blacklist/whitelist grouping

Since 5.0 implements “Deep CNAME inspection” which seems to be quite agressive (which is what more privacy minded people usually would want) whitelisting domains that Deep CNAME inspection blocks add up quite quickly, which in turn makes especially the whitelist quite cluttered.
Would be nice to have an option to group the domains needed to a run specific websites into one place. Additionally having ability to add domains to multiple groups could come in handy (and these domains would requiring confirmation when deleted ofc).

You shouldn’t need to whitelist the CNAMEs. You only need to whitelist the domain you want to have access to. If site1.com is the domain you want to have access to and it is actually siteCNAMEisblocked.com then just whitelist site1.com. The danger with whitelisting the CNAME site is that it will whitelist it everywhere.

Example:

My local newspaper site only works if a certain Facebook domain is allowed. I don’t want Facebook normally and I don’t want every site in the internet to be able to track me with that domain. So I whitelist the newspaper domain so only that one site can work.

1 Like

There is a feature in V5.0 where you can disable CNAME blocking and have V5.0 behave as V4.x does in this regard.

Add this configuration parameter to /etc/pihole/pihole-FTL.conf and restart FTL

CNAME_DEEP_INSPECT=false

Documentation added.

Preview server: https://deploy-preview-201--pihole-docs.netlify.app/ftldns/configfile/#cname_deep_inspect

1 Like

And published:
https://docs.pi-hole.net/ftldns/configfile/#cname_deep_inspect

1 Like