Commonly Whitelisted Domains

whitelisting
#1

This post is a wiki post. Anybody can edit it to provide useful tips for whitelisting. Editing abuse may result in a ban from the forums!

Whitelisting Tips

List any tips you’ve discovered on how or what to whitelist in order to solve specific issues!

Google (Maps, Youtube, etc)

Google Maps and other Google services

pihole -w clients4.google.com 
pihole -w clients2.google.com

YouTube history

pihole -w s.youtube.com 
pihole -w video-stats.l.google.com

Google Play

As described here.

pihole -w android.clients.google.com

Google Keep

The Google Keep Chrome App requires these domains to be whitelisted in order to sync.
pihole -w reminders-pa.googleapis.com firestore.googleapis.com

Gmail (Google Mail)

iOS app requires this to be whitelisted for the app to connect.
pihole -w googleapis.l.google.com

Microsoft (Windows, Office, Skype, etc)

Windows uses this to verify connectivity to Internet

pihole -w www.msftncsi.com

Microsoft Web Pages (Outlook, Office365, Live, Microsoft.com…)

pihole -w outlook.office365.com products.office.com c.s-microsoft.com i.s-microsoft.com login.live.com login.microsoftonline.com 

Backup bitlocker recovery key to Microsoft account

pihole -w g.live.com

Windows Store

pihole -w dl.delivery.mp.microsoft.com geo-prod.do.dsp.mp.microsoft.com displaycatalog.mp.microsoft.com

Xbox Live

This domain is used for sign-ins, creating new accounts, and recovering existing Microsoft accounts on your (confirmed by Microsoft)

pihole -w clientconfig.passport.net 

These domains are used for Xbox Live Achievements (confirmed by Microsoft)

pihole -w v10.events.data.microsoft.com
pihole -w v20.events.data.microsoft.com

Used for Xbox Live Messaging (post)

pihole -w client-s.gateway.messenger.live.com

There are several domains discovered initially on Reddit and /r/xboxone, which were also confirmed by Microsoft as being required by Xbox Live for full functionality.

pihole -w xbox.ipv6.microsoft.com device.auth.xboxlive.com www.msftncsi.com title.mgt.xboxlive.com xsts.auth.xboxlive.com title.auth.xboxlive.com ctldl.windowsupdate.com attestation.xboxlive.com xboxexperiencesprod.experimentation.xboxlive.com xflight.xboxlive.com cert.mgt.xboxlive.com xkms.xboxlive.com def-vef.xboxlive.com notify.xboxlive.com help.ui.xboxlive.com licensing.xboxlive.com eds.xboxlive.com www.xboxlive.com v10.vortex-win.data.microsoft.com settings-win.data.microsoft.com

Skype

See the GitHub Topic on these domains.

pihole -w s.gateway.messenger.live.com client-s.gateway.messenger.live.com ui.skype.com pricelist.skype.com apps.skype.com m.hotmail.com sa.symcb.com s{1..5}.symcb.com 

Microsoft Office

Reddit link - r/pihole - MS Office issues

pihole -w officeclient.microsoft.com

Jackbox.tv

Jackbox.tv will not load unless you whitelist google-analytics

pihole -w www.google-analytics.com
pihole -w ssl.google-analytics.com

Spotify

The Spotify app for iOS will stop functioning unless it’s web service counterpart is whitelisted.

pihole -w spclient.wg.spotify.com apresolve.spotify.com

Target's Weekly Ads

pihole -w weeklyad.target.com m.weeklyad.target.com weeklyad.target.com.edgesuite.net

Facebook, Facebook Messenger

pihole -w upload.facebook.com creative.ak.fbcdn.net external-lhr0-1.xx.fbcdn.net external-lhr1-1.xx.fbcdn.net external-lhr10-1.xx.fbcdn.net external-lhr2-1.xx.fbcdn.net external-lhr3-1.xx.fbcdn.net external-lhr4-1.xx.fbcdn.net external-lhr5-1.xx.fbcdn.net external-lhr6-1.xx.fbcdn.net external-lhr7-1.xx.fbcdn.net external-lhr8-1.xx.fbcdn.net external-lhr9-1.xx.fbcdn.net fbcdn-creative-a.akamaihd.net scontent-lhr3-1.xx.fbcdn.net scontent.xx.fbcdn.net scontent.fgdl5-1.fna.fbcdn.net graph.facebook.com b-graph.facebook.com connect.facebook.com cdn.fbsbx.com api.facebook.com edge-mqtt.facebook.com mqtt.c10r.facebook.com portal.fb.com star.c10r.facebook.com star-mini.c10r.facebook.com b-api.facebook.com fb.me

