TDAmeritrade website will load, but pi-hole blocks some functionality (like trading stocks) because they are using an app-tracker. The whitelist needed to make it work:
cdn.appdynamics.com
tags.tiqcdn.com
When I turned Unbound on, Disney+ stopped working across all my devices. When I turned Unbound off (by setting the DNS to Google or Cloudflare), it worked again.
I canβt play (neither stream nor download) podcasts on Spotify for some while on iOS.
(moved to a separate topic @ Spotify podcasts on iOS app)
Since I have this regex .* on my PiHole cluster blacklist to make everything going flawless when remotely working with Microsoft enterprise stuff from home in EU I was forced to audit for a whole day, whitelisting and validating (and it was so funny).
As today it's working like a charm 
My PiHole setup is quite crazy:
- Proxmox over Intel(R) Atom(TM) x5-Z8350 CPU @ 1.44GHz (1 Socket, 4 core)
- 4GB ram, 500GB USB attached SSD Sandisk
- Proxmox mount 1.5 GB ramdisk at /mnt/ramdisk
- Proxmox vm_swappiness=10 (swapoff before of course, never used swap btw)
- LXC Alpine with Nginx as TCP/UDP proxy to 2 pihole backend nodes, whole LXC on ramdisk
- LXC Alpine with PiHole, whole LXC on ramdisk
- LXC Alpine with PiHole, whole LXC on LVMthin
- PiHole customization: RATE_LIMIT=100000/10
dnsperf max r/s: 3900 (0% requests lost, 40% overall load, 5Β° temperature increase)
When tested against a single ram node mode I got 2200-2300.. whenever ram or disk node.
I'll try to raise the limits and update this note 
2.tlu.dl.delivery.mp.microsoft.com
4.tlu.dl.delivery.mp.microsoft.com
aad.cs.dds.microsoft.com
api.flightproxy.teams.microsoft.com
authsvc.teams.microsoft.com
browser.events.data.microsoft.com
browser.pipe.aria.microsoft.com
chatsvcagg.teams.microsoft.com
codepush.teams.microsoft.com
config.teams.microsoft.com
cp801.prod.do.dsp.mp.microsoft.com
csp.microsoft.com
devicelistenerprod.microsoft.com
edge.microsoft.com
emea.ng.msg.teams.microsoft.com
eu-v10.events.data.microsoft.com
eu-v20.events.data.microsoft.com
europe.cp.wd.microsoft.com
europe.smartscreen-prod.microsoft.com
europe.smartscreen.microsoft.com
fe3cr.delivery.mp.microsoft.com
geover.prod.do.dsp.mp.microsoft.com
go.microsoft.com
go.trouter.teams.microsoft.com
has.spserv.microsoft.com
ic3.events.data.microsoft.com
login.microsoftonline.com
mamservice.manage.microsoft.com
northeurope-prod-4.notifications.teams.microsoft.com
officecdnmac.microsoft.com
officeclient.microsoft.com
presence.teams.microsoft.com
r.manage.microsoft.com
self.events.data.microsoft.com
settings-win.data.microsoft.com
teams.events.data.microsoft.com
teams.microsoft.com
tsfe.trafficshaping.dsp.mp.microsoft.com
whiteboard.microsoft.com
winatp-gw-neu.microsoft.com
www.microsoft.com
teams.office.com
nexusrules.officeapps.live.com
config.fp.measure.office.com
upload.fp.measure.office.com
substrate.office.com
outlook.office.com
officeclient.microsoft.com
outlook.office365.com
ecs.office.com
res-1.cdn.office.net
mrs-efz.ms-acdc.office.com
nleditor.osi.office.net
outlook.ha.office365.com
clients.config.office.net
outlook-1.cdn.office.net
statics.teams.cdn.office.net
officecdnmac.microsoft.com
officeci-mauservice.azurewebsites.net
emea.pptservicescast.officeapps.live.com
nexusrules.officeapps.live.com
login.live.com
storage.live.com
g.live.com
emea.pptservicescast.officeapps.live.com
## this will be aggregated and updated soon
1 Like
TSB Bank (UK)
This is now...
check2.tsb.co.uk
Some regex, like the reddit ones and whatsapp ones have to be quoted or bash would treat them differently. Remember to use single quotes.
