Custom redirect IP address


#1

For blocking some services such as YouTube it would be helpful to be able to configure the redirect domain/IP address when using regex filtering with FTLDNS.

At the moment BLOCKINGMODE only has options for using PiHole’s IP and built in web server, but for YouTube and doubtless other services that causes problems. To effectively block YouTube ads we need to redirect all YouTube ad servers via regex to googlevideo.com (or one of its IP addresses).

Simply blocking these servers causes the YouTube app to keep trying different ones endlessly and the video does not play. Redirecting to the PiHole web server does not work because YouTube uses HTTPS and probably pinned certificates too.


#2

How would this work, redirect blockthisdomain.com to googlevideo.com’s IP address (which is all we can do, we only deal with IP addresses) and any response from googlevideo.com will be rejected by the client as the certificate from googlevideo will not cover blockthisdomain.com?


#3

For whatever reason redirecting the YouTube ad server domains to googlevideo.com works. That domain coordinates the video servers in some way, and must be returning a response that the app is happy with (maybe just any HTTPS 404 with a valid Google cert, who knows).

The problem is that there are thousands of YouTube ad server domains and backlisting them manually is aiming for a constantly moving target. A regex works great but because it can’t redirect to googlevideo.com it breaks the YouTube app.


#4

It sounds like you need a proxy to inspect the requested domain, compare to a regex filter, and return the domain you need.


#5

In the olden days yes, I would have used a proxy. But because it’s HTTPS and you can’t install your own certs on most smart TVs a proxy isn’t going to work.


#6

If it can’t be done with a proxy, how would Pi-Hole do it?


#7

Sorry, I thought you meant an HTTP proxy. A proxy inspecting DNS requests… Well it’s possible but PiHole is so close to being able to do it. With dnsmasq you can redirect as explained here, but not with FTLDNS which is needed for the regex.

Looking at dnsmasq_interface.c it looks like IPV4_ADDRESS is used for this redirect, so the first thing to do is manually try setting this to a googlevideo.com IP address and see if it has the desired effect. Then we can think about how to proceed - I suppose the ideal solution would be to have a per-regex redirect rather than a global one.

I’ll give it a try. Unfortunately I don’t have my main development machine at the moment so building PiHole to test patches could be tricky. I’m running it on a Pi, I guess I could build on that.


#9

Okay, well the good news is that my plan works and the redirect does as I expected. The bad news is that the regex is a killing YouTube again and need improvement.