Pi-hole
Pi-hole is a network-level ad blocker that acts as a DNS sinkhole, blocking advertisements and trackers for all devices on a local network without requiring client-side software. It is self-hosted, typically on a Raspberry Pi or Linux machine, and is free and open-source software maintained by volunteer developers and funded through community donations.
Score generated by AI agents based on publicly cited evidence and reviewed by the project maintainer. Not independently validated.
Score History
Timeline events are AI-curated from public reporting. Score trajectory is derived from documented events.
Jacob Salmela created Pi-hole in the summer of 2014 as a personal bash script to block ads network-wide using a Raspberry Pi, inspired by frustration with browser-based ad blockers and the limitations of commercial hardware like AdTrap. The project was shared on Reddit and GitHub as a simple command-line tool with no web interface, no formal governance, and no organizational structure.
Pi-hole gained significant traction after Lifehacker coverage in late 2015 and reached 1,000 GitHub stars by May 2016. The project added a web interface based on AdminLTE, launched a Discourse community forum in October 2016, and iterated through several v2.x releases adding features like DNS server selection, query logging, and basic statistics. The growing community surfaced occasional over-blocking complaints and setup complexity issues, but overall user sentiment remained highly positive.
Pi-hole professionalized with the v3.0 release featuring the FTL (Faster Than Light) engine for dramatically improved performance, adopted the EUPL v1.2 open-source license, filed the Pi-hole trademark in March 2017, and eventually formed Pi-hole LLC in 2018. The team grew to eight volunteer developers. A swag store and Patreon page launched to fund infrastructure costs, raising over $31,000 in donations by year-end 2018. The v4.0 release in August 2018 integrated FTLDNS, added regex blocking, privacy levels, and official Docker support.
Pi-hole v5.0 introduced per-client group management and migrated blocklist storage to a SQLite gravity database, enabling granular control over which clients see which block rules. AdGuard Home emerged as a viable competitor with native encrypted DNS support, but Pi-hole maintained its community lead with 40,000+ GitHub stars. Several security vulnerabilities were discovered and patched (CVE-2020-11108 RCE, stored XSS in query logs, DNSSEC flaws in 2024), handled transparently through public advisories. The multi-year v6 rewrite began during this period.
Alternatives
Cloud-based DNS filtering that provides Pi-hole-like blocking without self-hosting any hardware. Free tier includes 300,000 queries/month; Pro is $1.99/month. Much easier setup — just change your DNS settings — but you're trusting a third party with your DNS queries instead of running your own server.
Free, open-source, self-hosted DNS ad blocker similar to Pi-hole but with a more polished web UI, built-in HTTPS filtering, and native encrypted DNS support out of the box. Comparable setup effort. Blocklist migration tools exist to move Pi-hole configurations over.
Dimensional Breakdown
Summaries below were written by AI agents based on the cited evidence. They are editorial interpretations, not independent research findings.
Dimension History
Timeline (40 events)
Jacob Salmela Creates Pi-hole as Personal Script
Jacob Salmela, a Linux administrator from Minnesota, created Pi-hole in the summer of 2014 as a personal bash script to block advertisements across his home network using a Raspberry Pi. The script was inspired by frustration with per-device browser-based ad blockers and the limitations of commercial hardware like AdTrap. Salmela shared the project on Reddit and GitHub.
Pi-hole Blog and Documentation Site Launched
Pi-hole launched its official blog at pi-hole.net with early posts documenting improvements to the ad-blocking script. The blog became the primary channel for release announcements, technical guides, and community updates, establishing a pattern of transparent public communication that continues to this day.
First Web Interface Announced for Pi-hole
Pi-hole announced development of a web-based management interface, moving beyond the command-line-only tool. The interface would allow users to update settings, view statistics, and manage blocklists through a browser, significantly lowering the barrier to entry for non-technical users.
Pi-hole 2.0 Launches with Flat Web Interface
Pi-hole 2.0 introduced a redesigned flat web interface built on the AdminLTE dashboard template, providing graphs, charts, and query statistics. This release marked Pi-hole's transition from a bare-bones script to a user-friendly application with visual monitoring capabilities.
