Merge pull request #275 from pi-hole/development

Release 2.5

README.md

@@ -26,6 +26,8 @@ Once installed, [configure your router to have **DHCP clients use the Pi as thei
 - [Minibian Pi-hole](http://munkjensen.net/wiki/index.php/See_my_Pi-Hole#Minibian_Pi-hole)
 
 ## Coverage
+- [Splunk: Pi-hole Visualizser](https://splunkbase.splunk.com/app/3023/)
+- [The Defrag Show - MSDN/Channel 9](https://channel9.msdn.com/Shows/The-Defrag-Show/Defrag-Endoscope-USB-Camera-The-Final-HoloLens-Vote-Adblock-Pi-and-more?WT.mc_id=dlvr_twitter_ch9#time=20m39s)
 - [MacObserver Podcast 585](http://www.macobserver.com/tmo/podcast/macgeekgab-585)
 - [Medium: Block All Ads For $53](https://medium.com/@robleathern/block-ads-on-all-home-devices-for-53-18-a5f1ec139693#.gj1xpgr5d)
 - [MakeUseOf: Adblock Everywhere, The Pi-hole Way](http://www.makeuseof.com/tag/adblock-everywhere-raspberry-pi-hole-way/)

adlists.default

@@ -0,0 +1,8 @@
+https://adaway.org/hosts.txt
+http://adblock.gjtech.net/?format=unix-hosts
+http://hosts-file.net/ad_servers.txt
+http://www.malwaredomainlist.com/hostslist/hosts.txt
+http://pgl.yoyo.org/adservers/serverlist.php?
+http://someonewhocares.org/hosts/hosts
+http://winhelp2002.mvps.org/hosts.txt
+http://mirror1.malwaredomains.com/files/justdomains

advanced/01-pihole.conf

@@ -1,3 +1,14 @@
+# Pi-hole: A black hole for Internet advertisements
+# (c) 2015, 2016 by Jacob Salmela
+# Network-wide ad blocking via your Raspberry Pi
+# http://pi-hole.net
+# dnsmasq config for Pi-hole
+#
+# Pi-hole is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 2 of the License, or
+# (at your option) any later version.
+
 # If you want dnsmasq to read another file, as well as /etc/hosts, use
 # this.
 addn-hosts=/etc/pihole/gravity.list
@@ -20,8 +31,8 @@ no-resolv
 
 # Add other name servers here, with domain specs if they are for
 # non-public domains.
-server=8.8.8.8
+server=@DNS1@
-server=8.8.4.4
+server=@DNS2@
 
 # If you want dnsmasq to listen for DHCP and DNS requests only on
 # specified interfaces (and the loopback) give the name of the

advanced/Scripts/blacklist.sh

@@ -1,6 +1,9 @@
 #!/usr/bin/env bash
-# (c) 2015 by Jacob Salmela
+# Pi-hole: A black hole for Internet advertisements
-# This file is part of Pi-hole.
+# (c) 2015, 2016 by Jacob Salmela
+# Network-wide ad blocking via your Raspberry Pi
+# http://pi-hole.net
+# Blacklists domains
 #
 # Pi-hole is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by

advanced/Scripts/chronometer.sh

@@ -1,6 +1,9 @@
 #!/usr/bin/env bash
-# (c) 2015 by Jacob Salmela
+# Pi-hole: A black hole for Internet advertisements
-# This file is part of Pi-hole.
+# (c) 2015, 2016 by Jacob Salmela
+# Network-wide ad blocking via your Raspberry Pi
+# http://pi-hole.net
+# Calculates stats and displays to an LCD
 #
 # Pi-hole is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by

advanced/Scripts/piholeLogFlush.sh

@@ -1,11 +1,13 @@
 #!/usr/bin/env bash
+# Pi-hole: A black hole for Internet advertisements
+# (c) 2015, 2016 by Jacob Salmela
+# Network-wide ad blocking via your Raspberry Pi
+# http://pi-hole.net
 # Flushes /var/log/pihole.log
-# (c) 2015 by Jacob Salmela
-# This file is part of Pi-hole.
 #
-#Pi-hole is free software: you can redistribute it and/or modify
+# Pi-hole is free software: you can redistribute it and/or modify
-#it under the terms of the GNU General Public License as published by
+# it under the terms of the GNU General Public License as published by
-#the Free Software Foundation, either version 2 of the License, or
+# the Free Software Foundation, either version 2 of the License, or
-#(at your option) any later version.
+# (at your option) any later version.
 
 truncate -s 0 /var/log/pihole.log

advanced/Scripts/updateDashboard.sh

@@ -1,15 +1,14 @@
 #!/usr/bin/env bash
+# Pi-hole: A black hole for Internet advertisements
+# (c) 2015, 2016 by Jacob Salmela
+# Network-wide ad blocking via your Raspberry Pi
+# http://pi-hole.net
+# Updates the Pi-hole web interface
 #
-# this script will update the pihole web interface files.
+# Pi-hole is free software: you can redistribute it and/or modify
-#
+# it under the terms of the GNU General Public License as published by
-# if this is the first time running this script after an 
+# the Free Software Foundation, either version 2 of the License, or
-# existing installation, the existing web interface files
+# (at your option) any later version.
-# will be removed and replaced with the latest master
-# branch from github. subsequent executions of this script
-# will pull the latest version of the web interface.
-#
-# @TODO: add git as requirement to basic-install.sh
-#
 
 WEB_INTERFACE_GIT_URL="https://github.com/pi-hole/AdminLTE.git"
 WEB_INTERFACE_DIR="/var/www/html/admin"

advanced/Scripts/whitelist.sh

@@ -1,6 +1,9 @@
 #!/usr/bin/env bash
-# (c) 2015 by Jacob Salmela
+# Pi-hole: A black hole for Internet advertisements
-# This file is part of Pi-hole.
+# (c) 2015, 2016 by Jacob Salmela
+# Network-wide ad blocking via your Raspberry Pi
+# http://pi-hole.net
+# Whitelists domains
 #
 # Pi-hole is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by

