Pie Stop For Emergency DNS Needs

The war on Internet ads rages on, as the arms race between ad blockers and ad creators continues to escalate. To make a modern Internet experience even remotely palatable, plenty of people are turning to DNS-level filters to stop the ads from coming into the network at all. This solution isn’t without its collateral damage though, as the black lists available sometimes filter out something that should have made it to the user. For those emergencies, [Kristopher] created the Pie Stop, a physical button to enact a temporary passthrough on his Pi-Hole.

While [Kristopher] is capable of recognizing a problem and creating the appropriate white list for any of these incidents, others in his household do not find this task as straighforward. When he isn’t around to fix the problems, this emergency stop can be pressed by anyone to temporarily halt the DNS filtering and allow all traffic to pass through the network. It’s based on the ESP-01S, a smaller ESP8266 board with only two GPIO pins. When pressed, it sends a custom command to the Pi-Hole to disable the ad blocking. A battery inside the case allows it to be placed conveniently anywhere near anyone who might need it.

With this button deployed, network snafus can be effectively prevented even with the most aggressive of DNS-level ad blocking. If you haven’t thought about deploying one of these on your own network, they’re hard to live without once you see how powerful they are. Take a look at this one which also catches spam.

37 thoughts on “Pie Stop For Emergency DNS Needs

    1. Lambda users will just hit the physical / web page button anytime they have a doubt something is filtered, and leave it like this. If you trust any meatbag to be responsible enough to reset the physical switch, you already lost. At least with a webpage, the filtering can be re-enabled after a timeout.

    2. Yeah that sounds indeed very sensible for the elder when their smartTV hiccups suddenly because a filterlist was updated and now blocks a required service. I guess grandma will just pop out her smartphone and configure a pi hole on a local website.

      1. ???

        If the TV already has sudden hiccups due to filtering…
        Why does grandma need to configure pi hole on a local website?

        The suggestion was a simple site with likely one button (Pause), which suggests that already the setup is running, and frankly my Grandma (using Whatsapp like a madman) surely would be able to access a local website and press that button.
        Of course the grandchildren did set it up (which makes a lot of sense to me, considering how broken ads often are!)

    3. This just works better! I had set up a web page with a bitton and shown my partner how to use the gui but… its just an extra annoyance for her. Shes perfectly capable and understands it but makes the fair point its extra work to see content and there must be a better way.

      A button would be a nice solution!

    4. I have a web page for our house. Hosted locally, signed certificate, simple domain name. Handles adding things to our media watch list and a few other items.

      I can’t get my (technical-minded) wife to use it. It’s just easier for her to message me than to remember the URL, type it in, and remember how the navigate an unfamiliar page.

      For people who are not technical – ESPECIALLY older folks who I’d most likely to protect – you can’t really crank up the protection on a pi hole without some sort of physical method of disabling it.

      1. i could mearly give information as to possiably hapoened abd timd frame AS well as whom . i am stuck in the tripod of thier mess , i have exhausted all reachable help, and blocked from what help nay if been of benifit .

    5. Apart from you then have to open up a browser and click on a button. This solution makes good use of hardware/software and it’s cheap enough to recreate and a lot more convenient.
      It’s a shame it doesn’t have a status light on the controller to indicant the status of the pi hole however I do understand the reasoning behind this as it would require the device to be charged more regularly .

      1. Looks like one of those latching e-stop buttons – so there probably isn’t a need for a status LED, the switch’s position should reveal all. Though being a remote device that assumes both the Pi-hole and controller have a functional connection to each other, and have not crashed etc.

    1. I’m sorry but that’s a lot of work just to shut off Pi-hole. Unless they have a lot of internal shares, they could just point it to 1.1.1.1 or any other easily remembered public DNS providers. Windows, CTRL+ R, ncpa.cpl, alt + enter on network adapter, TCPv4 properties, just change one of the DNS servers to 1.1.1.1 because jn this situation a second one wouldn’t be needed.

      Before anyone says that’s way to technical, there’s plenty screen recording apps out there where you can record audio, put up detailed notes. Not sure why this would be needed. I’m just glad that it doesn’t appear that Manifest V3 will effect Pi-hole as I also use it as a recurrsive DNS server so my Pi-hole is my upstream DNS server with the combo of unbound and Pi-hole.

