Hosting Pi-hole on Android Using QEMU

Advertisements suck. Beyond being generally obnoxious, they can cause performance issues and even sometimes be downright malicious. There are plenty of ad-block solutions for your browser, but not as many to help with ads not hosted on websites, especially in apps on your phone. One of the most notable solutions to that problem is Pi-hole, a DNS-level ad-blocker that can run on something as simple as a Raspberry Pi. That's great for when you're at home, but the official solution for using Pi-hole on the go is a bit obnoxious.

Fortunately, there's always an alternative solution.

It's not a good or viable solution, but beggars can't be choosers, right?

I have previously run a Linux virtual machine on an Android phone using Termux and QEMU, and while the performance was about as bad as you'd expect, Pi-hole's system requirements are fairly low, so why not try and adapt that solution to run a local Pi-hole instance on a phone?

If you haven't installed it already, the first step is to get Termux. It seems like they really want you to just install it from GitHub, but it is available on F-Droid as well. Instructions for installing it are available in their GitHub repository.

Termux uses apt for package management, but provides and recommends using pkg for package management. We'll need to use pkg to install QEMU, but I'd recommend setting up OpenSSH as well so you can type commands on a full-sized keyboard instead of relying on your phone keyboard. We'll be emulating an x86 CPU, so we'll grab that version of QEMU along with a collection of extra tools we'll need.

pkg install qemu-system-x86-64-headless qemu-utils

To help keep things tidy, I've created a dedicated directory for storing QEMU's files, so we'll created the disk image file for our VM to boot from in there. We’ll use the qcow2 format, which has the advantage of taking up space as needed rather than allocating all of it at once at the cost of speed. If you really want that bit of extra performance, you can use the raw format instead. You can also adjust the maximum size of the disk as needed.

cd qemu
qemu-img create -f qcow2 pihole.img 64G

Previously I used Arch as the OS for the VM, but Pi-hole (fortunately) doesn't support Arch. Of the supported options, Ubuntu should be the easiest, so we'll grab a copy of that. I'd recommend using the server variant, which excludes a fair bit of unnecessary bulk. If you're using SSH, you can just download it on your desktop and transfer it to your phone using SFTP.

With the ISO prepared, use a command similar to the one below in order to perform the initial install. We'll explain the various options in further detail later, so I'll ask you to just press the “I believe” button for now.

qemu-system-x86_64 -smp 4 -m 4G -drive file=~/qemu/pihole.img,format=qcow2 -cdrom ~/qemu/ubuntu.iso -vga std -boot menu=on -display vnc=0.0.0.0:0

You should now be able to connect to your phone via VNC and complete the install process for Ubuntu. Ubuntu has a nice guided installer, so the install process should be pretty straightforward.

Now we'll shut down the VM and update the boot command to the one we'll use for properly running the VM. You can save it to a shell script so you don't have to remember the whole thing. You can also adjust it as needed to fit your needs.

qemu-system-x86_64 \
-name Pihole \
-smp 4 \
-m 4G \
-drive file=~/qemu/pihole.img,format=qcow2 \
-nic user,hostfwd=tcp:127.0.0.1:8080-:80,hostfwd=tcp:127.0.0.1:8053-:53,hostfwd=udp:127.0.0.1:8053-:53 \
-vga std \
-boot menu=on \
-display vnc=0.0.0.0:0

Here's a basic rundown of the options and what they actually do:

If you have the time on your hands, you can always look through the QEMU documentation to look for any additional options you might want to try out.

Now that Ubuntu is installed, we can install Pi-hole. It also has a nice guided installer, so just follow the instructions on their website to kick things off. If you're still overwhelmed, all of the default options should be fine. Just select the public DNS service you want the Pi-hole to use. Make sure you note the admin password that Pi-hole generates. It's easy enough to reset from the command line if you don't, but you'd probably rather just remember it.

With that done, now we need to point DNS for our phone to our new Pi-hole. Unfortunately, things get a bit messy here. In Android 8.1 and older, you would need to manually set the DNS for every network connection you ever use, and as of Android 9, this can be set globally but requires the DNS server to support DNS over TLS, which Pi-hole does not out of the box. Fortunately, there's an app called DNSChanger, which uses Android's VPN API to redirect requests without having to manually configure DNS settings over and over. It's open-source to boot.

We have another small roadblock thanks to the issue of privileged ports that I referenced earlier. UNIX-based operating systems such as Android only allow the root user to open ports below 1024. This is allegedly a security measure, although the end result is that users are encouraged to run public-facing and potentially vulnerable apps as root instead of a lower-privilege user. Unless your phone is rooted, you'll have to use alternate ports for both Pi-hole's HTTP admin interface and the DNS server itself. Fortunately, there is an option to change what port DNSChanger sends its DNS queries to, although it's hidden in the “advanced settings” section. There's also an option to allow setting the DNS servers to localhost, so we'll enable both of those options.

With all the setup complete, all we need to do it point the DNS settings in DNSChanger to our VM and just like that we have our convenient on-the-go ad-blocker! It comes at the low cost of greatly reduced battery life and extraordinary heat output. Still, at least it's a bit more practical than the Arch VM was.

#qemu #emulation #ubuntu #android #phone #pihole

Surfshark Affiliate Link

$0.99 domains from Namecheap (affiliate link)