advanced/dnsmasq.conf.original

@@ -0,0 +1,648 @@
+# Configuration file for dnsmasq.
+#
+# Format is one option per line, legal options are the same
+# as the long options legal on the command line. See
+# "/usr/sbin/dnsmasq --help" or "man 8 dnsmasq" for details.
+
+# Listen on this specific port instead of the standard DNS port
+# (53). Setting this to zero completely disables DNS function,
+# leaving only DHCP and/or TFTP.
+#port=5353
+
+# The following two options make you a better netizen, since they
+# tell dnsmasq to filter out queries which the public DNS cannot
+# answer, and which load the servers (especially the root servers)
+# unnecessarily. If you have a dial-on-demand link they also stop
+# these requests from bringing up the link unnecessarily.
+
+# Never forward plain names (without a dot or domain part)
+#domain-needed
+# Never forward addresses in the non-routed address spaces.
+#bogus-priv
+
+# Uncomment these to enable DNSSEC validation and caching:
+# (Requires dnsmasq to be built with DNSSEC option.)
+#conf-file=%%PREFIX%%/share/dnsmasq/trust-anchors.conf
+#dnssec
+
+# Replies which are not DNSSEC signed may be legitimate, because the domain
+# is unsigned, or may be forgeries. Setting this option tells dnsmasq to
+# check that an unsigned reply is OK, by finding a secure proof that a DS 
+# record somewhere between the root and the domain does not exist. 
+# The cost of setting this is that even queries in unsigned domains will need
+# one or more extra DNS queries to verify.
+#dnssec-check-unsigned
+
+# Uncomment this to filter useless windows-originated DNS requests
+# which can trigger dial-on-demand links needlessly.
+# Note that (amongst other things) this blocks all SRV requests,
+# so don't use it if you use eg Kerberos, SIP, XMMP or Google-talk.
+# This option only affects forwarding, SRV records originating for
+# dnsmasq (via srv-host= lines) are not suppressed by it.
+#filterwin2k
+
+# Change this line if you want dns to get its upstream servers from
+# somewhere other that /etc/resolv.conf
+#resolv-file=
+
+# By  default,  dnsmasq  will  send queries to any of the upstream
+# servers it knows about and tries to favour servers to are  known
+# to  be  up.  Uncommenting this forces dnsmasq to try each query
+# with  each  server  strictly  in  the  order  they   appear   in
+# /etc/resolv.conf
+#strict-order
+
+# If you don't want dnsmasq to read /etc/resolv.conf or any other
+# file, getting its servers from this file instead (see below), then
+# uncomment this.
+#no-resolv
+
+# If you don't want dnsmasq to poll /etc/resolv.conf or other resolv
+# files for changes and re-read them then uncomment this.
+#no-poll
+
+# Add other name servers here, with domain specs if they are for
+# non-public domains.
+#server=/localnet/192.168.0.1
+
+# Example of routing PTR queries to nameservers: this will send all
+# address->name queries for 192.168.3/24 to nameserver 10.1.2.3
+#server=/3.168.192.in-addr.arpa/10.1.2.3
+
+# Add local-only domains here, queries in these domains are answered
+# from /etc/hosts or DHCP only.
+#local=/localnet/
+
+# Add domains which you want to force to an IP address here.
+# The example below send any host in double-click.net to a local
+# web-server.
+#address=/double-click.net/127.0.0.1
+
+# --address (and --server) work with IPv6 addresses too.
+#address=/www.thekelleys.org.uk/fe80::20d:60ff:fe36:f83
+
+# Add the IPs of all queries to yahoo.com, google.com, and their
+# subdomains to the vpn and search ipsets:
+#ipset=/yahoo.com/google.com/vpn,search
+
+# You can control how dnsmasq talks to a server: this forces
+# queries to 10.1.2.3 to be routed via eth1
+# server=10.1.2.3@eth1
+
+# and this sets the source (ie local) address used to talk to
+# 10.1.2.3 to 192.168.1.1 port 55 (there must be a interface with that
+# IP on the machine, obviously).
+# server=10.1.2.3@192.168.1.1#55
+
+# If you want dnsmasq to change uid and gid to something other
+# than the default, edit the following lines.
+#user=
+#group=
+
+# If you want dnsmasq to listen for DHCP and DNS requests only on
+# specified interfaces (and the loopback) give the name of the
+# interface (eg eth0) here.
+# Repeat the line for more than one interface.
+#interface=
+# Or you can specify which interface _not_ to listen on
+#except-interface=
+# Or which to listen on by address (remember to include 127.0.0.1 if
+# you use this.)
+#listen-address=
+# If you want dnsmasq to provide only DNS service on an interface,
+# configure it as shown above, and then use the following line to
+# disable DHCP and TFTP on it.
+#no-dhcp-interface=
+
+# On systems which support it, dnsmasq binds the wildcard address,
+# even when it is listening on only some interfaces. It then discards
+# requests that it shouldn't reply to. This has the advantage of
+# working even when interfaces come and go and change address. If you
+# want dnsmasq to really bind only the interfaces it is listening on,
+# uncomment this option. About the only time you may need this is when
+# running another nameserver on the same machine.
+#bind-interfaces
+
+# If you don't want dnsmasq to read /etc/hosts, uncomment the
+# following line.
+#no-hosts
+# or if you want it to read another file, as well as /etc/hosts, use
+# this.
+#addn-hosts=/etc/banner_add_hosts
+
+# Set this (and domain: see below) if you want to have a domain
+# automatically added to simple names in a hosts-file.
+#expand-hosts
+
+# Set the domain for dnsmasq. this is optional, but if it is set, it
+# does the following things.
+# 1) Allows DHCP hosts to have fully qualified domain names, as long
+#     as the domain part matches this setting.
+# 2) Sets the "domain" DHCP option thereby potentially setting the
+#    domain of all systems configured by DHCP
+# 3) Provides the domain part for "expand-hosts"
+#domain=thekelleys.org.uk
+
+# Set a different domain for a particular subnet
+#domain=wireless.thekelleys.org.uk,192.168.2.0/24
+
+# Same idea, but range rather then subnet
+#domain=reserved.thekelleys.org.uk,192.68.3.100,192.168.3.200
+
+# Uncomment this to enable the integrated DHCP server, you need
+# to supply the range of addresses available for lease and optionally
+# a lease time. If you have more than one network, you will need to
+# repeat this for each network on which you want to supply DHCP
+# service.
+#dhcp-range=192.168.0.50,192.168.0.150,12h
+
+# This is an example of a DHCP range where the netmask is given. This
+# is needed for networks we reach the dnsmasq DHCP server via a relay
+# agent. If you don't know what a DHCP relay agent is, you probably
+# don't need to worry about this.
+#dhcp-range=192.168.0.50,192.168.0.150,255.255.255.0,12h
+
+# This is an example of a DHCP range which sets a tag, so that
+# some DHCP options may be set only for this network.
+#dhcp-range=set:red,192.168.0.50,192.168.0.150
+
+# Use this DHCP range only when the tag "green" is set.
+#dhcp-range=tag:green,192.168.0.50,192.168.0.150,12h
+
+# Specify a subnet which can't be used for dynamic address allocation,
+# is available for hosts with matching --dhcp-host lines. Note that
+# dhcp-host declarations will be ignored unless there is a dhcp-range
+# of some type for the subnet in question.
+# In this case the netmask is implied (it comes from the network
+# configuration on the machine running dnsmasq) it is possible to give
+# an explicit netmask instead.
+#dhcp-range=192.168.0.0,static
+
+# Enable DHCPv6. Note that the prefix-length does not need to be specified
+# and defaults to 64 if missing/
+#dhcp-range=1234::2, 1234::500, 64, 12h
+
+# Do Router Advertisements, BUT NOT DHCP for this subnet.
+#dhcp-range=1234::, ra-only 
+
+# Do Router Advertisements, BUT NOT DHCP for this subnet, also try and
+# add names to the DNS for the IPv6 address of SLAAC-configured dual-stack 
+# hosts. Use the DHCPv4 lease to derive the name, network segment and 
+# MAC address and assume that the host will also have an
+# IPv6 address calculated using the SLAAC alogrithm.
+#dhcp-range=1234::, ra-names
+
+# Do Router Advertisements, BUT NOT DHCP for this subnet.
+# Set the lifetime to 46 hours. (Note: minimum lifetime is 2 hours.)
+#dhcp-range=1234::, ra-only, 48h
+
+# Do DHCP and Router Advertisements for this subnet. Set the A bit in the RA
+# so that clients can use SLAAC addresses as well as DHCP ones.
+#dhcp-range=1234::2, 1234::500, slaac
+
+# Do Router Advertisements and stateless DHCP for this subnet. Clients will
+# not get addresses from DHCP, but they will get other configuration information.
+# They will use SLAAC for addresses.
+#dhcp-range=1234::, ra-stateless
+
+# Do stateless DHCP, SLAAC, and generate DNS names for SLAAC addresses
+# from DHCPv4 leases.
+#dhcp-range=1234::, ra-stateless, ra-names
+
+# Do router advertisements for all subnets where we're doing DHCPv6
