I'm trying to figure out the approach to take to block a large number of domains.
Is there any way of using regex in a blocklist? Basically what I am trying to accomplish is having a blocklist containing newly registered domains, this list gets updated once a day and I am trying to block any hostname from said domains.
Overall this list would be around 3 million domains for the past 30 days, using the api/sqlite to inject and remove every single domain (sort of) every day isn't really feasible I think. Or is there some way of having PiHole understand that the block list it downloads contains regex?
The other way I could do it would be to add every naked domain as well as www into the list, turning it into a 6 million hosts list, but then that only would capture those rather than any other subdomain that might show up which is not getting me all the way to the intended result.
But if you create this list and know which entries are regex (using a flag or so) you could adapt your injection: Split the file in regex and non-regex. The non-regex file is imported as an adlist at once (run gravity afterwards). Only the regex file has to be injected line by line into the database.
This comparison may be flawed, but I can't imagine some high-profile bodyguard to have an easier job by requesting and storing information about every new-born baby world-wide, only to delete it once they reach pre-school age. None of those have ever met the target, most very likely never will, and how many of the few who do will pose an actual threat?
If you want to be that cautious, following a deny all policy, allowing access to known and verified domains only, may be both easier to implement and to maintain, and also more effective.
A common strategy is to not trust newly created domains.
Some companies create and discard them (for example ad/tracking purposes) quicker than you can say dodadoda.
Only when a domain exists for a bit longer can it be trusted ... just a little
Am not sure if its a valid/effective strategy though.