January 12, 2020

Installing Pi-Hole on Centos 7+ Linux

Installing Pi-Hole on Centos 7+ Linux

Block ad sites via DNS with Pi-hole ad filtering DNS. Pi-hole is a dns service that uses block lists to filter out requests to ad services.

  1. Make sure your system is up to date

sudo yum update -y

2. Disable selinux or set to permissive mode (Pi-Hole does not support selinux yet ). If  you leave it on you will see a warning prompt on installation.

open /etc/selinux/config wtih your favourite editor and change SELINUX=enforcing to SELINUX=permissive

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=permissive
# SELINUXTYPE= can take one of three values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected.
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted


3. Set the current running selinux to permissive:

sudo setenforce 0

4. Verify the selinux status via sestatus

[[email protected] selinux]$ sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   permissive
Mode from config file:          permissive
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      31

5. Install the latest version and pipe it to bash via:

sudo curl -sSL https://install.pi-hole.net | bash

6. Enable PHP 7

7.  Follow the remaing on screen prompts and selct your upstream DNS and logging level.  This can be changed later as well.

Finaly you will be presented with a screen.  

 8.Copy the password that is printed on the screen you will need this to log into the web interface  :

 [i] Pi-hole blocking will be enabled
 [i] Enabling blocking
 [✓] Reloading DNS service
 [✓] Pi-hole Enabled
 [i] Web Interface password: *********
 [i] This can be changed using 'pihole -a -p'

9. Verify it is running

systemctl status pihole-FTL

● pihole-FTL.service - LSB: pihole-FTL daemon
   Loaded: loaded (/etc/rc.d/init.d/pihole-FTL; bad; vendor preset: disabled)
   Active: active (exited) since Sun 2020-01-12 01:21:54 UTC; 1min 4s ago
     Docs: man:systemd-sysv-generator(8)
  Process: 22629 ExecStart=/etc/rc.d/init.d/pihole-FTL start (code=exited, status=0/SUCCESS)

Jan 12 01:21:54 centos-s-1vcpu-1gb-sfo2-01 systemd[1]: Starting LSB: pihole-FTL daemon...
Jan 12 01:21:54 centos-s-1vcpu-1gb-sfo2-01 pihole-FTL[22629]: Not running
Jan 12 01:21:54 centos-s-1vcpu-1gb-sfo2-01 pihole-FTL[22629]: /etc/rc.d/init.d/pihole-FTL: line...y
Jan 12 01:21:54 centos-s-1vcpu-1gb-sfo2-01 su[22654]: (to pihole) root on none
Jan 12 01:21:54 centos-s-1vcpu-1gb-sfo2-01 pihole-FTL[22629]: FTL started!
Jan 12 01:21:54 centos-s-1vcpu-1gb-sfo2-01 systemd[1]: Started LSB: pihole-FTL daemon.
Hint: Some lines were ellipsized, use -l to show in full.

10. Login to the web interface and verify that the blocklist has records. You can update all of your settings from here and track statistics as well.

The status should be active. If there are no domains in the blocklist you may need to use sudo pihole -r to pull the blocklist again.

11. Set either your router, or localhost to point to the new DNS server on Fedora/Centos you can change your nameserver from

/etc/resolv.conf

Add the new namserver :

; Created by cloud-init on instance boot automatically, do not edit.
;
nameserver 167.71.147.214

You can also change your config by going to network and Ipv4 settings:

12. Restart your network interface

13 .  Test out the instance:

nslookup adservice.google.com.vn

Server:		127.0.0.53
Address:	127.0.0.53#53

Non-authoritative answer:
Name:	adservice.google.com.vn
Address: 0.0.0.0
Name:	adservice.google.com.vn
Address: ::

14. Check out the project at : https://github.com/pi-hole/pi-hole