+# Unless overriden by ra-stateless, ra-names, et al, the router 
+# advertisements will have the M and O bits set, so that the clients
+# get addresses and configuration from DHCPv6, and the A bit reset, so the 
+# clients don't use SLAAC addresses.
+#enable-ra
+
+# Supply parameters for specified hosts using DHCP. There are lots
+# of valid alternatives, so we will give examples of each. Note that
+# IP addresses DO NOT have to be in the range given above, they just
+# need to be on the same network. The order of the parameters in these
+# do not matter, it's permissible to give name, address and MAC in any
+# order.
+
+# Always allocate the host with Ethernet address 11:22:33:44:55:66
+# The IP address 192.168.0.60
+#dhcp-host=11:22:33:44:55:66,192.168.0.60
+
+# Always set the name of the host with hardware address
+# 11:22:33:44:55:66 to be "fred"
+#dhcp-host=11:22:33:44:55:66,fred
+
+# Always give the host with Ethernet address 11:22:33:44:55:66
+# the name fred and IP address 192.168.0.60 and lease time 45 minutes
+#dhcp-host=11:22:33:44:55:66,fred,192.168.0.60,45m
+
+# Give a host with Ethernet address 11:22:33:44:55:66 or
+# 12:34:56:78:90:12 the IP address 192.168.0.60. Dnsmasq will assume
+# that these two Ethernet interfaces will never be in use at the same
+# time, and give the IP address to the second, even if it is already
+# in use by the first. Useful for laptops with wired and wireless
+# addresses.
+#dhcp-host=11:22:33:44:55:66,12:34:56:78:90:12,192.168.0.60
+
+# Give the machine which says its name is "bert" IP address
+# 192.168.0.70 and an infinite lease
+#dhcp-host=bert,192.168.0.70,infinite
+
+# Always give the host with client identifier 01:02:02:04
+# the IP address 192.168.0.60
+#dhcp-host=id:01:02:02:04,192.168.0.60
+
+# Always give the host with client identifier "marjorie"
+# the IP address 192.168.0.60
+#dhcp-host=id:marjorie,192.168.0.60
+
+# Enable the address given for "judge" in /etc/hosts
+# to be given to a machine presenting the name "judge" when
+# it asks for a DHCP lease.
+#dhcp-host=judge
+
+# Never offer DHCP service to a machine whose Ethernet
+# address is 11:22:33:44:55:66
+#dhcp-host=11:22:33:44:55:66,ignore
+
+# Ignore any client-id presented by the machine with Ethernet
+# address 11:22:33:44:55:66. This is useful to prevent a machine
+# being treated differently when running under different OS's or
+# between PXE boot and OS boot.
+#dhcp-host=11:22:33:44:55:66,id:*
+
+# Send extra options which are tagged as "red" to
+# the machine with Ethernet address 11:22:33:44:55:66
+#dhcp-host=11:22:33:44:55:66,set:red
+
+# Send extra options which are tagged as "red" to
+# any machine with Ethernet address starting 11:22:33:
+#dhcp-host=11:22:33:*:*:*,set:red
+
+# Give a fixed IPv6 address and name to client with       
+# DUID 00:01:00:01:16:d2:83:fc:92:d4:19:e2:d8:b2
+# Note the MAC addresses CANNOT be used to identify DHCPv6 clients.
+# Note also the they [] around the IPv6 address are obilgatory.
+#dhcp-host=id:00:01:00:01:16:d2:83:fc:92:d4:19:e2:d8:b2, fred, [1234::5] 
+
+# Ignore any clients which are not specified in dhcp-host lines
+# or /etc/ethers. Equivalent to ISC "deny unknown-clients".
+# This relies on the special "known" tag which is set when
+# a host is matched.
+#dhcp-ignore=tag:!known
+
+# Send extra options which are tagged as "red" to any machine whose
+# DHCP vendorclass string includes the substring "Linux"
+#dhcp-vendorclass=set:red,Linux
+
+# Send extra options which are tagged as "red" to any machine one
+# of whose DHCP userclass strings includes the substring "accounts"
+#dhcp-userclass=set:red,accounts
+
+# Send extra options which are tagged as "red" to any machine whose
+# MAC address matches the pattern.
+#dhcp-mac=set:red,00:60:8C:*:*:*
+
+# If this line is uncommented, dnsmasq will read /etc/ethers and act
+# on the ethernet-address/IP pairs found there just as if they had
+# been given as --dhcp-host options. Useful if you keep
+# MAC-address/host mappings there for other purposes.
+#read-ethers
+
+# Send options to hosts which ask for a DHCP lease.
+# See RFC 2132 for details of available options.
+# Common options can be given to dnsmasq by name:
+# run "dnsmasq --help dhcp" to get a list.
+# Note that all the common settings, such as netmask and
+# broadcast address, DNS server and default route, are given
+# sane defaults by dnsmasq. You very likely will not need
+# any dhcp-options. If you use Windows clients and Samba, there
+# are some options which are recommended, they are detailed at the
+# end of this section.
+
+# Override the default route supplied by dnsmasq, which assumes the
+# router is the same machine as the one running dnsmasq.
+#dhcp-option=3,1.2.3.4
+
+# Do the same thing, but using the option name
+#dhcp-option=option:router,1.2.3.4
+
+# Override the default route supplied by dnsmasq and send no default
+# route at all. Note that this only works for the options sent by
+# default (1, 3, 6, 12, 28) the same line will send a zero-length option
+# for all other option numbers.
+#dhcp-option=3
+
+# Set the NTP time server addresses to 192.168.0.4 and 10.10.0.5
+#dhcp-option=option:ntp-server,192.168.0.4,10.10.0.5
+
+# Send DHCPv6 option. Note [] around IPv6 addresses.
+#dhcp-option=option6:dns-server,[1234::77],[1234::88]
+
+# Send DHCPv6 option for namservers as the machine running 
+# dnsmasq and another.
+#dhcp-option=option6:dns-server,[::],[1234::88]
+
+# Ask client to poll for option changes every six hours. (RFC4242)
+#dhcp-option=option6:information-refresh-time,6h
+
+# Set the NTP time server address to be the same machine as
+# is running dnsmasq
+#dhcp-option=42,0.0.0.0
+
+# Set the NIS domain name to "welly"
+#dhcp-option=40,welly
+
+# Set the default time-to-live to 50
+#dhcp-option=23,50
+
+# Set the "all subnets are local" flag
+#dhcp-option=27,1
+
+# Send the etherboot magic flag and then etherboot options (a string).
+#dhcp-option=128,e4:45:74:68:00:00
+#dhcp-option=129,NIC=eepro100
+
+# Specify an option which will only be sent to the "red" network
+# (see dhcp-range for the declaration of the "red" network)
+# Note that the tag: part must precede the option: part.
+#dhcp-option = tag:red, option:ntp-server, 192.168.1.1
+
+# The following DHCP options set up dnsmasq in the same way as is specified
+# for the ISC dhcpcd in
+# http://www.samba.org/samba/ftp/docs/textdocs/DHCP-Server-Configuration.txt
+# adapted for a typical dnsmasq installation where the host running
+# dnsmasq is also the host running samba.
+# you may want to uncomment some or all of them if you use
+# Windows clients and Samba.
+#dhcp-option=19,0           # option ip-forwarding off
+#dhcp-option=44,0.0.0.0     # set netbios-over-TCP/IP nameserver(s) aka WINS server(s)
+#dhcp-option=45,0.0.0.0     # netbios datagram distribution server
+#dhcp-option=46,8           # netbios node type
+
+# Send an empty WPAD option. This may be REQUIRED to get windows 7 to behave.
+#dhcp-option=252,"\n"
+
+# Send RFC-3397 DNS domain search DHCP option. WARNING: Your DHCP client
+# probably doesn't support this......
+#dhcp-option=option:domain-search,eng.apple.com,marketing.apple.com
+
+# Send RFC-3442 classless static routes (note the netmask encoding)
+#dhcp-option=121,192.168.1.0/24,1.2.3.4,10.0.0.0/8,5.6.7.8
+
+# Send vendor-class specific options encapsulated in DHCP option 43.
+# The meaning of the options is defined by the vendor-class so
+# options are sent only when the client supplied vendor class
+# matches the class given here. (A substring match is OK, so "MSFT"
+# matches "MSFT" and "MSFT 5.0"). This example sets the
+# mtftp address to 0.0.0.0 for PXEClients.
+#dhcp-option=vendor:PXEClient,1,0.0.0.0
+
+# Send microsoft-specific option to tell windows to release the DHCP lease
+# when it shuts down. Note the "i" flag, to tell dnsmasq to send the
+# value as a four-byte integer - that's what microsoft wants. See
+# http://technet2.microsoft.com/WindowsServer/en/library/a70f1bb7-d2d4-49f0-96d6-4b7414ecfaae1033.mspx?mfr=true
+#dhcp-option=vendor:MSFT,2,1i
+
+# Send the Encapsulated-vendor-class ID needed by some configurations of
+# Etherboot to allow is to recognise the DHCP server.
+#dhcp-option=vendor:Etherboot,60,"Etherboot"
+
+# Send options to PXELinux. Note that we need to send the options even
+# though they don't appear in the parameter request list, so we need
+# to use dhcp-option-force here.
+# See http://syslinux.zytor.com/pxe.php#special for details.
+# Magic number - needed before anything else is recognised
+#dhcp-option-force=208,f1:00:74:7e
+# Configuration file name
+#dhcp-option-force=209,configs/common
+# Path prefix
+#dhcp-option-force=210,/tftpboot/pxelinux/files/
+# Reboot time. (Note 'i' to send 32-bit value)
+#dhcp-option-force=211,30i
+
+# Set the boot filename for netboot/PXE. You will only need
+# this is you want to boot machines over the network and you will need
