The Pi-hole team has released version 2025.11.1, delivering significant performance improvements to the popular network-wide ad blocker. The update focuses on FTL optimizations including better string processing, improved memory management, and new compiler flags like -march=native and -funroll-loops that should make DNS queries faster and more efficient. The team has also reduced DNS resolver locking during database interactions, addressing a common bottleneck for busy networks.
On the security front, Pi-hole now includes rate-limiting for TOTP validation, capping attempts at one per second to prevent brute-force attacks against two-factor authentication. The login experience gets a quality-of-life improvement with autocomplete="one-time-code" support, letting browsers and password managers automatically suggest 2FA codes. The API also gains support for hardware addresses longer than 48 bits, properly handling InfiniBand and similar networking hardware.
The web interface sees several refinements, including an "All Time" query log view that now accurately reflects the earliest timestamp in your database. The Gravity API defaults to plain text output rather than ANSI color codes, fixing compatibility issues for third-party tools consuming the API. Users can update via pihole -up from the command line, and the release is also available as Docker tag 2025.11.1.