      If.Pi-hole doesn’t know the public IP it goes directly to the site instead of using any public DNS server. While it does take slightly longer the first time when you start, it caches all those domains so the next time it’s super fast because Pi-Hole is your upstream serverr.and it already has the public IP cacued. Luckily Google.pushed back Manifest V3 until January 2024 instead of 2023 because of the backlash.

      Google says it’s because of.malixiois extensions that they install through the official chrome extension site. Instead of changing how extensions work, why don’t you just monitor those extensions you give out for people to download and put out tougher rules about updates. A lot of malicious extensions are perfectly fine when downloaded but when there is an update Google has no control. How about taking control over that instead of breaking pretty much every extension out there? Yes, I know, it all about money but Google made. 21 billion in 2021 from ad revenue. They should have no say in how web browsers fundamentally handle.any extensions. At this point, only Safari and Firefox (forks included) aren’t chromium based bit when you have 70 percent of the market. It’s ridiculously stupid.

      1. At least google pushed back Manifest V3 until 2024 due to a lot of blowback. It was set to go in effect in January of 2023. It will pretty much make all ad blockers useless as they simply won’t work anymore. Uorigin made a Manifest V3 extention named Uorigin light and you have to enable as blocking on every site due to how Google is rewriting the rules on browser extensions for any chromium based browser for “security” because of malicious extensions.

        Sure, just ignore the fact that they made 21 billion is 2021 for ads alone and they are doing this to “protect” users. You can’t fix stupid and can’t spot a sketchy extension when you see it, often offering something for free like a VPN or free Netflix. Firefox will continue to support Manifest V2 and Pi-hole will work just the same. With a combo of regex and custom block lists I’ve got 970K blocked domains and quit using ad blocker extensions a while ago.

      1. And sites that won’t let me in due to ad-blockers enabled, I just don’t try to go there again. I have an RPI setup for my PI-Hole for the whole home network. Plugged into a UPS and just ‘works’.

  1. An e-stop style button isn’t really the best option here, they are dsigned so you can slam quickly to go to one state, then turn slowly to return to normal. This would probably be more sensible with a timed switch, press it to allow something then it will self-return to blocking after a few minutes.

      1. What I don’t understand is you can do this by going to the Pi-hole admin page by going to the ip of the Pi-hole and in the sidebar of choices there is an option to disable blocking for 5 seconds (not sure why), 30 seconds, 5 minutes (probably what the button is doing, custom time and indefinitely. I can get not knowing how to change DNS settings, especially if it’s pushed out by DHCP but is it that hard to go to the admin page and temporarily disable it? I guess so but seems like a lot of work unless the guy was a super smart programmer but still, have to buy hardware unless you have it laying around. Bookmark it and be done with it IMO.

  2. The Amazon Fire tablets, amongst others seem to blithely ignore my pi-hole blocker completely.
    Set the configuration to a static IP, Primary DNS to 192.168.1.104, secondary to 1.1.1.1 and then check the settings: Primary DNS is 192.168.1.104, Secondary DNS is: 1.1.1.1, 8.8.8.8.
    Sneaky *******s! Can’t even root the bloody thing to modify the hosts file, or install a low-level firewall.
    No need for an ad-blocker disable button for these :P
    The button does look like a nice simple solution for non-techie people though. Kudos to the creator.

  3. What this doesn’t solve is client side DNS caching, at least on my Mac.

    A local chain’s weekly ad fails to load when Pi-hole is running. If I disable it, the Mac remembers the previous DNS response from the Pi-hole and the ad still fails to load. It takes a sudo trip to the terminal to flush the cache and restart mDNSresponder. Enough pain to teach me to disable it first, but not enough for me to try to figure out what to whitelist.

    But this would certainly speed up disabling the Pi-hole before the problem occurs.

    1. If you go to the admin page for the Pi-hole there is literally an option to disable Pi-hole for indefinitely, 15 minutes, 30, or custom. Not sure why a button would be needed but that is just me. Odd that you Mac

      If you set up unbound as a recursive DNS server your Pi-hole is your upstream server so that would.fix.this issue . If you search YouTube for “you’re running Pi-hole wrong” you will find a walkthrough. If Pi-hole doesn’t know the public IP, it gets it directly from the site and caches it so Pi-hole is your upstream DNS server. You may have to flush the cache on your Pi-hole in that scenario but that can be done from the Pi-hole admin page also

      Still probably best to just whitelist it. The Pi-hole admin page is super friendly to navigate, especially if you just want to whitelist one or two sites where you want ads.

Leave a Reply to openstandardsCancel reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.