Blocking subdomains based on a list

Dear Pi Hole community,

I'm beginning to despair with the configuration of the filter lists. A youth protection filter is planned.

These filter lists were used as a basis:

https://github.com/chadmayfield/pihole-blocklists/raw/master/lists/pi_blocklist_porn_all.list

The problem is that the subdomains (e.g. www.youporn.com) are still accessible.

Idea:
Editing the list with regex expressions

Implementation:
Use sed to add a $ character to the end of each line and reimport the list via the Panel. Unfortunately, the list import does not seem to convert the expressions.

Next idea:
Insert a www before each line.

Problem:
Pages like de.youporn.com or es.youporn.com are still accessible. Covering this would go beyond the list.

Further idea:
Manual insertion of the expressions into the regex.list and recompiling with >recompile-regex

Problem:
Pi-Hole seems to hang up and is no longer available.

Question:
Many seem to have this problem, there are already some posts, but none of them offer a solution. What are the possibilities?

Best regards

rosaLux161

The pi_blocklist_porn_all.list is huge. Importing it completely into the regex.list as wildcards might be too much (at least for a Rasberry Pi). Also you need to escape certain characters in the domains. A . has to be \.
And you will still miss some domains.

You should start with adding a plain porn, sex and whatever comes to your mind to your regex filter via the web interface and the button: Add (regex)

or

pihole regex porn sex xxx

via the shell.

The list got a total of 1,871,349 entries.

• porn has 124,326 matches in that list,
• sex 260,983 and
• xxx 58,378.

Maybe we found some more expressions that cover that list (and probably every other obvious porn domain registered in the future )

I would wish for a curated regex list for the Pi-hole for different categories (in addition to porn).
While blocklists and whitelists for domains change over time - new domains getting added, old ones removed - the expressions would stay the same!

This does not block porn.com but .porn.com (which isn't allowed in the DNS).

However all subdomains.porn.com (which are not on that list) will be blocked.

You need this:

(^|\.)[a-z]*porn[a-z]*\.[a-z]{2,7}$ 19,487 hits

But this still does not block domains like 123porn.com or porn24.com

This would help:

(^|\.)[a-z0-9]*porn[a-z0-9]*\.[a-z]{2,7}$ 20,787 hits

And because the longest allowed/possible TLD is 63 (!!!) and numbers are allowed there too, it needs to look like this:

(^|\.)[a-z0-9]*porn[a-z0-9]*\.[a-z0-9]{2,63}$

Source: Name space specifications and terminology and Preferred name syntax

Yeah, I totally get that! That's why I suggested a plain porn as regex filter.

It filters every domain with the word porn in it. Regardless if it is porn.domain.com or subdomain.porn.com or 000porn.com (and its subdomains) which is the very first domain my suggested regex filter

(^|\.)[a-z0-9]*porn[a-z0-9]*\.[a-z0-9]{2,63}$

finds in the pi_blocklist_porn_all.list (line 262)

Your suggestion

does not block 000porn.com (on the list) or any of its subdomains (not on the list)!
So it doesn't help @rosaLux161 with their problem.

So for a youth protection filter I still suggest:

Which will even block unknown and newly registered domains regarding porn, sex, ... as well as domains with hyphens, like the very second domain on that list -allporn-.tumblr.com or something like 0-porno.net.

And for some rare cases like Food Porn there's still the whitelist.

Best regards

In addition, you can use a filtered upstream DNS server. These typically have actively maintained block lists and filters. Setup Guide | OpenDNS is one such service.

But please read Do you share any information? What is your privacy policy? and the linked Cisco Online Privacy Statement (Cisco is the owner of OpenDNS). And decide for yourself!

Trusting a large company like Cisco (or i.e. Google with its DNS server) with all of your (upstream) DNS queries is, at least for me personally, contradictory to the idea of a local and self operated DNS server.

Use local lists, like the pi_blocklist_porn_all.list, as well as the really handy regex feature and install and use unbound as your own local resolver, as described here:

Pi-hole as All-Around DNS Solution or
Set up Pi-hole as truly self-contained DNS resolver.

Blocking ads and trackers for privacy reasons (+ porn in this case) but telling a company all about the websites you are visiting can't be right.
Especially if it's a company that's known for getting spied on by the NSA - according to Snowden's leaks.

I think everyone should know ALL the information and decide for themselves.

Your ISP sees all this...

That's subject to discussion.

And because one "decides" to "share" information with ONE company this does not justify to unnecessarily share those information with a second company, which - in my case - is based in a different jurisdiction.

Some important questions are: ARE they allowed to log, DO they log, do they use this information for advertisement or anything else. Are there federal laws that force them to share those information with the authorities (without noticing the subjects). And so on and so forth.
Those laws differ from country to country and if you're not living in the US but i.e. in the EU you should think about that if you're planning to use i.e. Cisco/OpenDNS.

Everyone is free to educate themselves and should do that!

I'm not able to school US citizens on US law (or any other country specific law for that matter).
It's hard enough to grasp for one country AND the EU.

(Sorry that I can't specify in more detail, but English isn't my first language, it takes time to translate/compose my arguments. Time I don't have today. Maybe I elaborate next time. )

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.