+# a TFTP server; either dnsmasq's built in TFTP server or an
+# external one. (See below for how to enable the TFTP server.)
+#dhcp-boot=pxelinux.0
+
+# The same as above, but use custom tftp-server instead machine running dnsmasq
+#dhcp-boot=pxelinux,server.name,192.168.1.100
+
+# Boot for Etherboot gPXE. The idea is to send two different
+# filenames, the first loads gPXE, and the second tells gPXE what to
+# load. The dhcp-match sets the gpxe tag for requests from gPXE.
+#dhcp-match=set:gpxe,175 # gPXE sends a 175 option.
+#dhcp-boot=tag:!gpxe,undionly.kpxe
+#dhcp-boot=mybootimage
+
+# Encapsulated options for Etherboot gPXE. All the options are
+# encapsulated within option 175
+#dhcp-option=encap:175, 1, 5b         # priority code
+#dhcp-option=encap:175, 176, 1b       # no-proxydhcp
+#dhcp-option=encap:175, 177, string   # bus-id
+#dhcp-option=encap:175, 189, 1b       # BIOS drive code
+#dhcp-option=encap:175, 190, user     # iSCSI username
+#dhcp-option=encap:175, 191, pass     # iSCSI password
+
+# Test for the architecture of a netboot client. PXE clients are
+# supposed to send their architecture as option 93. (See RFC 4578)
+#dhcp-match=peecees, option:client-arch, 0 #x86-32
+#dhcp-match=itanics, option:client-arch, 2 #IA64
+#dhcp-match=hammers, option:client-arch, 6 #x86-64
+#dhcp-match=mactels, option:client-arch, 7 #EFI x86-64
+
+# Do real PXE, rather than just booting a single file, this is an
+# alternative to dhcp-boot.
+#pxe-prompt="What system shall I netboot?"
+# or with timeout before first available action is taken:
+#pxe-prompt="Press F8 for menu.", 60
+
+# Available boot services. for PXE.
+#pxe-service=x86PC, "Boot from local disk"
+
+# Loads <tftp-root>/pxelinux.0 from dnsmasq TFTP server.
+#pxe-service=x86PC, "Install Linux", pxelinux
+
+# Loads <tftp-root>/pxelinux.0 from TFTP server at 1.2.3.4.
+# Beware this fails on old PXE ROMS.
+#pxe-service=x86PC, "Install Linux", pxelinux, 1.2.3.4
+
+# Use bootserver on network, found my multicast or broadcast.
+#pxe-service=x86PC, "Install windows from RIS server", 1
+
+# Use bootserver at a known IP address.
+#pxe-service=x86PC, "Install windows from RIS server", 1, 1.2.3.4
+
+# If you have multicast-FTP available,
+# information for that can be passed in a similar way using options 1
+# to 5. See page 19 of
+# http://download.intel.com/design/archives/wfm/downloads/pxespec.pdf
+
+
+# Enable dnsmasq's built-in TFTP server
+#enable-tftp
+
+# Set the root directory for files available via FTP.
+#tftp-root=/var/ftpd
+
+# Make the TFTP server more secure: with this set, only files owned by
+# the user dnsmasq is running as will be send over the net.
+#tftp-secure
+
+# This option stops dnsmasq from negotiating a larger blocksize for TFTP
+# transfers. It will slow things down, but may rescue some broken TFTP
+# clients.
+#tftp-no-blocksize
+
+# Set the boot file name only when the "red" tag is set.
+#dhcp-boot=tag:red,pxelinux.red-net
+
+# An example of dhcp-boot with an external TFTP server: the name and IP
+# address of the server are given after the filename.
+# Can fail with old PXE ROMS. Overridden by --pxe-service.
+#dhcp-boot=/var/ftpd/pxelinux.0,boothost,192.168.0.3
+
+# If there are multiple external tftp servers having a same name
+# (using /etc/hosts) then that name can be specified as the
+# tftp_servername (the third option to dhcp-boot) and in that
+# case dnsmasq resolves this name and returns the resultant IP
+# addresses in round robin fasion. This facility can be used to
+# load balance the tftp load among a set of servers.
+#dhcp-boot=/var/ftpd/pxelinux.0,boothost,tftp_server_name
+
+# Set the limit on DHCP leases, the default is 150
+#dhcp-lease-max=150
+
+# The DHCP server needs somewhere on disk to keep its lease database.
+# This defaults to a sane location, but if you want to change it, use
+# the line below.
+#dhcp-leasefile=/var/lib/misc/dnsmasq.leases
+
+# Set the DHCP server to authoritative mode. In this mode it will barge in
+# and take over the lease for any client which broadcasts on the network,
+# whether it has a record of the lease or not. This avoids long timeouts
+# when a machine wakes up on a new network. DO NOT enable this if there's
+# the slightest chance that you might end up accidentally configuring a DHCP
+# server for your campus/company accidentally. The ISC server uses
+# the same option, and this URL provides more information:
+# http://www.isc.org/files/auth.html
+#dhcp-authoritative
+
+# Run an executable when a DHCP lease is created or destroyed.
+# The arguments sent to the script are "add" or "del",
+# then the MAC address, the IP address and finally the hostname
+# if there is one.
+#dhcp-script=/bin/echo
+
+# Set the cachesize here.
+#cache-size=150
+
+# If you want to disable negative caching, uncomment this.
+#no-negcache
+
+# Normally responses which come from /etc/hosts and the DHCP lease
+# file have Time-To-Live set as zero, which conventionally means
+# do not cache further. If you are happy to trade lower load on the
+# server for potentially stale date, you can set a time-to-live (in
+# seconds) here.
+#local-ttl=
+
+# If you want dnsmasq to detect attempts by Verisign to send queries
+# to unregistered .com and .net hosts to its sitefinder service and
+# have dnsmasq instead return the correct NXDOMAIN response, uncomment
+# this line. You can add similar lines to do the same for other
+# registries which have implemented wildcard A records.
+#bogus-nxdomain=64.94.110.11
+
+# If you want to fix up DNS results from upstream servers, use the
+# alias option. This only works for IPv4.
+# This alias makes a result of 1.2.3.4 appear as 5.6.7.8
+#alias=1.2.3.4,5.6.7.8
+# and this maps 1.2.3.x to 5.6.7.x
+#alias=1.2.3.0,5.6.7.0,255.255.255.0
+# and this maps 192.168.0.10->192.168.0.40 to 10.0.0.10->10.0.0.40
+#alias=192.168.0.10-192.168.0.40,10.0.0.0,255.255.255.0
+
+# Change these lines if you want dnsmasq to serve MX records.
+
+# Return an MX record named "maildomain.com" with target
+# servermachine.com and preference 50
+#mx-host=maildomain.com,servermachine.com,50
+
+# Set the default target for MX records created using the localmx option.
+#mx-target=servermachine.com
+
+# Return an MX record pointing to the mx-target for all local
+# machines.
+#localmx
+
+# Return an MX record pointing to itself for all local machines.
+#selfmx
+
+# Change the following lines if you want dnsmasq to serve SRV
+# records.  These are useful if you want to serve ldap requests for
+# Active Directory and other windows-originated DNS requests.
+# See RFC 2782.
+# You may add multiple srv-host lines.
+# The fields are <name>,<target>,<port>,<priority>,<weight>
+# If the domain part if missing from the name (so that is just has the
+# service and protocol sections) then the domain given by the domain=
+# config option is used. (Note that expand-hosts does not need to be
+# set for this to work.)
+
+# A SRV record sending LDAP for the example.com domain to
+# ldapserver.example.com port 389
+#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389
+
+# A SRV record sending LDAP for the example.com domain to
+# ldapserver.example.com port 389 (using domain=)
+#domain=example.com
+#srv-host=_ldap._tcp,ldapserver.example.com,389
+
+# Two SRV records for LDAP, each with different priorities
+#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,1
+#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,2
+
+# A SRV record indicating that there is no LDAP server for the domain
+# example.com
+#srv-host=_ldap._tcp.example.com
+
+# The following line shows how to make dnsmasq serve an arbitrary PTR
+# record. This is useful for DNS-SD. (Note that the
+# domain-name expansion done for SRV records _does_not
+# occur for PTR records.)
+#ptr-record=_http._tcp.dns-sd-services,"New Employee Page._http._tcp.dns-sd-services"
+
+# Change the following lines to enable dnsmasq to serve TXT records.
+# These are used for things like SPF and zeroconf. (Note that the
+# domain-name expansion done for SRV records _does_not
+# occur for TXT records.)
+
+#Example SPF.
+#txt-record=example.com,"v=spf1 a -all"
+
+#Example zeroconf
+#txt-record=_http._tcp.example.com,name=value,paper=A4
+
+# Provide an alias for a "local" DNS name. Note that this _only_ works
+# for targets which are names from DHCP or /etc/hosts. Give host
+# "bert" another name, bertrand
+#cname=bertand,bert
+
+# For debugging purposes, log each DNS query as it passes through
+# dnsmasq.
+#log-queries
+
+# Log lots of extra information about DHCP transactions.
+#log-dhcp
+
+# Include another lot of configuration options.
+#conf-file=/etc/dnsmasq.more.conf
+#conf-dir=/etc/dnsmasq.d
+
+# Include all the files in a directory except those ending in .bak
+#conf-dir=/etc/dnsmasq.d,.bak
+
+# Include all files in a directory which end in .conf
+#conf-dir=/etc/dnsmasq.d/*.conf 