Lifehacker Coverage Drives Viral Adoption
Lifehacker published 'Turn A Raspberry Pi Into An Ad Blocker With A Single Command,' introducing Pi-hole to a mainstream audience. The article highlighted Pi-hole's one-line curl installer and drove significant traffic to the project, accelerating community growth and GitHub contributions.
Pi-hole 2.5.3 Adds Upstream DNS Server Choices
Pi-hole 2.5.3 expanded DNS server options in the installer, allowing users to choose from multiple upstream DNS providers or define their own. The web admin page received a major overhaul with new graphs and charts for better visibility into blocking activity.
Pi-hole Reaches 1,000 GitHub Stars
Pi-hole celebrated reaching 1,000 stars on GitHub, reflecting growing community adoption. The project had begun as a personal script roughly two years earlier and was gaining traction among privacy-conscious technical users running Raspberry Pi setups at home.
Pi-hole Discourse Community Forum Launched
Pi-hole launched its Discourse-based community forum at discourse.pi-hole.net, replacing an earlier less capable forum. The new platform became the primary venue for community support, feature requests, and development discussion. The team committed to monitoring all posts, though response times vary given the volunteer nature of the project.
Pi-hole 2.9.5 Adds Pause/Resume Functionality
Pi-hole 2.9.5 introduced the long-requested ability to temporarily pause and resume ad blocking, along with a more privacy-conscious debug process using the team's own server for log uploads rather than third-party services.
Pi-hole 2.10 Adds Web-Based Gravity Updates and Settings Page
Pi-hole 2.10 Core / 2.0 Web added the ability to run gravity (blocklist updates) from the web interface rather than only via command line. A new settings page provided centralized control over system configuration, and users could block or unblock domains directly from the query log.
Pi-hole Trademark Filed with USPTO
Pi-hole LLC filed a trademark application for 'Pi-hole' with the U.S. Patent and Trademark Office (serial number 87374408), covering software as a service for ad-blocking during internet usage. The trademark was used for brand protection rather than to restrict competition or community use of the software.
Pi-hole Swag Store Opens for Community Funding
Pi-hole launched a merchandise store selling t-shirts, mugs, and hoodies to help fund project infrastructure. Revenue from merchandise supplemented voluntary donations to cover hosting, legal, and development costs for the volunteer-driven project.
Pi-hole v3.0 Launches with FTL Engine
Pi-hole 3.0 introduced the FTL (Faster Than Light) engine, a purpose-built API that read stats directly from memory rather than parsing log files. Performance improved dramatically, especially on older Raspberry Pi hardware, with the system tested handling over 100 million queries daily. The release also added IPv6 upstream DNS support, DHCP reservations, and web-based blocklist management.
Pi-hole Adopts EUPL v1.2 Open-Source License
Starting with v3.0, Pi-hole adopted the European Union Public Licence v1.2 as its open-source license, replacing earlier licensing. The EUPL is an OSI-certified copyleft license compatible with GPL v2/v3 and AGPL v3. Code committed before v3.0 retained its original licensing.
Pi-hole Reaches 5,000 GitHub Stars and 10,000 Redditors
Pi-hole celebrated reaching 5,000 GitHub stars and 10,000 subscribers on its r/pihole subreddit. The project had grown from a personal script to one of the most popular Raspberry Pi projects, with Lifehacker coverage cited as an early catalyst for mainstream adoption.
Pi-hole Launches Recurring Donation System
Pi-hole announced support for recurring monthly donations to sustain development. The project team had grown to six developers working in their spare time, with growing infrastructure costs. The announcement emphasized that Pi-hole would remain free and open-source regardless of donation levels.
Pi-hole Publishes Open Source Philosophy Statement
Pi-hole published a blog post titled 'Pi-hole Is Open Source: Consume, Contribute, Or Both?' articulating its philosophy on open-source development. The post outlined how community members could contribute through code, testing, documentation, or donations, establishing norms for the growing contributor base.
Pi-hole Launches Patreon and Community Fundraiser
Pi-hole launched its Patreon page on May 29, 2018, starting at $384/month. A parallel fundraiser campaign collected over $31,000 in donations by year end. The funds covered infrastructure costs (~$5,735), legal services (~$5,115), taxes (~$3,475), and developer hardware (~$3,150). The team also sold all 300 limited edition FTLDNS coins.
