Set Up Home DNS Server

CompactHost · March 25, 2026

A home DNS server is one of the most powerful yet underrated additions to any homelab. I've been running Pi-hole for three years now, and the difference it makes—blocking ads network-wide, filtering malware domains, and giving me visibility into what devices are actually talking to—is night and day. Instead of fighting ads in your browser, or letting tracking requests leak out to the internet, you intercept them at the DNS layer before they ever leave your network.

In this guide, I'll walk you through deploying a DNS server on your home network, configuring your router to use it, and understanding why this single service pays for itself in peace of mind and performance.

Why Run Your Own DNS Server?

Your ISP or public DNS provider (like Cloudflare or Google) answers every DNS query your devices make. That means they log which websites you visit. Even if you trust them, it's metadata flowing out of your network that you don't control.

A home DNS server changes that equation. I prefer Pi-hole because it's lightweight, free, and does three things brilliantly:

Ad blocking: Blocks requests to known ad networks before they even load. I've measured a 40% reduction in page load times on news sites.
Privacy: Keeps DNS queries on your network. Nothing leaves your router unless you explicitly want it to.
Visibility: Shows you exactly what's happening on your network—which devices are querying what, at what time.

The runner-up is AdGuard Home, which offers more granular control and DoH/DoT support. Both work brilliantly; I went with Pi-hole for its simplicity and active community.

Hardware & Prerequisites

You don't need much. I'm running Pi-hole on a Raspberry Pi 4 with 4GB RAM, but it'll run on anything:

Any Linux machine (Raspberry Pi, old laptop, LXD container, or a cheap VPS)
5GB disk space (including blocklist cache)
Static IP address on your network (important—more on this below)
Access to your router's admin panel

If you're considering a VPS for always-on DNS queries, providers like RackNerd's affordable KVM VPS plans work well for this purpose, though I prefer keeping DNS local to avoid latency.

Deploying Pi-hole with Docker

The cleanest way to run Pi-hole is with Docker Compose. This keeps dependencies isolated and makes updates trivial.

First, create a directory and compose file:

mkdir -p ~/pihole && cd ~/pihole
cat > docker-compose.yml << 'EOF'
version: '3.8'
services:
  pihole:
    image: pihole/pihole:latest
    container_name: pihole
    restart: unless-stopped
    network_mode: host
    environment:
      TZ: 'UTC'
      WEBPASSWORD: 'your-secure-password-here'
      DNS1: '8.8.8.8'
      DNS2: '8.8.4.4'
      DNSMASQ_LISTENING: 'all'
    volumes:
      - './etc-pihole:/etc/pihole'
      - './etc-dnsmasq.d:/etc/dnsmasq.d'
    cap_add:
      - NET_ADMIN
EOF

Change your-secure-password-here to something strong. The DNS1 and DNS2` variables point to upstream DNS servers—I use Google's, but you could use Cloudflare (1.1.1.1, 1.0.0.1) or Quad9 (9.9.9.9) if you prefer.



Now deploy it:

docker compose up -d


Check that it's running:

docker compose logs pihole | tail -20


You should see something like "DNS service is operational" and "lighttpd listening on port 80".

Tip: Assign a static IP to your Pi-hole container's host machine. On the Pi, edit /etc/dhcpcd.conf and add lines like:
interface eth0
static ip_address=192.168.1.10/24
static routers=192.168.1.1
static domain_name_servers=192.168.1.1

Then reboot. This prevents your DNS server's IP from changing.

Configuring Your Router

Now the magic happens. You need to tell your router to use Pi-hole as its DNS server.

Log into your router's admin interface (usually 192.168.1.1 or 192.168.0.1) and find the DNS settings—typically under DHCP or LAN settings. Change the DNS servers to your Pi-hole's IP address (in my example, 192.168.1.10

Some routers let you set a primary and secondary DNS. Set primary to Pi-hole, and secondary to a public DNS like Cloudflare (1.1.1.1) as a fallback if Pi-hole goes offline.


Restart your DHCP server or reboot the router. Now all devices on your network will query Pi-hole first.

Accessing the Pi-hole Dashboard

Open your browser and go to http://your-pihole-ip/admin. You'll see a login prompt. Use the password you set in the Docker Compose file.

The dashboard shows you everything:


Queries: Total DNS requests in the last 24 hours (mine averages 15,000–20,000 per day)
Blocked: How many ad/tracking queries were blocked (I see 30–40% block rates)
Clients: Which devices on your network are querying what
Top Domains: Which sites your network talks to most


Go to Adlists and enable a few public blocklists. I use:


https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts (StevenBlack's hosts file—huge and well-maintained)
https://adaway.org/hosts.txt (AdAway's blocklist)
https://v.firebog.net/hosts/Easylist.txt (EasyList—covers most ad networks)


Add these URLs and click "Gravity" to update. Pi-hole will download and parse them. The first update takes a minute or two.

Watch out: If you add too many blocklists at once, you risk false positives—legitimate sites that get caught by overly aggressive rules. Start with 2–3 lists, monitor for a week, then add more. Also, if a site breaks (you can't log in, images won't load), you'll need to allowlist that domain in Pi-hole's settings.

Fine-Tuning & Allowlisting

Not everything blocked is actually a problem. Your banking site might rely on an analytics domain that's on a blocklist. Or your smart home hub might need access to a manufacturer's cloud service.

Go to Whitelist and add domains you want to bypass blocking. I've allowlisted domains like adjust.com (mobile analytics my apps need) and branch.io (deep linking).

You can also create regex-based rules for fine-grained control. For example, to block all *.ads.example.com subdomains, use:

^ads\.example\.com$


In Pi-hole's Local DNS Records, you can also add custom entries. I use this to map internal hostnames—like storage.home to my NAS's IP, or backup.home to my backup server. This lets me access devices by friendly name instead of remembering IP addresses.

Monitoring & Updates

Pi-hole ships with regular updates. Since we're running it in Docker, updates are simple:

cd ~/pihole
docker compose pull
docker compose up -d


Docker will pull the latest image, stop the old container, and start a new one using your saved configs. Downtime is usually under 10 seconds.

I recommend checking the Pi-hole admin dashboard once a week to verify it's running and that your block rate is healthy. If it drops dramatically, a blocklist might be out of date—update gravity from the settings.

For deeper monitoring, you can forward Pi-hole metrics to Prometheus or Grafana, but for a home setup, the built-in dashboard is usually enough.

What's Next?

Once your DNS server is stable, consider these upgrades:


DNS-over-HTTPS (DoH): Encrypt DNS queries end-to-end. Pi-hole supports this via Cloudflared.
Split DNS: Query different upstream resolvers based on domain—route work domains to your company's DNS, everything else to Cloudflare.
Conditional forwarding: Resolve local hostnames (like your printer) using your router as an upstream server.


For now, you've built a privacy-first network with one small Docker container. Your devices are faster, your network is more private, and you have visibility into what's happening behind your router. That's the real power of self-hosting.