disable this limit.

sudo nano /etc/pihole/pihole.toml

1. Find the section `[dns.rateLimit]`.

2. Change `count = 1000` to `count = 0`.

3. Press `CTRL+X`, then `Y`, then `Enter` to save.

Restart FTL:

sudo systemctl restart pihole-FTL

---

Phase 3: Remote Access (Apps Setup)

Control Pi-hole from your iPhone and have ad-blocking even when you leave your house.

Part A: Tailscale (The VPN)

This connects your phone to your Pi-hole securely from anywhere.

1. Install on Pi:

curl -fsSL https://tailscale.com/install.sh | sh

2. Activate:

sudo tailscale up

Copy the link provided in the terminal, open it in a browser, and sign in (Google/Apple ID).

3. Install on iPhone:

  • Download the Tailscale app from the App Store.

  • Log in with the same account.

  • Turn it ON. You are now "virtually" at home.

Part B: Pi-hole Remote (The Controller)

This app lets you view stats and temporarily disable blocking.

1. Generate App Password (API Key):

  • Open your Pi-hole Web Interface (`http://192.168.1.246/admin`) in a browser.

  • Go to Settings > Web Interface.

  • Click "Configure app password" (or "Show API Token").

  • You will see a QR code and a long text string. Keep this screen open.

2. Configure the App:

  • Download Pi-hole Remote from the App Store.

  • Open the app and tap Add Instance.

  • Display Name: Home (or whatever you like).

  • Host/IP: `192.168.1.246`

  • Port: `80`

  • Scan QR Code: Tap the camera icon and scan the code from your computer screen.

> Note: If you are away from home, change the "Host/IP" to your Tailscale IP (found in the Tailscale app, usually starts with `100.x.x.x`).

---

Phase 4: The "Block" Configuration (Lists & Regex)

We're replacing the basic blocking with a "Mobile Game Killer" setup.

Step 1: Add Adlists (The Big Lists)

1. Go to Adlists in the Web Interface.

2. Add these URLs:

List NameURL
Steven Black`https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts`
Hagezi Pro`https://raw.githubusercontent.com/hagezi/dns-blocklists/main/adblock/pro.txt`
Phishing Army`https://phishing.army/download/phishing_army_blocklist_extended.txt`
AdGuard DNS`https://v.firebog.net/hosts/AdguardDNS.txt`

3. Crucial: After adding them, go to Tools > Update Gravity and click Update.

Step 2: Add Regex Filters (The Smart Filters)

These block entire ad networks (Unity, AppLovin, etc.) used by mobile games.

1. Go to Domains in the Web Interface.

2. Click the "Regex" tab.

3. Add these patterns as Blacklist (Deny):

Mobile Game Ad Networks:

^ads\.unity3d\.com$


^config\.unityads\.unity3d\.com$


^.*applovin\.com$


(\.|^)unity3d\.com$


(\.|^)unityads\.unity3d\.com$


(\.|^)ironsrc\.com$


(\.|^)supersonicads\.com$


(\.|^)vungle\.com$


(\.|^)liftoff\.io$


(\.|^)chartboost\.com$


(\.|^)adcolony\.com$


(\.|^)tapjoy\.com$


(\.|^)inmobi\.com$


(\.|^)mintegral\.com$


(\.|^)rayjump\.com$


(\.|^)pangle\.io$


(\.|^)moloco\.(com|net|map\.fastly\.net)$


(\.|^)inner-active\.map\.fastly\.net$

Video/Streaming Ads:

^.*\.mediatailor\.us-east-1\.amazonaws\.com$


^g[0-9]+-vod-us-cmaf-prd-fy\.cdn\.peacocktv\.com$


^star\.fallback\.c10r\.facebook\.com$

Google Aggressive Ads:

(\.|^)googleads\.g\.doubleclick\.net$


^adservice\.google\.com$


^pagead2\.googlesyndication\.com$

Step 3: Exact Blocking (Privacy Features)

Go to the "Exact" tab in the Domains section and add these as Blacklist (Deny).

Block iCloud Private Relay (Forces Apple devices to use Pi-hole):

  • `mask.icloud.com`

  • `mask-h2.icloud.com`

Block Firefox DoH (Forces Firefox to use Pi-hole):

  • `use-application-dns.net`

---

Phase 5: Longevity (Log2Ram)

This saves your SD card from burning out by writing logs to RAM instead of the disk.

curl -L https://github.com/azlux/log2ram/archive/master.tar.gz | tar zxf -


cd log2ram-master


chmod +x install.sh


sudo ./install.sh


cd ..


rm -r log2ram-master

✅ Check-in Point: Verify Storage

df -h | grep log2ram

Success: You should see a line starting with `log2ram`.

Final Step: Reboot your Pi to lock everything in.

sudo reboot

---

Summary

Your Pi-hole is now configured with:

  • ✅ Network-wide ad blocking

  • ✅ Mobile game ad elimination

  • ✅ Remote access via Tailscale

  • ✅ iPhone control via Pi-hole Remote

  • ✅ SD card longevity with Log2Ram