Pi-hole v4.0 Releases with FTLDNS and Docker Support
Pi-hole v4.0 replaced dnsmasq with FTLDNS (Pi-hole's fork of dnsmasq with integrated statistics), introduced regex-based blocking for complex filter patterns, added configurable privacy levels for query logging, and launched an official Docker image. The default blocking mode changed to NULL blocking, eliminating the need for iptables rules.
2018 Retrospective: Eight Developers, $31K Raised
Pi-hole's 2018 retrospective revealed the project had grown to eight core volunteer developers, achieved 99.97% uptime for services, attracted over 1 million unique blog visitors, and generated over 22,000 Discourse forum posts. Patreon grew from $384/month to over $1,300/month. Total 2018 expenses were approximately $20,000 covering infrastructure, legal, taxes, and hardware.
Pi-hole v5.0 Introduces Group Management and Gravity Database
Pi-hole v5.0 migrated blocklist storage from flat text files to a SQLite gravity database and added per-client group management, allowing administrators to apply different blocking rules to different devices. Deep CNAME inspection was introduced to catch domains hiding behind CNAME chains. The release also added regex/wildcard allowlisting and bar charts for 24-hour query history.
CVE-2020-11108: Authenticated RCE Vulnerability Disclosed
A critical vulnerability (CVE-2020-11108, CVSS 8.8) was disclosed in Pi-hole v4.4 and below, where the gravity updater could be exploited by authenticated users to upload arbitrary files and achieve remote code execution with root privilege escalation. The vulnerability was in gravity_DownloadBlocklistFromUrl and exploited unquoted curl parameters. A patch was released promptly.
Pi-hole v5.2 Adds Client Subnet Discovery and MAC-Based Identification
Pi-hole Core/Web v5.2 and FTL v5.3 introduced the Client Subnet (ECS) feature to identify client IP addresses even behind NAT or proxy DNS servers. Clients could now be defined by MAC address for persistent identification regardless of DHCP changes. A new DHCP discovery feature scanned all interfaces for available DHCP servers.
Pi-hole Adds SVCB and HTTPS Query Type Display
Pi-hole Web v5.3, Core v5.2.3, and FTL v5.4 added support for displaying SVCB and HTTPS DNS query types, which were increasingly used by modern browsers for service binding. The release also updated SQLite3 to v3.34.0 with a full shell interface exposed through pihole-FTL.
Stored XSS Vulnerability Found in Pi-hole Query Log
A stored cross-site scripting vulnerability was discovered in Pi-hole's query log (prior to v5.2.2), where attackers with DNS access could inject malicious JavaScript payloads via crafted hostnames. When administrators viewed the Query Log page, the script would execute. The vulnerability was patched in subsequent releases.
Pi-hole Migrates Recurring Donations from Patreon to GitHub Sponsors
Pi-hole transitioned its recurring donation system from Patreon to GitHub Sponsors, consolidating funding management within the platform where development already occurred. Some donors reported notification gaps during the transition, which the team acknowledged as an oversight and worked to resolve.
Stored XSS Patched in Pi-hole Web v5.6
Pi-hole Web v5.5.1 and subsequently v5.6 patched a persistent XSS vulnerability where unfiltered user input added as a wildcard domain to blocklists or allowlists could execute arbitrary JavaScript in the web interface. The fix added proper input sanitization for domain entries.
Pi-hole v6 Beta Testing Begins After Four Years of Development
Pi-hole announced beta testing for v6.0 after nearly four years of development. The new version represented a complete architecture overhaul: the web interface was rewritten in Lua, lighttpd and PHP were eliminated, and the REST API was embedded directly into pihole-FTL. The team warned that upgrading from v5 to v6 was strictly a one-way operation.
Pi-hole Patches Two DNSSEC Denial-of-Service Vulnerabilities
Pi-hole released patches for CVE-2023-50387 and CVE-2023-50868, both rated 'high' severity DNSSEC vulnerabilities inherited from the dnsmasq codebase. Specially crafted DNSSEC answers could cause excessive CPU-intensive validation, enabling denial-of-service attacks against the DNS resolver. Fixes were deployed to both the v6 beta and backported to v5 stable.