DirectTV

Sourced from here.

pihole -w directvnow.com directvapplications.hb.omtrdc.net s.zkcdn.net js.maxmind.com

Bild DE

pihole -w ec-ns.sascdn.com

Plex Domains

pihole -w plex.tv tvdb2.plex.tv pubsub.plex.bz proxy.plex.bz proxy02.pop.ord.plex.bz cpms.spop10.ams.plex.bz meta-db-worker02.pop.ric.plex.bz meta.plex.bz tvthemes.plexapp.com.cdn.cloudflare.net tvthemes.plexapp.com 106c06cd218b007d-b1e8a1331f68446599e96a4b46a050f5.ams.plex.services meta.plex.tv cpms35.spop10.ams.plex.bz proxy.plex.tv metrics.plex.tv pubsub.plex.tv status.plex.tv www.plex.tv node.plexapp.com nine.plugins.plexapp.com staging.plex.tv app.plex.tv o1.email.plex.tv  o2.sg0.plex.tv dashboard.plex.tv

Domains used by Plex

pihole -w gravatar.com - custom login pictures
pihole -w thetvdb.com - metadata for tv series
pihole -w themoviedb.com - metadata for movies

Sonarr

pihole -w services.sonarr.tv skyhook.sonarr.tv download.sonarr.tv apt.sonarr.tv forums.sonarr.tv

Placehold.it (Image placeholders often used during web design. Not sure why this is even blocked in the first place.)

pihole -w placehold.it placeholdit.imgix.net

Dropbox

As described here:

pihole -w dl.dropboxusercontent.com ns1.dropbox.com ns2.dropbox.com

Fox News

as described here.

pihole -w widget-cdn.rpxnow.com

Images on Marketwatch.com

pihole -w s.marketwatch.com

Apple Music

pihole -w itunes.apple.com
pihole -w s.mzstatic.com

GoDaddy webmail buttons

pihole -w imagesak.secureserver.net

Google Chrome (to update on ubuntu)

pihole -w dl.google.com

Apple ID

pihole -w appleid.apple.com

WatchESPN

as described here.

pihole -w fpdownload.adobe.com entitlement.auth.adobe.com livepassdl.conviva.com

NVIDIA GeForce Experience

GFE requires this to download driver updates (or events.gfe.nvidia.com, but that is also used for telemetry).

pihole -w gfwsl.geforce.com

Videos not playing in times.com and nydailynews.com


pihole -w delivery.vidible.tv img.vidible.tv videos.vidible.tv edge.api.brightcove.com cdn.vidible.tv

Bing Maps Platform

as described here.

pihole -w dev.virtualearth.net ecn.dev.virtualearth.net t0.ssl.ak.dynamic.tiles.virtualearth.net t0.ssl.ak.tiles.virtualearth.net

Google Play Android updates

pihole -w android.clients.google.com

Moto phones OS updates

pihole -w appspot-preview.l.google.com

Captive-portal tests

These domains are checked by the operating systems when connecting via wifi, and if they don’t get the response they expect, they may try to open a wifi login page or similar as they believe they are located behind a captive portal.

Android/Chrome

pihole -w connectivitycheck.android.com android.clients.google.com clients3.google.com  connectivitycheck.gstatic.com 

Windows/Microsoft

pihole -w msftncsi.com www.msftncsi.com ipv6.msftncsi.com

iOS/Apple
(note that this does not cover all domains used older iOS versions)

pihole -w captive.apple.com gsp1.apple.com www.apple.com www.appleiphonecell.com

Grand Theft Auto V Online PC

Since March blocking Rockstar telemetry seems to crash GTAOnline.
Unblocking the domain fixed crashing for people at GTA Forums.

pihole -w prod.telemetry.ros.rockstargames.com

Chevrolet

Couldn’t browse inventory w/o whitelisting

pihole -w chevrolet.com

Epic Games Store

The tracking domain is required to make a purchase on the website, otherwise the order modal will appear to be loading forever.

