Why Pi-hole 6 Changes the Ad Blocking Game
Most ad blockers work at the browser level, which means they only protect one device at a time and can be bypassed by apps that never touch a browser at all. Pi-hole works differently. It sits at the DNS level on your local network, intercepting domain lookups before they ever reach an ad server. Every device on your network – phones, smart TVs, gaming consoles, laptops – gets ad blocking without any per-device configuration.
Pi-hole 6 is a substantial rebuild of the project. It ships with a rewritten web interface, a new embedded web server (replacing the older lighttpd dependency), and a restructured API that makes scripting and automation far more accessible. The installation process has also been streamlined, with the installer handling more of the dependency chain automatically than previous versions did.
This guide walks through a clean install of Pi-hole 6 on a Linux machine, configures your router to route DNS traffic through it, and covers the key settings worth adjusting out of the box.
What You Need Before You Start
Pi-hole runs well on modest hardware. A Raspberry Pi, a spare mini PC, or even a Linux VM with a static IP on your local network will work fine. The only hard requirement is that the machine stays running – if Pi-hole goes down, DNS resolution across your entire network fails, so this is not a workload to run on a laptop you close regularly. If you are running Pi-hole on a Raspberry Pi, keeping a second DNS server configured as a fallback on your router is good practice. You can also use a Raspberry Pi 5 for heavier self-hosted workloads alongside Pi-hole if you want to consolidate services.
Before running the installer, assign your machine a static local IP address. This can be done either at the OS level (editing /etc/network/interfaces or using NetworkManager) or by setting a DHCP reservation in your router so the machine always gets the same IP. The static IP matters because you will point your router’s DNS setting at this address, and if it changes, DNS stops working network-wide. Confirm the IP is stable before proceeding.
You will also need a working internet connection on the Linux machine, root or sudo access, and either Ubuntu, Debian, Fedora, or a compatible derivative. Pi-hole 6 officially supports those distributions. CentOS and Arch-based installs may work but are not officially supported, and the installer will warn you accordingly.
Installing Pi-hole 6
The official installer is a single curl command. Open a terminal and run:
curl -sSL https://install.pi-hole.net | bash
The installer is interactive. It will walk you through selecting the network interface Pi-hole listens on, choosing an upstream DNS provider (Google, Cloudflare, OpenDNS, and others are listed – you can also enter a custom address), and confirming whether to install the web admin interface. Accept the web interface install unless you have a specific reason not to. At the end of the install, the terminal will display the admin password. Copy it somewhere safe – you will need it to log into the dashboard.
Once installation completes, open a browser and navigate to http://[your-pi-hole-ip]/admin. Log in with the password provided. The Pi-hole 6 dashboard is noticeably cleaner than earlier versions, with query statistics, blocklist status, and top blocked domains visible from the main screen. Spend a few minutes here before making any router changes – the dashboard’s Query Log section shows live DNS traffic, which is useful for confirming the system is working before you route your whole network through it.
Pointing Your Router at Pi-hole
This is the step that extends blocking to every device on your network. Log into your router’s admin panel – usually accessible at 192.168.1.1 or 192.168.0.1 – and find the DNS settings. On most consumer routers, this lives inside the DHCP or LAN settings section. Set the primary DNS server to your Pi-hole machine’s static IP address. Set the secondary DNS to a public resolver like 1.1.1.1 or 8.8.8.8 as a fallback. Save and apply the change.
After updating the router, devices on your network need to renew their DHCP leases to pick up the new DNS setting. On most devices, toggling Wi-Fi off and back on or running ipconfig /release and ipconfig /renew on Windows handles this. Once renewed, DNS queries from those devices will flow through Pi-hole. Return to the Pi-hole dashboard and watch the Query Log – you should see traffic appearing from multiple devices within a minute or two of their leases renewing.
