How to Block Ads System-Wide with `Pi-hole` on Arch Linux

In the age of pervasive online advertising and trackers, many users are seeking effective ways to reclaim their privacy and speed up browsing. While browser-based ad blockers like uBlock Origin and Adblock Plus work well, they are limited to the browser itself. For those seeking a broader solution, Pi-hole offers a compelling system-wide and network-wide ad-blocking alternative.

Although Pi-hole is traditionally associated with Raspberry Pi and Debian-based systems, it can be installed and run successfully on Arch Linux with a bit of setup work. In this article, we’ll walk through the process of installing, configuring, and using Pi-hole on an Arch Linux system to block ads system-wide.

What is Pi-hole?

Pi-hole is a network-level ad blocker that functions as a DNS sinkhole. It intercepts DNS queries and blocks requests to known ad-serving domains, effectively preventing unwanted content from ever reaching your device. Pi-hole offers:

• Ad blocking across all devices on the network.
• Detailed statistics through a web interface.
• Integration with custom blocklists and whitelists.
• Lightweight resource usage, even on low-power hardware.

Whether you want to block ads on your desktop, smartphone, smart TV, or any device connected to your home network, Pi-hole can handle it.

Why Use Pi-hole on Arch Linux?

While Raspberry Pi is often used with Pi-hole, Arch Linux users can also benefit from its ad-blocking capabilities, especially when:

• You’re running Arch on a server or low-powered device.
• You want to integrate Pi-hole into an Arch-based home lab or desktop setup.
• You prefer Arch Linux for its minimalism and rolling release nature.

The Arch Linux community is highly flexible, and running Pi-hole here can give you more control and customization opportunities.

Prerequisites

Before starting the installation, ensure that you have:

• A system running Arch Linux (physical machine or virtual).
• Root or sudo access.
• A working network connection.
• A basic understanding of DNS and networking.

Optional but recommended:

• A static IP address for your Arch machine (especially if you’ll be using Pi-hole for your whole network).
• A backup of your system or configuration snapshots, just in case.

Step 1: Update Your System

Make sure your Arch system is up to date:

sudo pacman -Syu

Reboot if necessary after the upgrade.

Step 2: Install Required Dependencies

The Pi-hole installation script relies on certain packages that may not be installed by default on Arch. Install them with:

sudo pacman -S curl base-devel git --needed

Step 3: Create a Debian-Compatible Environment Using debian-arch

Pi-hole’s automated installer is built for Debian-based systems. To avoid compatibility issues, the Arch community recommends using a Debian chroot or Docker container. The easiest method for running Pi-hole on Arch is through Docker.

Install Docker

sudo pacman -S docker
sudo systemctl enable --now docker

Verify Docker is working:

docker run hello-world

Step 4: Pull the Pi-hole Docker Image

Use the official Pi-hole Docker image:

docker pull pihole/pihole

Step 5: Set Up a Docker Container for Pi-hole

Choose a location on your filesystem to store Pi-hole configuration and DNS logs:

mkdir -p ~/pihole/etc-pihole ~/pihole/etc-dnsmasq.d

Now create and start the Pi-hole container. Replace 192.168.1.2 with your Arch system’s local IP address and choose a strong password for the web interface:

docker run -d \
  --name pihole \
  -p 53:53/tcp -p 53:53/udp \
  -p 80:80 \
  -e TZ="Your/Timezone" \
  -v ~/pihole/etc-pihole:/etc/pihole \
  -v ~/pihole/etc-dnsmasq.d:/etc/dnsmasq.d \
  -e WEBPASSWORD="your_secure_password" \
  --dns=127.0.0.1 --dns=1.1.1.1 \
  --restart=unless-stopped \
  --hostname pi-hole \
  --cap-add=NET_ADMIN \
  pihole/pihole

Note:

• The --cap-add=NET_ADMIN flag allows Pi-hole to control DNS ports.
• You can replace 1.1.1.1 with your preferred upstream DNS provider (Cloudflare, Google, OpenDNS, etc.).

Step 6: Access the Pi-hole Web Interface

Once the container is up and running, you can access the web interface via your browser:

http://<your-ip-address>/admin

Login using the password you set with WEBPASSWORD. From here, you can:

• View DNS statistics.
• Add blocklists or whitelists.
• Monitor client queries.
• Enable/disable ad blocking.

Step 7: Configure Your System to Use Pi-hole for DNS

To make your Arch Linux machine use Pi-hole for DNS resolution:

Option A: Modify systemd-resolved (for systems using it)

Edit the DNS configuration:

sudo systemctl edit systemd-resolved

Add the following:

[Resolve]
DNS=127.0.0.1
FallbackDNS=1.1.1.1

Then restart the service:

sudo systemctl restart systemd-resolved

Option B: Manually set resolvers

Edit /etc/resolv.conf and add:

nameserver 127.0.0.1

To prevent resolv.conf from being overwritten, you can set it immutable:

sudo chattr +i /etc/resolv.conf

Step 8: (Optional) Use Pi-hole Network-Wide

To have all devices on your network use Pi-hole:

1. Assign a static IP address to your Arch server.
2. Log into your router’s admin interface.
3. Change the router’s DNS settings to point to your Pi-hole server’s IP.
4. Optionally, disable IPv6 DNS if your Pi-hole doesn’t support it.

This way, every device connected to your network will use Pi-hole for DNS lookups—blocking ads system-wide.

Step 9: Add More Blocklists (Optional)

The default blocklist in Pi-hole is decent, but you can improve effectiveness by adding more.

From the admin interface:

• Go to Group Management > Adlists.
• Add new blocklists from sources like https://firebog.net or https://blocklistproject.github.io.
• Update gravity (the list of blocked domains):

docker exec -it pihole pihole -g

Step 10: Maintain and Monitor

Some useful Docker commands for Pi-hole:

• View logs:

docker logs pihole

• Restart the container:

docker restart pihole

• Update the container:

docker pull pihole/pihole
docker stop pihole
docker rm pihole
# Then rerun the container using the same command as above

Security Considerations

• Keep Docker and Pi-hole updated to mitigate vulnerabilities.
• Don’t expose Pi-hole’s web interface to the internet.
• Use firewall rules to restrict access if needed.
• Set a strong password and change it periodically.

Final Thoughts

Running Pi-hole on Arch Linux gives you a powerful ad-blocking solution that operates beyond the browser level. Whether you want to stop intrusive ads, protect your privacy, or speed up your network, Pi-hole is a great tool for the job.

While the Arch environment isn’t officially supported by Pi-hole’s automated script, using Docker makes the installation straightforward and isolated from system packages. This approach ensures compatibility, ease of management, and the rolling-release benefits of Arch.

Once configured, Pi-hole runs silently in the background, improving your online experience—free of clutter, faster loading times, and enhanced privacy.

References and Further Reading

• Official Pi-hole Documentation
• Pi-hole Docker GitHub Repository
• Firebog: Curated Blocklists
• Arch Wiki - Docker
• Arch Wiki - DNS