Authenticated File Read Vulnerability Patched in Pi-hole v5.18
Pi-hole Core v5.18 patched CVE-2024-28247, an authenticated arbitrary file read vulnerability with root privileges. The flaw in the gravity script allowed authenticated users to read any system file by manipulating the file:// handler path. The fix added proper path validation to prevent directory traversal.
Critical SSRF-to-RCE Vulnerability Fixed in Pi-hole v5.18.3
Pi-hole v5.18.3 patched CVE-2024-34361 (CVSS 8.6), a critical server-side request forgery vulnerability in gravity_DownloadBlocklistFromUrl() that could be escalated to remote code execution via the Gopherus protocol. The flaw allowed authenticated users to send arbitrary internal requests through improper URL validation. Exploits were observed in the wild before the patch.
Pi-hole Announces Preparation for General v6 Release
After 10 months of beta testing with over 250 discussion threads on the Discourse forum, Pi-hole announced preparations for the general release of v6.0. Development branches were being consolidated from development-v6 into main branches. The beta period had helped identify bugs, uncover new use cases, and polish the user experience.
Pi-hole v6.0 Released: Complete Architecture Overhaul
Pi-hole v6.0 shipped after approximately five years of development, representing the largest architectural change in the project's history. The release embedded the web server and REST API directly into pihole-FTL, eliminated dependencies on lighttpd and PHP, consolidated configuration into a single TOML file, added native HTTPS with auto-generated TLS certificates, and introduced subscribed allowlists. The Docker image shrank from 113 MB to 38 MB by switching to Alpine Linux.
Pi-hole v6 Post-Release Fixes Address Initial Issues
Within three days of the v6.0 release, the Pi-hole team published a transparency post addressing bugs and issues reported by early upgraders. The post documented known problems with port conflicts, configuration migration edge cases, and web interface issues, along with workarounds and upcoming fixes. Patches followed rapidly through v6.0.1 to v6.0.5.
Pi-hole v6.2 Released with Performance and Stability Improvements
Pi-hole FTL v6.2, Web v6.2, and Core v6.1 delivered stability improvements and bug fixes following the major v6.0 release. The update addressed issues discovered during the initial months of v6 adoption and continued the rapid release cadence that characterized Pi-hole's post-v6 development.
Donor Email Breach Discovered via GiveWP Plugin Vulnerability
Pi-hole discovered that approximately 29,926 donor names and email addresses had been exposed through a vulnerability in the GiveWP WordPress plugin used on pi-hole.net's donation page. Donors first reported receiving phishing emails at addresses used exclusively for Pi-hole donations. The donor data was visible in the webpage's source code without authentication due to the plugin flaw.
Pi-hole Publishes Transparent Post-Mortem of Donor Breach
Pi-hole published a detailed public post-mortem of the GiveWP donor email breach, criticizing the plugin vendor's 17.5-hour delay in notifying affected sites and their insufficient acknowledgment of the security impact. No financial data was compromised (handled by Stripe/PayPal), and the Pi-hole software itself was unaffected. The breach was added to Have I Been Pwned, with 73% of records already in its database.
Pi-hole v6.3 Shortens TLS Certificate Validity to 47 Days
Pi-hole FTL v6.3 reduced the default validity of self-signed TLS certificates from one year to 47 days, with automatic renewal to compensate for the shorter validity period. This change followed industry best practices for certificate management. Improved default Content Security Policy headers provided better XSS protection.
Pi-hole v6.4 Adds TOTP Rate Limiting Against Brute Force
Pi-hole FTL v6.4 introduced rate-limiting for TOTP (two-factor authentication) validation at a maximum of one attempt per second, preventing brute-force attacks against 2FA-protected Pi-hole instances. The release continued the post-v6 security hardening pattern.
Pi-hole v6.5 Delivers 16% Gravity Performance Improvement
Pi-hole FTL v6.5 optimized gravity updates to reduce processing time by approximately 16% (from ~27s to ~23s with ~5 million domains). FTL now imports historical queries asynchronously on startup, allowing DNS resolution to begin immediately rather than blocking until the entire query history loads. A new database.forceDisk option reduces memory footprint on constrained hardware.