advanced/dphys-swapfile

@@ -1 +1,12 @@
+# Pi-hole: A black hole for Internet advertisements
+# (c) 2015, 2016 by Jacob Salmela
+# Network-wide ad blocking via your Raspberry Pi
+# http://pi-hole.net
+# Swap file config
+#
+# Pi-hole is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 2 of the License, or
+# (at your option) any later version.
+
 CONF_SWAPSIZE=500

advanced/lighttpd.conf

@@ -1,3 +1,14 @@
+# Pi-hole: A black hole for Internet advertisements
+# (c) 2015, 2016 by Jacob Salmela
+# Network-wide ad blocking via your Raspberry Pi
+# http://pi-hole.net
+# lighttpd config for Pi-hole
+#
+# Pi-hole is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 2 of the License, or
+# (at your option) any later version.
+
 server.modules = (
 	"mod_access",
 	"mod_accesslog",

advanced/pihole.cron

@@ -1,3 +1,14 @@
+# Pi-hole: A black hole for Internet advertisements
+# (c) 2015, 2016 by Jacob Salmela
+# Network-wide ad blocking via your Raspberry Pi
+# http://pi-hole.net
+# Updates ad sources every week
+#
+# Pi-hole is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 2 of the License, or
+# (at your option) any later version.
+
 # Pi-hole: Update the ad sources once a week on Sunday at 01:59
 #          Download any updates from the ad lists
 59 1    * * 7   root    /usr/local/bin/gravity.sh

automated install/basic-install.sh

@@ -1,22 +1,24 @@
 #!/usr/bin/env bash
 # Pi-hole: A black hole for Internet advertisements
-# by Jacob Salmela
+# (c) 2015, 2016 by Jacob Salmela
 # Network-wide ad blocking via your Raspberry Pi
-#
+# http://pi-hole.net
-# (c) 2015 by Jacob Salmela
+# Installs Pi-hole
-# This file is part of Pi-hole.
 #
 # Pi-hole is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 2 of the License, or
 # (at your option) any later version.
+
 # pi-hole.net/donate
 #
 # Install with this command (from your Pi):
 #
 # curl -L install.pi-hole.net | bash
 
+
 ######## VARIABLES #########
+
 tmpLog=/tmp/pihole-install.log
 instalLogLoc=/etc/pihole/install.log
 
@@ -34,7 +36,9 @@ columns=$(tput cols)
 r=$(( rows / 2 ))
 c=$(( columns / 2 ))
 
+
 # Find IP used to route to outside world
+
 IPv4dev=$(ip route get 8.8.8.8 | awk '{for(i=1;i<=NF;i++)if($i~/dev/)print $(i+1)}')
 IPv4addr=$(ip -o -f inet addr show dev $IPv4dev | awk '{print $4}' | awk 'END {print}')
 IPv4gw=$(ip route get 8.8.8.8 | awk '{print $3}')
@@ -59,35 +63,34 @@ else
 	fi
 fi
 
-if [ -f "/etc/dnsmasq.d/01-pihole.conf" ]; then
+
-		#Likely an existing install
+if [ -d "/etc/pihole" ]; then
+		# Likely an existing install
 		upgrade=true
 	else
-	  upgrade=false
+		upgrade=false
 fi
 
 ####### FUNCTIONS ##########
 ###All credit for the below function goes to http://fitnr.com/showing-a-bash-spinner.html
-spinner(){
+spinner() {
-        local pid=$1
+	local pid=$1
 
-        spin='-\|/'
+	spin='-\|/'
-        i=0
+	i=0
-        while $SUDO kill -0 $pid 2>/dev/null
+	while $SUDO kill -0 $pid 2>/dev/null
-        do
+	do
-                i=$(( (i+1) %4 ))
+		i=$(( (i+1) %4 ))
-                printf "\b${spin:$i:1}"
+		printf "\b${spin:$i:1}"
-                sleep .1
+		sleep .1
-        done
+	done
-        printf "\b"
+	printf "\b"
 }
 
-
+backupLegacyPihole() {
-
+	# This function detects and backups the pi-hole v1 files.  It will not do anything to the current version files.
-
-backupLegacyPihole(){
 	if [[ -f /etc/dnsmasq.d/adList.conf ]];then
-		echo "Original Pi-hole detected.  Initiating sub space transport"
+		echo "::: Original Pi-hole detected.  Initiating sub space transport"
 		$SUDO mkdir -p /etc/pihole/original/
 		$SUDO mv /etc/dnsmasq.d/adList.conf /etc/pihole/original/adList.conf.$(date "+%Y-%m-%d")
 		$SUDO mv /etc/dnsmasq.conf /etc/pihole/original/dnsmasq.conf.$(date "+%Y-%m-%d")
@@ -100,23 +103,23 @@ backupLegacyPihole(){
 	fi
 }
 
-welcomeDialogs(){
+welcomeDialogs() {
 	# Display the welcome dialog
 	whiptail --msgbox --backtitle "Welcome" --title "Pi-hole automated installer" "This installer will transform your Raspberry Pi into a network-wide ad blocker!" $r $c
-	
+
 	# Support for a part-time dev
 	whiptail --msgbox --backtitle "Plea" --title "Free and open source" "The Pi-hole is free, but powered by your donations:  http://pi-hole.net/donate" $r $c
-	
+
 	# Explain the need for a static address
 	whiptail --msgbox --backtitle "Initating network interface" --title "Static IP Needed" "The Pi-hole is a SERVER so it needs a STATIC IP ADDRESS to function properly.	
 	In the next section, you can choose to use your current network settings (DHCP) or to manually edit them." $r $c
 }
 
-chooseInterface(){
+chooseInterface() {
-# Turn the available interfaces into an array so it can be used with a whiptail dialog
+	# Turn the available interfaces into an array so it can be used with a whiptail dialog
 	interfacesArray=()
 	firstloop=1
-	
+
 	while read -r line
 	do
 		mode="OFF"
@@ -126,67 +129,79 @@ chooseInterface(){
 		fi
 		interfacesArray+=("$line" "available" "$mode")
 	done <<< "$availableInterfaces"
-	
+
 	# Find out how many interfaces are available to choose from
 	interfaceCount=$(echo "$availableInterfaces" | wc -l)
 	chooseInterfaceCmd=(whiptail --separate-output --radiolist "Choose An Interface" $r $c $interfaceCount)
 	chooseInterfaceOptions=$("${chooseInterfaceCmd[@]}" "${interfacesArray[@]}" 2>&1 >/dev/tty)
-	
+	if [[ $? = 0 ]];then
-	for desiredInterface in $chooseInterfaceOptions
+		for desiredInterface in $chooseInterfaceOptions
-	do
+		do
 		piholeInterface=$desiredInterface
 		echo "::: Using interface: $piholeInterface"
 		echo ${piholeInterface} > /tmp/piholeINT
-	done
+		done
+	else
+		echo "::: Cancel selected, exiting...."
+		exit 1
+	fi
+	
 }
 
 
-use4andor6(){
+use4andor6() {
 	# Let use select IPv4 and/or IPv6
 	cmd=(whiptail --separate-output --checklist "Select Protocols" $r $c 2)
 	options=(IPv4 "Block ads over IPv4" on
 	IPv6 "Block ads over IPv6" off)
 	choices=$("${cmd[@]}" "${options[@]}" 2>&1 >/dev/tty)
-	for choice in $choices
+	if [[ $? = 0 ]];then
-	do
+		for choice in $choices
-		case $choice in
+		do
-		IPv4	)		useIPv4=true;;
+			case $choice in
-		IPv6	)		useIPv6=true;;
+			IPv4	)		useIPv4=true;;
-		esac
+			IPv6	)		useIPv6=true;;
-	done
+			esac
-	if [ $useIPv4 ] && [ ! $useIPv6 ]; then
+		done
-		getStaticIPv4Settings
+		
-		setStaticIPv4
+		if [ $useIPv4 ] && [ ! $useIPv6 ]; then
-		echo "::: Using IPv4 on $IPv4addr"
+			getStaticIPv4Settings
-		echo "::: IPv6 will NOT be used."
+			setStaticIPv4
-	fi
+			echo "::: Using IPv4 on $IPv4addr"
-	if [ ! $useIPv4 ] && [ $useIPv6 ]; then
+			echo "::: IPv6 will NOT be used."
-		useIPv6dialog
+		fi
-		echo "::: IPv4 will NOT be used."
+		if [ ! $useIPv4 ] && [ $useIPv6 ]; then
-		echo "::: Using IPv6 on $piholeIPv6"
+			useIPv6dialog
-	fi
+			echo "::: IPv4 will NOT be used."
-	if [ $useIPv4 ] && [  $useIPv6 ]; then
+			echo "::: Using IPv6 on $piholeIPv6"
-		getStaticIPv4Settings
+		fi
-		setStaticIPv4
+		if [ $useIPv4 ] && [  $useIPv6 ]; then
-		useIPv6dialog
+			getStaticIPv4Settings
-		echo "::: Using IPv4 on $IPv4addr"
+			setStaticIPv4
-		echo "::: Using IPv6 on $piholeIPv6"
+			useIPv6dialog
-	fi
+			echo "::: Using IPv4 on $IPv4addr"
-	if [ ! $useIPv4 ] && [ ! $useIPv6 ]; then
+			echo "::: Using IPv6 on $piholeIPv6"
-		echo "::: Cannot continue, neither IPv4 or IPv6 selected"
+		fi
-		echo "::: Exiting"
+		if [ ! $useIPv4 ] && [ ! $useIPv6 ]; then
+			echo "::: Cannot continue, neither IPv4 or IPv6 selected"
+			echo "::: Exiting"
+			exit 1
+		fi
+	else
+		echo "::: Cancel selected. Exiting..."
 		exit 1
 	fi
 }
 
