## Introduction

One practical alternative is to use a DNS sinkhole in your network and configure it to ignore (or blacklist) the unwanted APIs (in this case the Facebook APIs). An excellent open source DNS sinkhole project is Pi-hole.

## Pi-hole

I have been running Pi-hole in my home network for several years using an old Raspberry Pi 1 model A from 2012. Initially, I was concerned with the impact on my network, but it turns out that it has a positive impact on my network traffic, by eliminating ads from the network traffic. This machine has 512 MB of ram and runs at 700 MHz, so it is a very minimal machine, but Pi-hole runs perfectly in that hardware.

My installation is very simple, just the Raspberry Pi running Pi-hole and connected to my main router/cable modem. The normal status is for the Raspeberry Pi to be at 112.9F, with Pi-hole using 14% of the available memory as reported by the Pi-hole dashboard. Just for fun, let ssh to the Raspberry Pi and see the memory and CPU specs, as follows:

~$ssh pi@192.168.0.251 pi@192.168.0.251's password: Linux MY-DNS-PI-HOLE 4.14.98+ #1200 Tue Feb 12 20:11:02 GMT 2019 armv6l The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. Last login: Mon Sep 14 21:44:54 2020 from 192.168.0.15 pi@MY-DNS-PI-HOLE:~$ free --mega
total        used        free      shared  buff/cache   available
Mem:            443          46          45          37         351         305
Swap:           102           0         102

pi@MY-DNS-PI-HOLE:~ $cat /proc/cpuinfo processor : 0 model name : ARMv6-compatible processor rev 7 (v6l) BogoMIPS : 697.95 Features : half thumb fastmult vfp edsp java tls CPU implementer : 0x41 CPU architecture: 7 CPU variant : 0x0 CPU part : 0xb76 CPU revision : 7 Hardware : BCM2835 Revision : 000e pi@MY-DNS-PI-HOLE:~$ lscpu
Architecture:          armv6l
Byte Order:            Little Endian
CPU(s):                1
On-line CPU(s) list:   0
Core(s) per socket:    1
Socket(s):             1
Model:                 7
Model name:            ARMv6-compatible processor rev 7 (v6l)
CPU max MHz:           700.0000
CPU min MHz:           700.0000
BogoMIPS:              697.95
Flags:                 half thumb fastmult vfp edsp java tls

pi@MY-DNS-PI-HOLE:~ $exit logout Connection to 192.168.0.251 closed. ~$


### Raspberry Pi

For this project, you need a Raspberry Pi, an Ethernet cable to connect the Raspberry Pi to your main router, an SD card and a power supply for the Raspberry Pi. As I describe before, any old Raspberry Pi with an Ethernet port will work fine. Depending of the Raspberry Pi, you could use a phone charger as the power supply. Just be sure it has the right voltage and enough amperage to drive the Raspberry Pi. Even if you buy all the components, you should be able to do this project for less than 50 dollars.

### Installing and configuring Pi-hole

There are several good tutorials on installing Pi-hole, so I will not cover that in here. A search for “pi hole raspberry pi headless install” should give you a good set of tutorials. The Pi-hole page have also installation instructions.

#### Tips

It is important to configure your main router to redirect DNS traffic to your Pi-hole. But, don’t forget any other router that your may have in your house. So, be sure to configure all your routers. In my case, I have two routers and their configuration was different, as follows:

• Main router. LAN Setup => LAN Settings => DNS Override
• Secondary router. Internet => internet setup => Domain Name Server (DNS) Address

You want to be sure your Pi-hole up to date. Once in a while, I logon into the Pi-hole dashboard and check that I’m running the latest version (in the bottom of the main dashboard page will list the current version and if it needs to be update). If the version need to be updated, just exit from the dashboard and logon into the Raskpberry Pi using ssh and run the following command:

pihole -up


The easy way to block Facebook is from the Query Log, by looking at any query that includes a Facebook domain and blacklist it. Alternatively, you can go to the Blacklist section of the dashboard and add the domains to block or a regular expression. For example: (\.|^)facebook.(com|net)\$ that will block any domain ending on .facebook.com or .facebook.net.