Ramblings of a Tampa engineer
Pi-hole "Chronometer" feature - pihole -c

In 2017 I installed a Pi-hole into my network and routed all my internet traffic through it. Today is now March 27, 2022 and I've been running it ever since.

My last post about this went into detail about the PiVPN integration I did to support VPN access via Wireguard. That has since been removed and added into my OPNsense firewall directly. I then additionally followed this wonderful tutorial to use my existing Pi-hole setup with OPNsense.

The long-term data solution I built is still going strong with all extracted data being removed from the Pi-hole to keep it lean. This is of course less of a concern now, because the HDD on the Raspberry Pi was upgraded from 6GB to 28GB usable space.

The Pi-hole software has also jumped with releases from 5.5 to 5.11, so we have a few versions to recap.

We saw these release notes give a more automatic dump of changes from the variety of repositories that produce Pi-hole. This makes it slightly more difficult to find the key points of each release, but helped find each contributor and change that made up a release.

v5.11 Pi-hole Dashboard

The dashboard has gotten a face-lift in a few areas and eagle-eyed users would notice my amount of clients has gone up by about 7 and the percent blocked is now roughly 8% instead of 3%. I think this is an extremely interesting that the amount of traffic I send now is 5% heavier in terms of blocked requests than last year.

So lets dig into the top 15 blocked and allowed requests to see what led to that. This time looking at 40,997,056 requests over the last 1,002 days of long-term data collection.

Top 15 Blocked

Domain Count
806c4c48-1715-4220-054f-909f83563938.local 803,900
e7bf16b0-65ae-2f4e-0a6a-bcbe7b543c73.local 638,460
1d95ffae-4388-9fbc-1646-b2b637cecb64.local 432,008
ssl.google-analytics.com 376,072
68c40e5d-4310-def5-a1c3-20640e1cd583.local 247,892
app-measurement.com 240,059
watson.telemetry.microsoft.com 217,743
googleads.g.doubleclick.net 86,068
settings-win.data.microsoft.com 71,150
www.googleadservices.com 62,394
mobile.pipe.aria.microsoft.com 47,379
sb.scorecardresearch.com 46,057
sessions.bugsnag.com 43,222
reports.crashlytics.com 39,801
secure-dcr.imrworldwide.com 36,533

Top 15 Allowed

Domain Count
e7bf16b0-65ae-2f4e-0a6a-bcbe7b543c73.local 5,631,937
68c40e5d-4310-def5-a1c3-20640e1cd583.local 5,305,150
1d95ffae-4388-9fbc-1646-b2b637cecb64.local 4,898,205
localhost 3,518,671
806c4c48-1715-4220-054f-909f83563938.local 1,342,386
b.canaryis.com 1,110,838
pistats.ibotpeaches.com 588,559
api-global.netflix.com 376,112
clients4.google.com 350,257
cdn-0.nflximg.com 322,484
nrdp.prod.ftl.netflix.com 318,632
ssl.gstatic.com 318,514
play.google.com 307,227
ichnaea.netflix.com 278,804
www.google.com 271,109

Right out of the gate you can see the snafu of .local domain multicast spamming that plagued nearly 17 million requests since the release of Big Sur. I've since turned my local TLD to pihole so each device gets named like such and works around that issue that was caused by using .local.

This is easily more seen if I screenshot the last few requests through the system.

So you can see the devices using the new .pihole TLD, as well as switching to DNS servers that use DNSSEC. I haven't perfected this process yet, but I'm just now starting the switch to slowly move to secured only DNS requests.

If you look at the blocked requests above, it looks roughly like I expect:

  • Google Analytics
  • Microsoft Telemetry
  • Google Ads
  • Nielsen Tracking
  • Application Session/Error Tracking

Though, I do notice a new domain climbing extremely fast to the top 15. It has lodged 31,000 blocked calls and only started 3 months ago. That is roughly 10k blocked calls a month and is us-tracking.nextdoor.com. Which matches exactly to when I installed the Nextdoor application.

I'm glad I have a Pi-hole, because I'm going to dig into what that endpoint is sending for a future blog. I am noticing my upstream data collection is about 2 weeks behind so might have to dig into a way to let that catch up.

Either way, another year running Pi-hole and no complaints. Pass on a donation to the Pi-hole team if you appreciate what they are doing.

You’ve successfully subscribed to Connor Tumbleson
Welcome back! You’ve successfully signed in.
Great! You’ve successfully signed up.
Your link has expired
Success! Check your email for magic link to sign-in.