How to Set Up Pi-hole on Your Home Network: DNS-Level Ad Blocking, Blocklists, and Local DNS for TP-Link, ASUS, and pfSense Routers

Every device on your home network makes DNS lookups before loading any content — your phone checking Instagram, your smart TV loading a pre-roll ad, your laptop pinging a tracker. Pi-hole intercepts those lookups and returns a null response for blacklisted domains, blocking the ad or tracker before any data is transferred. The result: network-wide ad blocking on every device you own, without installing a browser extension on a single one of them.

What You Need

Pi-hole runs on virtually any Linux system. Common hardware choices include a Raspberry Pi Zero 2 W (~$15), a Raspberry Pi 4 or 5, an old PC repurposed as a home server, or a Docker container on an existing NAS. Pi-hole Core v6.3 is the current stable release as of 2026, paired with the FTL v6.4 DNS engine and Web Interface v6.4. For a dedicated low-power install, the Raspberry Pi Zero 2 W consumes under 1W at idle and handles the DNS traffic of a typical home network without breaking a sweat.

Step 1: Assign Pi-hole a Static IP

Before installing anything, lock the Pi-hole host to a fixed IP address. If the IP changes after setup, every device on your network loses DNS resolution until the router’s DHCP table updates — which means no internet. The cleanest approach is a DHCP reservation on your router: find the Pi-hole host by MAC address in your router’s connected-devices list and assign it a fixed address outside your main DHCP range, such as 192.168.1.2. Save and let the device renew its lease before continuing.

Step 2: Install Pi-hole

SSH into your Raspberry Pi or Linux host and run the one-line installer:

curl -sSL https://install.pi-hole.net | bash

The text-based wizard walks you through three key choices: your network interface, your upstream DNS provider, and whether to install the web admin dashboard. For upstream DNS, Cloudflare (1.1.1.1 / 1.0.0.1) is fast and privacy-respecting; Quad9 (9.9.9.9) adds malware-domain blocking at the resolver level; Google (8.8.8.8) has the widest anycast coverage. Most home users should choose Cloudflare or Quad9. After installation, your admin dashboard is at http://<pi-hole-ip>/admin.

Step 3: Point Your Router’s DNS to Pi-hole

This is the step that makes Pi-hole work for every device on your network, not just the host running it. Log into your router’s admin panel and change the primary DNS server in the DHCP settings to Pi-hole’s static IP. Each router does this slightly differently.

TP-Link Archer and Deco

Log in at 192.168.0.1, go to Advanced › Network › DHCP Server, and set the Primary DNS field to your Pi-hole’s IP. Deco users open the Deco app, go to More › Advanced › IPv4, and enter the Pi-hole IP as the DNS server. Save and reboot the router. New device connections will now receive Pi-hole as their DNS server automatically.

ASUS RT and ZenWiFi Series

Navigate to LAN › DHCP Server and set DNS Server 1 to Pi-hole’s IP. Leave DNS Server 2 blank rather than entering a fallback — a secondary DNS lets devices bypass Pi-hole if it goes offline, which defeats the blocking. Most home users prefer to rely on Pi-hole’s uptime and keep the secondary field empty.

pfSense

Go to Services › DHCP Server, scroll to the Servers section, and enter Pi-hole’s IP in the DNS Servers field. pfSense power users can also add a firewall rule that redirects all outbound port 53 traffic to Pi-hole, ensuring smart TVs and IoT devices that hard-code DNS addresses like 8.8.8.8 cannot bypass filtering.

Step 4: Add Blocklists

Pi-hole ships with the StevenBlack Unified Hosts list (~220,000 domains) active by default. To add more, open the admin dashboard, navigate to Group Management › Adlists, and paste in additional list URLs. Popular additions include the OISD blocklist (comprehensive, low false positives), HaGeZi Multi PRO (aggressive tracker blocking), and the URLhaus malware-domain list maintained by abuse.ch. After adding lists, click Tools › Update Gravity to download and apply them. Pi-hole’s FTL engine deduplicates entries across all lists automatically.

Step 5: Set Up Local DNS Records

One of Pi-hole’s most useful but underused features is local DNS. Under Local DNS › DNS Records, you can map friendly names to devices on your network — for example, assigning nas.home to 192.168.1.50 so you can reach your NAS without memorizing its IP address. Local DNS entries also make Pi-hole’s query log far more readable: device names appear instead of raw IP addresses, making it faster to identify which device is hammering ad networks or calling home unexpectedly.

Handling False Positives

Pi-hole will occasionally block something legitimate — a streaming service CDN, a smart home update server, or a work app that shares a domain with a known ad network. When something stops working, open the admin dashboard’s Query Log and filter by the affected device’s IP. Blocked queries appear in red. Identify the domain and add it to your whitelist under Domains › Whitelist. Whitelisted domains take effect immediately without a restart.

Performance and Reliability

Pi-hole adds minimal latency: under 1ms for cached queries and 10–30ms for fresh upstream lookups. The primary risk is availability. If your Pi-hole host goes offline, devices lose DNS and appear to have no internet. A dedicated Raspberry Pi on a reliable power supply handles this well for most homes. Power users can run two Pi-hole instances and enter both IPs in the router’s DHCP DNS fields for redundancy. Once Pi-hole is running, pair it with encrypted DNS using our guide on enabling DNS-over-HTTPS at the router level, and monitor network health with our router system logs walkthrough. When you want to confirm your connection speed isn’t being impacted by the added DNS hop, run a quick speed test.