-useIPv6dialog(){
+useIPv6dialog() {
+	# Show the IPv6 address used for blocking
 	piholeIPv6=$(ip -6 route get 2001:4860:4860::8888 | awk -F " " '{ for(i=1;i<=NF;i++) if ($i == "src") print $(i+1) }')
 	whiptail --msgbox --backtitle "IPv6..." --title "IPv6 Supported" "$piholeIPv6 will be used to block ads." $r $c
-	$SUDO mkdir -p /etc/pihole/
+
 	$SUDO touch /etc/pihole/.useIPv6
 }
 
-getStaticIPv4Settings(){
+getStaticIPv4Settings() {
 	# Ask if the user wants to use DHCP settings as their static IP
 	if (whiptail --backtitle "Calibrating network interface" --title "Static IP Address" --yesno "Do you want to use your current network settings as a static address?
 									IP address:    $IPv4addr
@@ -205,11 +220,11 @@ getStaticIPv4Settings(){
 			# Ask for the IPv4 address
 			IPv4addr=$(whiptail --backtitle "Calibrating network interface" --title "IPv4 address" --inputbox "Enter your desired IPv4 address" $r $c $IPv4addr 3>&1 1>&2 2>&3)
 			if [[ $? = 0 ]];then
-				echo "Your static IPv4 address:    $IPv4addr"
+				echo "::: Your static IPv4 address:    $IPv4addr"
 				# Ask for the gateway
 				IPv4gw=$(whiptail --backtitle "Calibrating network interface" --title "IPv4 gateway (router)" --inputbox "Enter your desired IPv4 default gateway" $r $c $IPv4gw 3>&1 1>&2 2>&3)
 				if [[ $? = 0 ]];then
-					echo "Your static IPv4 gateway:    $IPv4gw"
+					echo "::: Your static IPv4 gateway:    $IPv4gw"
 					# Give the user a chance to review their settings before moving on
 					if (whiptail --backtitle "Calibrating network interface" --title "Static IP Address" --yesno "Are these settings correct?
 							IP address:    $IPv4addr
@@ -227,158 +242,213 @@ getStaticIPv4Settings(){
 				else
 					# Cancelling gateway settings window
 					ipSettingsCorrect=False
-					echo "User canceled."
+					echo "::: Cancel selected. Exiting..."
-					exit
+					exit 1
 				fi
 			else
 				# Cancelling IPv4 settings window
 				ipSettingsCorrect=False
-				echo "User canceled."
+				echo "::: Cancel selected. Exiting..."
-				exit
+				exit 1
 			fi
 		done
 	# End the if statement for DHCP vs. static
 	fi
 }
 
-setDHCPCD(){
+setDHCPCD() {
-	#Append these lines to dhcpcd.conf to enable a static IP
+	# Append these lines to dhcpcd.conf to enable a static IP
-	echo "interface $piholeInterface
+	echo "::: interface $piholeInterface
 	static ip_address=$IPv4addr
 	static routers=$IPv4gw
 	static domain_name_servers=$IPv4gw" | $SUDO tee -a $dhcpcdFile >/dev/null
 }
 
-setStaticIPv4(){
+setStaticIPv4() {
+	# Tries to set the IPv4 address
 	if grep -q $IPv4addr $dhcpcdFile; then
 		# address already set, noop
 		:
 	else
 		setDHCPCD
 		$SUDO ip addr replace dev $piholeInterface $IPv4addr
-		echo "Setting IP to $IPv4addr.  You may need to restart after the install is complete."
+		echo ":::"
+		echo "::: Setting IP to $IPv4addr.  You may need to restart after the install is complete."
+		echo ":::"
 	fi
 }
 
-installScripts(){
+setDNS(){
+	DNSChoseCmd=(whiptail --separate-output --radiolist "Select Upstream DNS Provider" $r $c 2)
+	DNSChooseOptions=(Google "" on
+					  OpenDNS "" off)
+	DNSchoices=$("${DNSChoseCmd[@]}" "${DNSChooseOptions[@]}" 2>&1 >/dev/tty)
+	if [[ $? = 0 ]];then
+		case $DNSchoices in
+			Google)
+				echo "::: Using Google DNS servers."
+				piholeDNS1="8.8.8.8"
+				piholeDNS2="8.8.4.4"
+				;;
+			OpenDNS)
+				echo "::: Using OpenDNS servers."
+				piholeDNS1="208.67.222.222"
+				piholeDNS2="208.67.220.220"
+				;;
+		esac
+	else
+		echo "::: Cancel selected. Exiting..."
+		exit 1
+	fi
+}
+
+versionCheckDNSmasq(){
+	# Check if /etc/dnsmasq.conf is from pihole.  If so replace with an original and install new in .d directory
+	dnsFile1="/etc/dnsmasq.conf"
+	dnsFile2="/etc/dnsmasq.conf.orig"
+	dnsSearch="addn-hosts=/etc/pihole/gravity.list"
+	
+	# Check if /etc/dnsmasq.conf exists
+	if [ -d "/etc/dnsmasq.conf" ]; then
+		# If true, Check dnsmasq.conf for pihole magic
+		if grep -q $dnsSearch $dnsFile1; then
+			# If true, Check dnsmasq.conf.orig for pihole magic
+			if grep -q $dnsSearch $dnsFile2; then
+				# If true, use advanced/dnsmasq.conf.original
+				$SUDO mv -f /etc/dnsmasq.conf /etc/dnsmasq.conf.orig
+				$SUDO cp /etc/.pihole/advanced/dnsmasq.conf.original /etc/dnsmasq.conf
+			else
+				# If false, mv original file back
+				$SUDO mv -f /etc/dnsmasq.conf.orig /etc/dnsmasq.conf
+			fi
+		# If false, This is a fresh install
+		fi
+	else
+		# If false, use advanced/dnsmasq.conf.original
+		$SUDO cp /etc/.pihole/advanced/dnsmasq.conf.original /etc/dnsmasq.conf
+	fi
+	
+	$SUDO cp /etc/.pihole/advanced/01-pihole.conf /etc/dnsmasq.d/01-pihole.conf
+	$SUDO sed -i "s/@INT@/$piholeInterface/" /etc/dnsmasq.d/01-pihole.conf
+	$SUDO sed -i "s/@DNS1@/$piholeDNS1/" /etc/dnsmasq.d/01-pihole.conf
+	$SUDO sed -i "s/@DNS2@/$piholeDNS2/" /etc/dnsmasq.d/01-pihole.conf
+}
+
+installScripts() {
+	# Install the scripts from /etc/.pihole to their various locations
 	$SUDO echo ":::"
 	$SUDO echo -n "::: Installing scripts..."
-	$SUDO cp /etc/.pihole/gravity.sh /usr/local/bin/gravity.sh	
+	$SUDO cp /etc/.pihole/gravity.sh /usr/local/bin/gravity.sh
 	$SUDO cp /etc/.pihole/advanced/Scripts/chronometer.sh /usr/local/bin/chronometer.sh
-	$SUDO cp /etc/.pihole/advanced/Scripts/whitelist.sh /usr/local/bin/whitelist.sh 
+	$SUDO cp /etc/.pihole/advanced/Scripts/whitelist.sh /usr/local/bin/whitelist.sh
-	$SUDO cp /etc/.pihole/advanced/Scripts/blacklist.sh /usr/local/bin/blacklist.sh 
+	$SUDO cp /etc/.pihole/advanced/Scripts/blacklist.sh /usr/local/bin/blacklist.sh
-	$SUDO cp /etc/.pihole/advanced/Scripts/piholeLogFlush.sh /usr/local/bin/piholeLogFlush.sh 
+	$SUDO cp /etc/.pihole/advanced/Scripts/piholeLogFlush.sh /usr/local/bin/piholeLogFlush.sh
-	$SUDO cp /etc/.pihole/advanced/Scripts/updateDashboard.sh /usr/local/bin/updateDashboard.sh 
+	$SUDO cp /etc/.pihole/advanced/Scripts/updateDashboard.sh /usr/local/bin/updateDashboard.sh
 	$SUDO chmod 755 /usr/local/bin/{gravity,chronometer,whitelist,blacklist,piholeLogFlush,updateDashboard}.sh
 	$SUDO echo " done."
 }
 