pihole -w tracking.epicgames.com
26 Likes
Youtube 10-Second Black Screen
Steam Link negatively effected by Pi Hole
Unblocking a single devices
Windows 10 Store app updates being blocked
Windows Store not updating
Pi-Hole prevents xBox1 Hulu and Netflix updates
Pi-hole and playstation
'safe' list to use on my parents' network?
Kodi no longer working after pihole install
Windows Spotlight is blocked
An issue I've been having with Youtube
Skype connection failed
Xbox one dns problem
Smart TV, Sony KDL-48WD650
How to debug a website that doesn't work properly
Dutch (Netherlands) websites whitelisting
Xbox app not working with pi-hole enabled
What files does Pi-hole use?
Can't sign into Xbox live
Blocked Facebook
Make Pi-Hole first time setup more appealing for the masses
The pihole Command With Examples
Apple music
Why doesn't Xbox Live load while using Pi-hole?
White list "list" instead of individually?
Whitelist still being blocked
Google Play updates
Whitelist for Spotify premium account
YouTube "watched"
Pi Hole admin page needs 2 minutes to load
Login.live.com getting blocked
Pi-hole causing "additional logon information may be required" message
Xbox Live app
Dutch (Netherlands) websites whitelisting
Can't watch Fox News Live?
Images on Marketwatch.com being blocked
Windows 10 showing no internet access but I am connected to the internet
Xbox and Windows lose DNS ~every 2 days
Login.live.com getting blocked
opened #7
#8

Windows10 Update

Without the follwing Whitelist Entrys Windows10 update can’t be completed.
Default is blacklisting.

pihole -w settings-win.data.microsoft.com
pihole -w v10.vortex-win.data.microsoft.com

1 Like
#9

@hennix
That’s curious. Those are blacklisted in my pihole and I’ve gotten all windows updates

#10

I can confirm this!

Not that updates won’t be completed, you just won’t get any, when you have those two addresses blocked!

#11

Roku - ETWN App
Episode thumbnails were not loading when blocked.

pihole -w f1.media.brightcove.com

#12

Microsoft added another one, found it today when my Xbox One X complained about “Local Cache not being able to be emptied”

v20.vortex-win.data.microsoft.com

#13

Images won’t load in the cnn ios app without whitelisting

pihole -w dynaimage.cdn.turner.com

#14

does anyone have CNN whitelist? videos doesnt play.

#15

I don’t have access to edit directly (probably as I am a new user), but I just noticed a potential error in the Microsoft section, in the text area for “There are several domains discovered initially on Reddit”:

xkms.xbolive.com - should most likely be updated to xkms.xboxlive.com.

1 Like
#16

Thank you. I corrected the typo.

#17

Are you guys sure about Plex? I have nothing whitelisted and nothing is showing up blocked/pi-holed.

Edit:
Just tried - appleid.apple.com no need to whitelist.
target - needs api.target.com, redsky.target.com and profile.target.com to search their site
BJs app - needs cdn.cpnscdn.com to show pictures of products in the app

h-sdk.online-metrix.net - my banking app needed this to permit functionality on iOS. seems to be tied with ThreatMetrix

#18

It could be a few things. The blocklists are updated and change over time. It’s possible that it used to be blocked, but is no longer blocked.

In addition to the default blocklists, many users choose to add additional lists. So another possibility is that Plex may be blocked in other popular lists.

#19

Is it possible to install this list of commonly whitelisted domains all in one go from the GUI? Failing that all in one go from the command line?

#20

Try taking a look at this page for a batch command line option and more whitelisting suggestions:

Also, once you’re inside the web interface, you can navigate to the the white list section and simply copy and paste all of sites in one go.

1 Like
#21

We should add this to Whitelist too:

wdcp.microsoft.com

(from https://docs.microsoft.com/en-us/windows/privacy/manage-windows-endpoints):

This endpoint is used for Windows Defender when Cloud-based Protection is enabled. If you turn off traffic for this endpoint, the device will not use Cloud-based Protection.

wdcpalt.microsoft.com
(From https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus).

Used by Windows Defender Antivirus to provide cloud-delivered protection

tsfe.trafficshaping.dsp.mp.microsoft.com
(From https://docs.microsoft.com/en-us/windows/privacy/windows-endpoints-1803-non-enterprise-editions + https://docs.microsoft.com/en-us/windows/privacy/manage-windows-endpoints):

This endpoint is used for content regulation. If you turn off traffic for this endpoint, the Windows Update Agent will be unable to contact the endpoint and fallback behavior will be used. This may result in content being either incorrectly downloaded or not downloaded at all.

#22

Anyone know of problems resetting/setting-up slingbox when pi-hole is active? Are there specific slingbox domains that need to be whitelisted?

#23

you have to whitelist .bea4.v.fwmrm.net for mobile CNN videos to load. I am trying to figure out what to whitelist to get CNET videos to load now.

#24

How does one go about editing the wiki in this thread?
I will make a second post with my contributions grouped, until I figure this out and can merge them with the primary post.

#25

Roku - ETWN App
Symptom: Episode thumbnails were not loading when blocked.

pihole -w f1.media.brightcove.com

iOS - Ubiquiti WifiMan
Symptom: Red warning stating ip-api.com cannot be reached.

pihole -w pro.ip-api.com
pihole -w reports.crashlytics.com