DNSSEC And Wildcarding Available In Pi-hole Core 2.12 / Web 2.4

Originally published at: DNSSEC And Wildcarding Available In Pi-hole Core 2.12 / Web 2.4 – Pi-hole

We are happy to release another new version of Pi-hole (Core and Web). Your support and contributions have helped it become a reality. This release includes several fixes and tweaks, which you can read about on changes.pi-hole.net. We have also added some new features. DNSSEC You requested it and we implemented it. Once enabled, there is a…

2 Likes

Wildcards are a beautiful beautiful thing :smiley:

1 Like

Goofy question and I know I read before the YouTube ads are difficult. But I ran both of the bannerflow commands above and, at first, it was blocking excellently.. But after a bit, it no longer blocks.. Is there any way to determine if there may be another bannerflow that has kicked in? It's minor, but just wanted to ask..

Thanks..

Check the query log in the web interface.

This is a copy of the log when I searched YouTube.. Bear with me because I'm still learning about pihole and what can be done..

::: /etc/pihole/list.0.raw.githubusercontent.com.domains (7 results)

0.0.0.0 www.youtube-nocookie.com #[affects various videos]

0.0.0.0 static.2mdn.net #[affects Youtube]

0.0.0.0 s2.youtube.com
0.0.0.0 s.youtube.com
0.0.0.0 youtube.112.2o7.net
0.0.0.0 ads.youtube.com
0.0.0.0 ehg-youtube.hitbox.com

::: /etc/pihole/list.1.mirror1.malwaredomains.com.domains (2 results)
buatduityoutube.com
youtubeclone.us

::: /etc/pihole/list.2.sysctl.org.domains (0 results)

::: /etc/pihole/list.3.zeustracker.abuse.ch.domains (0 results)

::: /etc/pihole/list.4.s3.amazonaws.com.domains (0 results)

::: /etc/pihole/list.5.s3.amazonaws.com.domains (1 results)
ads.youtube.com

::: /etc/pihole/list.6.hosts-file.net.domains (2 results)
127.0.0.1 ssl-youtube.2cnt.net
127.0.0.1 youtube.2cnt.net

::: /etc/pihole/list.preEventHorizon (9 results)
ads.youtube.com
buatduityoutube.com
ehg-youtube.hitbox.com
s.youtube.com
s2.youtube.com
ssl-youtube.2cnt.net
youtube.112.2o7.net
youtube.2cnt.net
youtubeclone.us

::: /etc/pihole/blacklist.txt (0 results)

Can I wildcard entire TLDs? The .online TLD seems to me to be nothing but spam and misleading malware ads. Not sure how that would work.

Sure. There are reports here on Discourse from people who blacklisted TLDs like xyz and mobi

How would I do it with the web interface. Selecting a .tld and selecting wildcard throws the error...

Failure! Something went wrong.
.online is not a valid domain

(Everything in .online being what I desire to block.)

Or should I do this from the command line?

Why the leading . ?

To block a domain you have to add

domain.de

not

.domain.de

Same for blocking a TLD. Add

online

The leading . is not only superfluous, it is wrong (and obviously it is misleading).

I guess I was worrying that without some sort of delimiter, it would start blocking everything with the word online in it.

1 Like

We've thought of that and have protection against something like a regex match for blocking more than you intended.

Possible issue with the pihole web interface v2.4 and wildcard blocking

Hello! I'm using the notracking domain list for wildcard blocking. I've adapted the list for pihole wildcard blocking, moved it to "/etc/dnsmasq.d/03-pihole-wildcard.conf", and it works fine. The problem is with the web interface v2.4. It becomes very slow or unresponsive. It seems that it can't handle a large wildcard list.

How to solve this problem?

This list add more than 50 000 entries to the wildcard list. Neither the black- nor the whitelist features of Pi-hole are designed to be use with such a vast amount of entries. Also, the blacklist page doesn't make much sense when it is just extraordinary long. I suggest moving your manually created file to another filename so your Pi-hole will drag it in, but won't use it for displaying. In this way you can still use the wildcard blacklisting manually for creating additional entries.

2 Likes