Some devices, particularly Android phones and certain smart home hardware, have hardcoded DNS settings that bypass the router entirely. They commonly use 8.8.8.8 or 1.1.1.1 directly. Pi-hole cannot intercept those queries without additional router-level firewall rules that redirect all outbound DNS traffic to Pi-hole regardless of destination. Whether that level of configuration is worth it depends on your network setup and how much you care about blocking ads on those specific devices.
Configuring Blocklists and Fine-Tuning
Pi-hole 6 comes with a default blocklist (the Pi-hole Firebog list) that blocks a broad range of ad and tracking domains. For most users, this is a reasonable starting point. The Adlists section of the admin panel lets you add additional lists. The Firebog ticked lists – available at firebog.net – are widely used and well-maintained, covering advertising, tracking, malware domains, and more. Adding three or four of these lists meaningfully increases blocking coverage without producing excessive false positives.
False positives – legitimate sites or services blocked by an overly aggressive list – are the most common friction point when running a network-wide blocker. The Query Log is your primary diagnostic tool. If a device on your network stops being able to reach a service, checking the Query Log for blocked queries from that device’s IP will usually identify the culprit domain within seconds. From there, the Whitelist section lets you add specific domains to an allowlist so they pass through regardless of blocklist status. Streaming services, payment processors, and some smart home device APIs are frequent whitelist candidates.
Pi-hole 6 also introduces a more granular group management system, allowing you to create separate client groups with different blocklist policies. This means you can apply strict blocking to most devices while assigning a child’s tablet to a group with additional blocklists covering adult content, or giving a work laptop a more permissive policy. The Groups section in the admin panel manages this, and it is considerably more flexible than what earlier Pi-hole versions offered.
One Setting Most People Miss
By default, Pi-hole logs all DNS queries, which creates a detailed record of every domain every device on your network has ever looked up. For a home network where privacy is a concern, this may be more data than you want to retain. The Settings panel includes a Privacy Mode option with several levels – from full logging down to anonymous mode, which records query statistics without storing individual domains or client IPs. Choosing an appropriate privacy level on day one is easier than auditing months of stored query data later.
The difference between running Pi-hole with full logging versus anonymous mode has no effect on blocking performance. It only changes what the dashboard displays and what gets written to disk. If you do not need to diagnose problems frequently, anonymous or semi-anonymous mode keeps things cleaner and reduces unnecessary storage use on lower-end hardware.
Pi-hole 6’s new embedded web server also means the old pihole -a password command for resetting the admin password still works, but the configuration files have moved. If you are migrating from Pi-hole 5 and following old documentation, the path /etc/pihole/ still exists, but several settings that used to live in setupVars.conf are now managed through the new TOML-based configuration file at /etc/pihole/pihole.toml. Editing that file directly is an option for advanced configuration, but almost everything you need is accessible through the admin panel without touching it.
A network running Pi-hole 6 with a solid blocklist will typically see somewhere between 10 and 30 percent of all DNS queries blocked – not because the internet is mostly ads, but because modern web pages, apps, and smart devices generate a surprising volume of tracking pings, telemetry calls, and analytics requests that run invisibly in the background. The Query Log makes all of that visible for the first time, and what it reveals about the devices sitting quietly on your home network is frequently more interesting than anything the blocked ads would have shown you.
Frequently Asked Questions
Does Pi-hole 6 work on a Raspberry Pi?
Yes. Pi-hole 6 runs well on any Raspberry Pi model. Assign it a static IP and ensure it stays powered on, since the whole network depends on it for DNS.
What happens if Pi-hole goes down?
All DNS resolution on your network will fail unless your router has a secondary DNS configured as a fallback. Always set a public DNS like 1.1.1.1 as backup.
Can Pi-hole block ads on phones and smart TVs?
Yes. Because Pi-hole works at the DNS level on your router, any device that uses your network’s DNS – including phones, TVs, and consoles – gets ad blocking automatically.
How is Pi-hole 6 different from Pi-hole 5?
Pi-hole 6 replaces lighttpd with a built-in web server, ships with a redesigned admin interface, uses a new TOML config file, and includes an improved API for automation.
