What a Tiny Raspberry Pi Taught Me About DNS, Privacy, and Control at Home
Source: Dev.to
Image: Raspberry Pi home‑lab
Most people never think about DNS.
It’s one of those things that quietly works in the background — like plumbing.
Until one day it doesn’t… and suddenly nothing on the internet makes sense.
As a Cloud Engineer I spend a lot of time thinking about systems at organisation scale.
But at home I realised something ironic — I was blindly trusting my ISP for something as fundamental as DNS, without visibility, without control, and without much thought.
This blog is about how a tiny Raspberry Pi quietly became my practice ground for real‑infrastructure ideas — without production incidents, without pressure, and without angry users.
Note: This is not a polished success story. It’s the beginning of a learning journey.
Why I Needed a Raspberry Pi at Home
I didn’t start this project because I was bored, and I definitely didn’t start it just to block ads (that was a nice side‑effect). What bothered me was:
- Ads everywhere
- Tracking everywhere
- DNS requests happening silently
- Zero visibility into where those requests were going
- DNS is the first step of the internet – every website, app, and API call starts there
At work we talk about security, observability, trust boundaries, and reliability.
At home I had none of that.
Instead of spinning up another cloud VM, I decided to bring those ideas down to home scale — using something small, cheap, and always on. That’s when the Raspberry Pi made sense.
Not as a toy, but as a tiny piece of infrastructure that other devices would depend on.
Why the Raspberry Pi Zero 2W (Not the Raspberry Pi 5)?
When people hear “Raspberry Pi”, the conversation often jumps straight to performance.
“Why not just get a Raspberry Pi 5?”
Fair question — but the wrong starting point.
I intentionally chose the Raspberry Pi Zero 2W, and that decision shaped the entire learning experience. The Zero 2W is:
- Cheap
- Silent
- Extremely low power
- Very limited (and that’s exactly why it’s such a good teacher)
At work, when something is slow we add resources.
At home, this Pi politely says no and forces you to:
- Think before installing things
- Understand what each service is doing
- Respect CPU and memory constraints
You don’t need a Ferrari to learn driving. You need a small car, narrow roads, and a few mistakes you’ll remember forever. This Pi gave me all three.
Cost Breakdown (Keeping It Honest)
This project didn’t start with a shopping spree. All of this runs on hardware that cost roughly £25 — cheaper than most monthly cloud bills.
| Item | Approx. Cost |
|---|---|
| Raspberry Pi Zero 2W | £5‑£7 |
| 32 GB micro‑SD card (recommended) | £5 |
| Power adapter | £3‑£5 |
| Laptop (of course 😄) | — |
That’s it. No rack, no switch, no cloud bill quietly judging you at the end of the month. For a device that runs 24/7, the power cost is almost negligible. The learning return, on the other hand, shows up every single day.
Image: Pi‑hole dashboard
At a high level, a Raspberry Pi sits between my home devices and the internet, handling DNS requests centrally.
First Service: Pi‑hole
The first service I installed was Pi‑hole — not because it’s fancy, but because it provides immediate, visible value.
Every device on your network constantly asks, “Where is this website?”
Pi‑hole sits in the middle and calmly replies:
- “Sure”
- “Okay”
- “Absolutely not, that’s an ad tracker”
…and it does this before ads even get a chance to load. This happens at the DNS level, not in a browser trying its best to block things.
Result
- Cleaner browsing
- Faster apps
- Quiet satisfaction of watching ad counters go up
At this point the project stopped being “just learning” and started being genuinely useful.
Image: Pi‑hole dashboard showing DNS queries and blocked domains across my home network
Making It Accessible Anywhere: Tailscale
One small problem remained: the Raspberry Pi lives at home, but I don’t.
Port forwarding was an option — a bad one. Instead I used Tailscale, which creates a private, encrypted network between my devices.
- No public IP exposure
- No firewall gymnastics
- No “hope this is secure” feeling
Just private access, the way it should be. This made the Pi feel less like a local gadget and more like a real, managed system.
Improving Privacy with Unbound
Blocking ads was great, but I still wanted to know where my DNS queries were going.
By default many setups forward DNS to public resolvers. That works — but it’s still outsourcing the very thing you’re trying to observe.
(The article continues with the Unbound configuration, monitoring, and next steps…)
Trust. Adding Unbound turned the Raspberry Pi into a recursive DNS resolver:
- It talks directly to root servers.
- It builds trust step‑by‑step.
It reduces dependency on third parties.
This is where the setup stopped feeling like a hobby and started feeling like real infrastructure—just smaller.
Proof That It Works
This is where theory turns into confidence.
I could now actually see:
- Total DNS queries
- Ads being blocked
- Traffic patterns across devices
- DNS was no longer invisible
And that visibility alone changed how I thought about my home network.
Screenshot without Pi‑hole
(using my phone without network‑level blocking)
Screenshot with Pi‑hole enabled
(using my home DNS setup)
The difference was noticeable immediately.
Closing Thoughts
At this point:
- DNS was running reliably at home.
- Ads were being blocked across devices.
- Privacy was improved.
And this tiny Raspberry Pi had become an always‑on system I could learn from.
Nothing here was enterprise‑scale — and that was the point.
It was about practicing real ideas safely, at home, without breaking production.
There’s still a lot more to explore, but for now this is a solid foundation.
If you want to build this exact setup yourself, the next post will walk through the step‑by‑step installation.