-installConfigs(){
+installConfigs() {
+	# Install the configs from /etc/.pihole to their various locations
 	$SUDO echo ":::"
 	$SUDO echo -n "::: Installing configs..."
-	$SUDO mv /etc/dnsmasq.conf /etc/dnsmasq.conf.orig
+	versionCheckDNSmasq
 	$SUDO mv /etc/lighttpd/lighttpd.conf /etc/lighttpd/lighttpd.conf.orig
-	$SUDO cp /etc/.pihole/advanced/dnsmasq.conf /etc/dnsmasq.conf 
+	$SUDO cp /etc/.pihole/advanced/lighttpd.conf /etc/lighttpd/lighttpd.conf
-	$SUDO cp /etc/.pihole/advanced/lighttpd.conf /etc/lighttpd/lighttpd.conf 
-	$SUDO sed -i "s/@INT@/$piholeInterface/" /etc/dnsmasq.conf
 	$SUDO echo " done."
 }
 
-stopServices(){
+stopServices() {
+	# Stop dnsmasq and lighttpd
 	$SUDO echo ":::"
 	$SUDO echo -n "::: Stopping services..."
-	$SUDO service dnsmasq stop & spinner $! || true 
+	$SUDO service dnsmasq stop & spinner $! || true
-	$SUDO service lighttpd stop & spinner $! || true 
+	$SUDO service lighttpd stop & spinner $! || true
 	$SUDO echo " done."
 }
 
-checkForDependencies(){
+checkForDependencies() {
- 		
+	#Running apt-get update/upgrade with minimal output can cause some issues with
- 		#Running apt-get update/upgrade with minimal output can cause some issues with
+	#requiring user input (e.g password for phpmyadmin see #218)
- 		#requiring user input (e.g password for phpmyadmin see #218)
+	#We'll change the logic up here, to check to see if there are any updates availible and
- 		#We'll change the logic up here, to check to see if there are any updates availible and
+	# if so, advise the user to run apt-get update/upgrade at their own discretion
- 		# if so, advise the user to run apt-get update/upgrade at their own discretion
+
- 		
+	#Check to see if apt-get update has already been run today
- 		today=$(date "+%b %e")
+	# it needs to have been run at least once on new installs!
- 		echo ":::"
+
- 		echo -n "::: Checking apt-get for upgraded packages...."
+	timestamp=$(stat -c %Y /var/cache/apt/)
- 		updatesToInstall=$(sudo apt-get -s -o Debug::NoLocking=true upgrade | grep -c ^Inst) & spinner $!
+	timestampAsDate=$(date -d @$timestamp "+%b %e")
- 		echo " done!"
+	today=$(date "+%b %e")
-		
+
+	if [ ! "$today" == "$timestampAsDate" ]; then
+	    #update package lists
+	    echo ":::"
+	    echo -n "::: apt-get update has not been run today. Running now..."
+	    $SUDO apt-get -qq update & spinner $!
+	    echo " done!"
+	  fi
 		echo ":::"
-		if [ $updatesToInstall > 0 ]; then
+		echo -n "::: Checking apt-get for upgraded packages...."
-			echo "::: There are $updatesToInstall updates availible for your pi!"
+		updatesToInstall=$(sudo apt-get -s -o Debug::NoLocking=true upgrade | grep -c ^Inst)
-			echo "::: Please consider running 'sudo apt-get update', followed by 'sudo apt-get upgrade'"
+		echo " done!"
-			echo "::: after pi-hole has finished installing."
+		echo ":::"
-			echo ":::"
+		if [[ $updatesToInstall -eq "0" ]]; then
-			#add in a prompt to give users the option to quit installation or continue
+			echo "::: Your pi is up to date! Continuing with pi-hole installation..."
-			echo -n "::: Would you like to continue with the pi-hole installation? (Y/n):"
-			read answer
-			
-			case "$answer" in
-    		[yY][eE][sS]|[yY]  )  echo "::: Continuing!";;
-   		  *                  )  echo "::: Quitting install, please run 'curl -L install.pi-hole.net | bash' after updating packages!"
-              								exit 0;;
-			esac 			
-			
 		else
-		  echo "::: Your pi is up to date! Continuing with pi-hole installation..."
+			echo "::: There are $updatesToInstall updates availible for your pi!"
-		fi    
+			echo "::: We recommend you run 'sudo apt-get upgrade' after installing Pi-Hole! "
-    
+			echo ":::"
-    echo ":::" 
+		fi
+    echo ":::"
     echo "::: Checking dependencies:"
 
-    dependencies=( dnsutils bc toilet figlet dnsmasq lighttpd php5-common php5-cgi php5 git curl unzip wget )
+	dependencies=( dnsutils bc toilet figlet dnsmasq lighttpd php5-common php5-cgi php5 git curl unzip wget )
-    for i in "${dependencies[@]}"
+	for i in "${dependencies[@]}"
-    do
+	do
-       :
+	:
-      echo -n ":::    Checking for $i..."
+		echo -n ":::    Checking for $i..."
-      if [ $(dpkg-query -W -f='${Status}' $i 2>/dev/null | grep -c "ok installed") -eq 0 ]; then
+		if [ $(dpkg-query -W -f='${Status}' $i 2>/dev/null | grep -c "ok installed") -eq 0 ]; then
-          echo -n " Not found! Installing...."
+			echo -n " Not found! Installing...."
-          $SUDO apt-get -y -qq install $i > /dev/null & spinner $!
+			$SUDO apt-get -y -qq install $i > /dev/null & spinner $!
-          echo " done!"
+			echo " done!"
-      else
+		else
-          echo " already installed!"
+			echo " already installed!"
-      fi
+		fi
-    done
+	done
 }
 
-getGitFiles(){
+getGitFiles() {
-  
+	# Setup git repos for base files and web admin
-  echo ":::"
+	echo ":::"
 	echo "::: Checking for existing base files..."
-	if is_repo $piholeFilesDir; then				
+	if is_repo $piholeFilesDir; then
-        make_repo $piholeFilesDir $piholeGitUrl        
+		make_repo $piholeFilesDir $piholeGitUrl
-  else  		
+	else
-  		update_repo $piholeFilesDir  		
+		update_repo $piholeFilesDir
-  fi
+	fi
-
-  echo ":::"  
-  echo "::: Checking for existing web interface..."
-  if is_repo $webInterfaceDir; then  		
-  		make_repo $webInterfaceDir $webInterfaceGitUrl  		
-  else
-  		update_repo $webInterfaceDir
-  		
-  fi
 
+	echo ":::"
+	echo "::: Checking for existing web interface..."
+	if is_repo $webInterfaceDir; then
+		make_repo $webInterfaceDir $webInterfaceGitUrl
+	else
+		update_repo $webInterfaceDir
+	fi
 }
 
 is_repo() {
-		echo -n ":::    Checking $1 is a repo..."
+	# If the directory does not have a .git folder it is not a repo
-    # if the directory does not have a .git folder 
+	echo -n ":::    Checking $1 is a repo..."
-    # it is not a repo
     if [ -d "$1/.git" ]; then
     		echo " OK!"
         return 1
     fi
     echo " not found!!"
     return 0
-    
 }
 
 make_repo() {
-    # remove the non-repod interface and clone the interface
+    # Remove the non-repod interface and clone the interface
     echo -n ":::    Cloning $2 into $1..."
     $SUDO rm -rf $1
     $SUDO git clone -q "$2" "$1" > /dev/null & spinner $!
@@ -386,7 +456,7 @@ make_repo() {
 }
 
 update_repo() {
-    # pull the latest commits
+    # Pull the latest commits
     echo -n ":::     Updating repo in $1..."
     cd "$1"
     $SUDO git pull -q > /dev/null & spinner $!
@@ -394,7 +464,8 @@ update_repo() {
 }
 
