How do I block ads on YouTube?

From what i can tell the pi could never handle that amount of entries.

I also found that youtube connect to 3 things on the "" domain:
and then the ones with the fingerprint.

But the white list does not seem to work on wildcard entries. So i cannot seem to exclude those entries to test.


Yes. Due to the way wildcards work it is not possible to whitelist any domains (the wildcard will always take preference in the DNS server backend!).

1 Like

Would there not be any way to add a regular expression to the lists? This would make it very easy to add any kind of crap google seems to try here.

1 Like

No, the way DNS works is the limiter here. Let's oversimplify things a bit, so it gets more obvious why wildcard blacklisting does what it is doing: Let's assume we want to visit

  1. The root servers will be asked if they know .de and us an address for a server that knows all domains that are provided under .de

  2. The .de server will know the host name and will return the address of the server that manages

  3. This server will eventually be asked for the address of and will give us the final address to which we will connect.

You see, DNS works from right to left. If we now wildcard block none of the above steps will happen. Instead, the Pi-hole will immediately answer its own IP (regardless of the subdomain).

I know that this might be inconvenient but rest assured that we had some sleepless nights, scratching our heads how to make it better and there seems to be no better way with the DNS resolver dnsmasq which we are using.

1 Like

Thanks for the information.

Using this post:

I was able to white list the mentioned domains, and the tail log shows it's going trough, but there is still no video.
Also, using this method still shows it as piholed in the query log. But the tail log shows it going trough.
This leads me to believe that this wont work.

Well, Yes and No. Let me explain:

Yes, indeed, this method works. However, we did not implement it in the way you added it now, since (due to the right-to-left nature) this is also a wildcard whitelisting.

Say you wildcard blocklist and wildcard whitelist While e.g. will still be blocked, will be permitted. This might be unexpected.

No, it shows it because it matches the wildcard blacklist filter. The wildcard whitelisting is not (officially) supported and hence the filter does not know about it.

This could indeed give problems, but for testing this instance it would white list what i needed, so the test is still valid.
It blocked all calls to any of the "fingerprinted" domains and let the 2 aforementioned domains trough, still no video. This means that youtube does not only send it's adds via those domains, but also the content. So blacklisting it, with a wildcard or otherwise, is not our solution to blocking these adds.

This is a greatly appreciated result!

Isn't it possible to make the name itself accept wildcards? So then we don't wildcard a whole domain.
What i mean is this:
Current situation is to wildcard blacklist example.domain so everything that has that domain is blacklisted.

What i hope we can achieve is this: some*.example.domain where the * is the wildcard. So everything like the following domains are blacklisted:

but helliamallowed.example.domain is allowed and not blacklisted?

I hope the point i'm hoping to make is clear enough. I think it must be implemented by a sort of mask like an ipv4 mask. everything that hits the mask is blacklisted and everything thats not is allowed through.

Yes, I understand your request and would be really happy to do this. However, you have to keep in mind that we use the DNS resolver dnsmasq in the backend. This service is not capable of doing like you suggested. Therefore, we can not offer this to our users. Even if we would find the time to implement this in dnsmasq (which is close to impossibel with the current workload of us developers) we would still have to wait quite some long time until the new version of dnsmasq is shipped with the distributions package systems.

I understand yes, I don't know much about dnsmasq so thats to bad :frowning:

Thanks for replying and taking the time to explain. And thanks for developing this, its awesome :slight_smile:

I have checked and it shows few domains related to Does it changes each day?

Like i posted before, the content AND the adds come from the same domains.
So blocking these domains is not a good idea.
You wil end up blocking both the adds and what you want to see.

Sadly this is not the solution to YouTube adds. Still looking for more, but pretty sure we cant block YouTube adds via domain.

I have to admit that I never see any ads on Youtube. I cannot tell what might be the reason, but I guess it is a mixture of my conservative use of Youtube (mostly only classical music videos) and the interval I watch videos (less than one per day, usually). I let the movies run in the background but I'd hear if there would be some ads content.

I heard people talking about some "yellow stripes" on the timeline but I clicked through a couple of videos (even fairly long ones) and have not been able to find such stripes, e.g.

Although there is always such a yellow stripe at the beginning of the timeline, I never see any ads at the beginning of the movie.

More details on my local setup if you are interested:

  • Up-to-date Pi-hole with only stock lists
  • Up-to-date Linux Mint + up-to-date Chrome browser
  • No adblocking related browser plugins (I use Zotero Connector, ZenHub for GitHub, RemoveCookieFromSite and Session Buddy).
1 Like

Any further developments?

According to the above reply this might not work.
However trough my (short!) tests I haven't seen any ads whilst using pi-hole to block the subdomains.

Anyhow, to automate a lot of the manual steps I made a script.

