A few weeks ago, my Pi-hole started throwing up errors that I may have incorrectly identified as a bad upstream DNS provider. Now do I fault the learnings I gleaned? I don't. I really enjoyed reading up on everything and share those learnings. Here's what happened in between then and now: my Pi-hole gave up on life. One minute it was blocking ads and keeping my DNS tidy, the next minute it was sitting there like a paperweight. My ad blocking was gone, my custom DNS entries were gone, and my network was basically an all-you-can-eat buffet for trackers.

So I rebuilt it. From nothing. And while I was at it, I gave it an upgrade, loaded it with my favorite block lists, and I had to pull my DNS records back from Active Directory like a digital archaeologist (hardy har har). Here is exactly how it went down so you can either follow along or just laugh at my misfortune.

1. Setting up Pi-hole from Scratch

First, I grabbed the Raspberry Pi OS and used Raspberry Pi Imager to flash it to an SD card. I chose the Lite version because my Pi-hole runs headless and does not need a desktop environment, but note I used to use the full version with the desktop in previous lives before I was deeper with Linux holistically (I'd dub myself the perpetual #greenbelt).

After booting the Pi, I SSH’d in and immediately ran the standard first-day command:

sudo apt update && sudo apt full-upgrade -y

Then came the Pi-hole install:

curl -sSL https://install.pi-hole.net | bash

The installer itself walks you through network interface selection, upstream DNS choices, and block list options. I also enabled the admin web interface so I can manage it without having to SSH in every time.

To set the admin password:

sudo pihole setpassword

If you want no password, run this:

sudo pihole setpassword ""

I do not recommend removing the password unless you enjoy giving every device in your network the keys to your DNS kingdom.

2. Keeping Everything Up to Date

Right after installation, I run updates again. It's quick, easy, and makes me feel like I am being responsible:

sudo apt update && sudo apt full-upgrade -y sudo reboot

I've found this keeps Pi-hole and the underlying OS happy + secure.

3. Picking Your DNS Upstream

Pi-hole needs to know where to send DNS queries it cannot answer locally. Here are my top picks (I also covered these in the blog post:

• Cloudflare: 1.1.1.1 and 1.0.0.1 for speed and privacy

• Quad9: 9.9.9.9 and 149.112.112.112 for malware protection

  
  

You can change these anytime in the Pi-hole web UI under Settings → DNS → Upstream DNS Servers.

4. Loading the Best Block Lists

A Pi-hole without good block lists is like a bouncer who just lets everyone into the club. I get mine from Firebog.net because they have lists that work without breaking half the internet.

Some favorites:

• StevenBlack Unified Hosts

• OISD Blocklist

• MalwareDomainList

To add them:

1. Go to Group Management → Adlists in the web UI

2. Paste the list URL

3. Click Save

4. Refresh gravity from the terminal:

pihole -g

5. Disaster Recovery: Pulling DNS from Active Directory

When my Pi-hole died, my Local DNS entries went with it. Thankfully, my Active Directory DNS server still had them stored away like a dusty box in the attic.

Step 1 - Export from AD DNS

On a domain-joined Windows server with DNS tools installed:

$ZoneName = "shakeen.net"
$ExportFile = "C:\Temp\dns_export.csv"

Get-DnsServerResourceRecord -ZoneName $ZoneName |
    Where-Object { $_.RecordType -eq "A" } |
    Select-Object HostName, @{Name="IPAddress";Expression={$_.RecordData.IPv4Address.IPAddressToString}} |
    Export-Csv -Path $ExportFile -NoTypeInformation

Step 2 - Convert to Pi-hole format

Import-Csv C:\Temp\dns_export.csv | ForEach-Object {
    if ($_.IPAddress) { "$($_.IPAddress) $($_.HostName)" }
} | Out-File C:\Temp\pihole_hosts.txt -Encoding ascii

Step 3 - Send it to the Pi-hole

From my Linux box:

scp C:/Temp/pihole_hosts.txt [email protected]:/tmp/pihole_hosts.txt

Step 4 - Append to /etc/hosts

On the Pi-hole itself:

sudo cp /etc/hosts /etc/hosts.$(date +%F-%H%M%S).bak

while IFS= read -r line; do
    if [ -n "$line" ] && [[ ! "$line" =~ ^# ]]; then
        echo "$line" | sudo tee -a /etc/hosts >/dev/null
    fi
done < /tmp/pihole_hosts.txt

sudo pihole restartdns

And just like that, my DNS was back in business.

6. Automating Backups

I never want to do that recovery dance again. So I set up a weekly cron job that backs up /etc/hosts to my NAS every Sunday at midnight.

First, mount the network share:

sudo mkdir -p /mnt/pihole-backups
sudo mount -t cifs //192.168.1.100/pihole-backups /mnt/pihole-backups -o username=youruser,password=yourpass

Then edit root’s crontab:

sudo crontab -e

Add this line:

0 0 * * 0 cp /etc/hosts /mnt/pihole-backups/hosts-$(date +\%F).bak

Now I have a timestamped backup waiting for me every Sunday. If Pi-hole decides to take another dirt nap, I can restore in minutes.

Wrapping It Up

Pi-hole is back, blocking ads, using my favorite DNS upstreams, powered by solid block lists, and backed up weekly. If yours ever fails, you can follow this same playbook and be up and running before your coffee gets cold. And if you set up the backups now, maybe you will never have to learn how good you are at recovering DNS from Active Directory under pressure. ;) #oldschooltroubleshooting