 
-CreateLogFile(){
+CreateLogFile() {
+	# Create logfiles if necessary
 	echo ":::"
 	$SUDO  echo -n "::: Creating log file and changing owner to dnsmasq..."
 	if [ ! -f /var/log/pihole.log ]; then
@@ -405,10 +476,10 @@ CreateLogFile(){
 	else
 		$SUDO  echo " already exists!"
 	fi
-	
 }
 
-installPiholeWeb(){
+installPiholeWeb() {
+	# Install the web interface
 	$SUDO echo ":::"
 	$SUDO echo -n "::: Installing pihole custom index page..."
 	if [ -d "/var/www/html/pihole" ]; then
@@ -419,42 +490,43 @@ installPiholeWeb(){
 		$SUDO cp /etc/.pihole/advanced/index.html /var/www/html/pihole/index.html
 		$SUDO echo " done!"
 	fi
-	
 }
 
-installCron(){
+installCron() {
+	# Install the cron job
 	$SUDO echo ":::"
 	$SUDO echo -n "::: Installing latest Cron script..."
 	$SUDO cp /etc/.pihole/advanced/pihole.cron /etc/cron.d/pihole
 	$SUDO echo " done!"
 }
 
-runGravity(){
+runGravity() {
+	# Rub gravity.sh to build blacklists
 	$SUDO echo ":::"
-	$SUDO echo "::: Preparing to run gravity.sh to refresh hosts..."
+	$SUDO echo "::: Preparing to run gravity.sh to refresh hosts..."	
 	if ls /etc/pihole/list* 1> /dev/null 2>&1; then
-		echo "::: Cleaning up previous install (preserving whitelist/blacklist)"
+		echo "::: Cleaning up previous install (preserving whitelist/blacklist)"		
 		$SUDO rm /etc/pihole/list.*
 	fi
 	#Don't run as SUDO, this was causing issues
 	echo "::: Running gravity.sh"
 	echo ":::"
-	
+
 	/usr/local/bin/gravity.sh
-	
 }
 
 
-installPihole(){
+installPihole() {
+	# Install base files and web interface
 	checkForDependencies # done
 	stopServices
-	
+	$SUDO mkdir -p /etc/pihole/
 	$SUDO chown www-data:www-data /var/www/html
 	$SUDO chmod 775 /var/www/html
 	$SUDO usermod -a -G www-data pi
 	$SUDO lighty-enable-mod fastcgi fastcgi-php > /dev/null
-	
+
-	getGitFiles	
+	getGitFiles
 	installScripts
 	installConfigs
 	#installWebAdmin
@@ -464,8 +536,9 @@ installPihole(){
 	runGravity
 }
 
-displayFinalMessage(){
+displayFinalMessage() {
-whiptail --msgbox --backtitle "Make it so." --title "Installation Complete!" "Configure your devices to use the Pi-hole as their DNS server using:
+	# Final completion message to user
+	whiptail --msgbox --backtitle "Make it so." --title "Installation Complete!" "Configure your devices to use the Pi-hole as their DNS server using:
 
 $IPv4addr
 $piholeIPv6
@@ -477,6 +550,7 @@ The install log is in /etc/pihole." $r $c
 
 ######## SCRIPT ############
 # Start the installer
+$SUDO mkdir -p /etc/pihole/
 welcomeDialogs
 
 # Just back up the original Pi-hole right away since it won't take long and it gets it out of the way
@@ -486,7 +560,8 @@ chooseInterface
 # Let the user decide if they want to block ads over IPv4 and/or IPv6
 use4andor6
 
-
+# Decide what upstream DNS Servers to use
+setDNS
 
 # Install and log everything to a file
 installPihole | tee $tmpLog
@@ -496,5 +571,6 @@ $SUDO mv $tmpLog $instalLogLoc
 
 displayFinalMessage
 
+# Start services
 $SUDO service dnsmasq start
 $SUDO service lighttpd start

automated install/uninstall.sh

@@ -1,7 +1,9 @@
 #!/usr/bin/env bash
-# Completely uninstalls the Pi-hole
+# Pi-hole: A black hole for Internet advertisements
-# (c) 2015 by Jacob Salmela
+# (c) 2015, 2016 by Jacob Salmela
-# This file is part of Pi-hole.
+# Network-wide ad blocking via your Raspberry Pi
+# http://pi-hole.net
+# Completely uninstalls Pi-hole
 #
 # Pi-hole is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by

block hulu ads/lighttpd.conf

@@ -1,3 +1,14 @@
+# Pi-hole: A black hole for Internet advertisements
+# (c) 2015, 2016 by Jacob Salmela
+# Network-wide ad blocking via your Raspberry Pi
+# http://pi-hole.net
+# Lighttpd config file for Pi-hole
+#
+# Pi-hole is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 2 of the License, or
+# (at your option) any later version.
+
 server.modules = (
 	"mod_access",
 	"mod_alias",

block hulu ads/minidlna.conf

@@ -1,6 +1,17 @@
+# Pi-hole: A black hole for Internet advertisements
+# (c) 2015, 2016 by Jacob Salmela
+# Network-wide ad blocking via your Raspberry Pi
+# http://pi-hole.net
+# MiniDLNA config file for Pi-hole
+#
+# Pi-hole is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 2 of the License, or
+# (at your option) any later version.
+
 media_dir=V,/var/lib/minidlna/videos/
 port=8200
 friendly_name=pihole
 serial=12345678
 model_number=1
-inotify=yes
+inotify=yes

gravity.sh

@@ -29,6 +29,9 @@ fi
 piholeIPfile=/tmp/piholeIP
 piholeIPv6file=/etc/pihole/.useIPv6
 
+adListFile=/etc/pihole/adlists.list
+adListDefault=/etc/pihole/adlists.default
+
 if [[ -f $piholeIPfile ]];then
     # If the file exists, it means it was exported from the installation script and we should use that value instead of detecting it in this script
     piholeIP=$(cat $piholeIPfile)
@@ -45,18 +48,8 @@ if [[ -f $piholeIPv6file ]];then
     piholeIPv6=$(ip -6 route get 2001:4860:4860::8888 | awk -F " " '{ for(i=1;i<=NF;i++) if ($i == "src") print $(i+1) }')
 fi
 
-# Ad-list sources--one per line in single quotes
+
-# The mahakala source is commented out due to many users having issues with it blocking legitimate domains.
+
-# Uncomment at your own risk
-sources=('https://adaway.org/hosts.txt'
-'http://adblock.gjtech.net/?format=unix-hosts'
-#'http://adblock.mahakala.is/'
-'http://hosts-file.net/ad_servers.txt'
-'http://www.malwaredomainlist.com/hostslist/hosts.txt'
-'http://pgl.yoyo.org/adservers/serverlist.php?'
-'http://someonewhocares.org/hosts/hosts'
-'http://winhelp2002.mvps.org/hosts.txt'
-'http://mirror1.malwaredomains.com/files/justdomains')
 
 # Variables for various stages of downloading and formatting the list
 basename=pihole
@@ -97,7 +90,26 @@ spinner(){
 ###########################
 # collapse - begin formation of pihole
 function gravity_collapse() {
-	echo -n "::: Neutrino emissions detected..."
+	echo "::: Neutrino emissions detected..."
+	echo ":::"
+	#Decide if we're using a custom ad block list, or defaults.
+	if [ -f $adListFile ]; then
+		#custom file found, use this instead of default
+		echo -n "::: Custom adList file detected. Reading..."
+		sources=()
+		while read -a line; do
+			sources+=($line)
+		done < $adListFile
+		echo " done!"	
+	else
+		#no custom file found, use defaults!
+		echo -n "::: No custom adlist file detected, reading from default file..."
+				sources=()
+		while read -a line; do
+			sources+=($line)
+		done < $adListDefault
+		echo " done!"	
+	fi	
 
 	# Create the pihole resource directory if it doesn't exist.  Future files will be stored here
 	if [[ -d $piholeDir ]];then
@@ -319,7 +331,7 @@ function gravity_reload() {
 	echo " done!"
 }
 
-
+$SUDO cp /etc/.pihole/adlists.default /etc/pihole/adlists.default
 gravity_collapse
 gravity_spinup
 gravity_Schwarzchild