1 Like
The WhatsApp entry returns syntax error:
pihole -w wa.me
pihole -w www.wa.me
pihole --white-regex ^whatsapp-cdn-shv-[0-9]{2}-[a-z]{3}[0-9]\.fbcdn\.net$
pihole --white-regex ^((www|(w[0-9]\.)?web|media((-[a-z]{3}|\.[a-z]{4})[0-9]{1,2}-[0-9](\.|-)(cdn|fna))?)\.)?whatsapp\.(com|net)$
[i] Adding wa.me to the whitelist...
[β] Reloading DNS lists
[i] Adding www.wa.me to the whitelist...
[β] Reloading DNS lists
[i] Adding ^whatsapp-cdn-shv-[0-9]{2}-[a-z]{3}[0-9].fbcdn.net$ to the regex whitelist...
[β] Reloading DNS lists
-bash: syntax error near unexpected token `('
You need to quote the regex.
Hayu video
To get Hayu video streaming working again on nVidia Shield and Fire TV apps I had to whitelist the following domain:
imasdk.googleapis.com
Couldn't find anywhere else on the internet, hope this helps others.
Certainly helps my WAF!
Seems to be a recent change to either Hayu app or one of my subscribed blacklists.
2 Likes
Globoplay - Brazilian TV Stream service
It seems only to affect the Apple TV version.
horizon.globo.com
horizon-track.globo.com
Im trying to make sure my apple products only have the access they need. I saw @Makias post and was wondering if this is still current or needs updating since the post dates back to may 2020. I appreciate all the help this Topic has given by the way its very much appreciated.
is this right? s{1..5}.symcb.com it's looking kinda funky and pihole doesn't seem to like it either:
Domain s{1..5}.symcb.com is not a valid domain because it contains invalid characters.
Added 0 out of 1 domains
That is a regex, and you are trying to enter it as a domain. Since it isn't a domain, you are receiving the error.
I did try both, as normal domain pihole does not allow me to add and as regex it does allow me to add BUT then I receive errors in diagnose
It's not a valid regex for domains. If you want to do from 1 to 5 of the preceeding s, the syntax is
s{1,5}.symcb.com
Using the form with the s{1..5}.symcb.com means the braces are taken literally, and they're not valid domain characters so you receive Pi-hole diagnosis warnings until you delete the entry.
2 Likes
Given that the post has an easy option for copying the commands (hover on command, click on copy), would it make sense to modify the post to add the single quotes to the commands that use regex? I also encountered this issue, and had to do all the regex commands manually.
Looks like the PBS app on AppleTVs requires whitelisting 'pubads.g.doubleclick.net' or the video will not play (though audio can be heard in the background.
PBS has inserted their own 15 or 30-seconds ads at the beginning of any content.
Apple Maps
With these domains whitelisted I got Apple Maps working. (Map explore and satellite; street view; i am not sure if traffic and public transport are working 100%)
pihole -w gspe19-ssl.ls.apple.com
pihole -w gspe72-ssl.ls.apple.com
pihole -w gspe11-ssl.ls.apple.com
pihole -w gspe35-ssl.ls.apple.com
For streaming several channels (like ServusTV or WELT) on Fire HD tablets with Waipu.tv (app), whitelisting
imasdk.googleapis.com
seems to be necessary (otherwise channels won't load at all).
Disclaimer: With little to no knowledge on this domain I believe whitelisting this might introduce ad issues on other places (according to Commonly Whitelisted Domains - #41 by maxsteel or Werbung in Pro7 App auf FireTV).
I'm a bit new to this. Recently arstechnica.com can now detect usage of ad-blockers and throwing up a dialog to subscribe. I'd like to whitelist it but whitelisting the domain arstechnica.com does nothing. How can I accomplish only whitelisting the ad serve domains that arstechina is serving to me? Is there any way to only whitelist ad domains that are served from a particular site, but block them if they are served from other sites?