Single-board computers (SBCs) are used for plenty of uses, and they've found a permanent home in the home labs of many of our writers and readers. One of those popular uses is the DNS-based ad-blocking Pi-hole, which doesn't necessarily need the power of the Raspberry Pi 5 to run, but will do its best to keep every device on your home network free from ads. It'll also try to block any URLs that go to known malware sources, which keeps everyone safer. But for all it can do, it's not a complete network security solution, and there are some cracks in its virtual armor. It's still a fantastic addition to your other network security options, but here's why it's not the only thing you need to be running.

5 Incomplete blocking

Since it's a DNS-based blocking utility, there are ways around its blocking ability

Source: Pi-hole

Pi-hole uses a DNS-based method for blocking ads, malware, and other unwanted URLs. It's powerful, works off the domain name of the URL, and blocks ads before they're even downloaded to your devices. This keeps your network faster because it's not pulling data it doesn't need to. That also means it works on every device on your network, whether that's an IoT device or a web browser on a computer. This approach has its benefits, but there's one major drawback: only domains or subdomains can be blocked.

It's easier to illustrate why this is an incomplete method of ad blocking with an example. Everyone hates unskippable YouTube ads, and many ad-blocking solutions are popular because they say they can stop YouTube ads from running. If YouTube was using a third party tracker or even a different URL to serve those ads to you, Pi-hole could block them easily. But YouTube doesn't do that. It likely puts its ad tracking at https://youtube.com/trackernamehere.js, so it's part of the main domain, and the only way for Pi-hole to block it is to block YouTube entirely.

Browser extensions work differently and use various other methods to block ads from being rendered by the browser once they've been downloaded to the computer. That's why even Pi-hole's developers say you should use both DNS-based and extension-based ad blockers at the same time, because they complement each other and fill in the other's deficiencies.

4 It doesn't always work

This really depends on your router, but it's an annoyance

Networking was hard enough to route when IPv4 was the only thing you had to worry about with DNS requests, but now IPv6 is everywhere and that can be a problem for the Pi-hole's effectiveness. Most of the problems stem from locked-down routers, which often do the barest minimum for supporting IPv6, and sometimes don't let you change IPv4 DNS servers either.

But there can also be an issue with the prefix pushed by your ISP for IPv6, as they often use the Global Unicast Address (GLA) of 2000::/3, and could change this prefix several times a day, breaking your Pi-hole configuration every time. If you can, use the Link-Local Address (prefix fe80::/10) for your Pi-hole host or the Unique Local Address (prefix fc00::/7) for your router. The Unique Local won't ever change, and the Pi-hole host IP will only change if you change it, giving you plenty of insight into why your Pi-hole stopped working suddenly.

3 It won't stop you downloading malware

Malicious files are still downloadable, but a Pi-hole will stop you getting to some known sources