So you will need the unoffical dns dumpster API from here: GitHub - PaulSec/ (Unofficial) Python API for
I cloned this git to a folder /etc/dnsdumpster/ with the commands:

mkdir /etc/dnsdumpster
git clone /etc/dnsdumpster

If everything went according to plan you should now have 4 files in the above folder amongs which should be:


Make sure you have python and pip installed and use the following commands:

cd /etc/dnsdumpster
pip install -r requirements.txt

Now edit the using vi
you have to edit the line

res = DNSDumpsterAPI(False).search('')

to the following

res = DNSDumpsterAPI(False).search('')

Now this should make the example api output everything that dnsdumpster shows/does

Next is to make a script in /etc/pihole, I named it
It should contain the following code:

rm /etc/dnsdumpster/youtube-domains.txt
rm /etc/dnsdumpster/youtube-filtered.txt
rm /etc/dnsdumpster/youtube-ads.txt
python /etc/dnsdumpster/ > /etc/dnsdumpster/youtube-domains.txt
grep "^r" /etc/dnsdumpster/youtube-domains.txt > /etc/dnsdumpster/youtube-filtered.txt
sed 's/\s.*$//' /etc/dnsdumpster/youtube-filtered.txt > /etc/dnsdumpster/youtube-ads.txt
cp /etc/dnsdumpster/youtube-ads.txt /var/www/html/youtube.txt
pihole -g

Make the script executable:

chmod +x /etc/pihole/	

Now you should do the following to add your youtube.txt to the block lists in pihole:

cp /etc/pihole/adlists.default /etc/pihole/adlists.list
vi /etc/pihole/adlists.list

In this file add the following to the bottom:

# My local list

Save the file and edit your crontabs to automate the process

crontab -e

Add the following line:

0 0 * * * /etc/pihole/

This should run the script daily and might remove youtube ads.

-- I am by no means a linux/pi-hole expert, the above is what I did to make it work.
Sure things could be better and if anyone has anything to add, please do tell me!
All I know is that for me it seems to work using the above.


I added to your bash script -- also modified the line where you 'cp' and instead append -- with your method, it overwrites the file after each run

rm /etc/dnsdumpster/youtube-domains.txt
rm /etc/dnsdumpster/youtube-filtered.txt
rm /etc/dnsdumpster/youtube-ads.txt
python /etc/dnsdumpster/ > /etc/dnsdumpster/youtube-domains.txt
grep "^r" /etc/dnsdumpster/youtube-domains.txt > /etc/dnsdumpster/youtube-filtered.txt
sed 's/\s.*$//' /etc/dnsdumpster/youtube-filtered.txt > /etc/dnsdumpster/youtube-ads.txt
cat /etc/dnsdumpster/youtube-ads.txt >> /var/www/html/youtube.txt
#greps the log for youtube ads and appends to /var/www/html/youtube.txt
grep r* /var/log/pihole.log | awk '{print $6}'| grep -v '^\|redirector' | sort -nr | uniq >> /var/www/html/youtube.txt
#removes duplicate lines from /var/www/html/youtube.txt
perl -i -ne 'print if ! $x{$_}++' /var/www/html/youtube.txt
#updates pihole blacklist/whitelist
pihole -g

My additions scans the 'pihole' logs and pulls ones that may be missed. Then it removes duplicates from the file '/var/www/html/youtube.txt'

...I also changed the 'cron' to run every 5 minutes so it grabs more.

....It's definitely ugly looking but it works..

That does not seem to be a good idea, depending on the hardware you are using that means that your Pi-hole will not respond for several seconds every 5 minutes. Might annoy users on your local network.

Ah you're correct -- the DNS service takes about a millisecond blip running on my RPi3 -- which is also a RetroPie. I ran these 2 commands simultaneously:

# time pihole -g
# for i in {1..1000} ; do pihole status; done | tee /root/test.txt

I've tested a few times and have only been able to catch "DNS service is stopped" once in the logs through my 1000 status checks. The overall task of running 'pihole -g' takes about 16 seconds on my device. I did check the bash script that is called when 'pihole -g' is run and it's located at '/opt/pihole/' by default on my device. It looks like the only call that would affect service is 'systemctl restart dnsmasq'. I may be wrong.

I'm going on <24 hours of using Pi-Hole so I'm in no way an expert -- my "Upstream DNS" is listed as and my Router's primary DNS is the Pi-Hole but the Secondary is so I believe either way I'm covered as far as DNS...

Nonetheless, DL6ER, I took your advice and changed the 'cron' to run every 6 hours instead of 5 min. Thanks!


iam a real newbe at linux i have to learn so many things.

I also tried the way from Giblet.
It worked for me but then i have some trouble with youtube.

Browser: Videos loading with some delay (3-5sec). So no problem for me on PC.
Apps (Smarphone, Tablet, TV): Nothing works anymore. Will not load anything and will generate error messages on TV.

There are some difference between browser and apps but that's way a bit too complex for me.

At the end i deactivated this script. On my PC I will continue to use adblock+ and on the other devices i will watch some ads like before.

I think it was a good try but google will probably not make it so easy for us.
It seems google delivers the advertising and the videos partly about the same address.
You can check this with noscript or any similar javascript addon. Just allow sub addresses one by one until the video will start. Then try another Video.
So the way we find and collect the addresses is not the problem.

BUT I like all your work and will follow it up.
Iam not as good to find a solution but I can help to try suggestions.

best regards