How to block youtube completely?

Please follow the below template, it will help us to help you!

Expected Behaviour:

Youtube should be blocked. Here's a screenshot with the filters I used.

image1920×1080 316 KB

Actual Behaviour:

Youtube is NOT blocked. However, using the same filters youtube WAS blocked for one day, then it's working again as if the filters were not there at all.

Debug Token:

[Replace this text with the debug token provided from running pihole -d (or running the debug script through the web interface]

You buy YouTube premium.

So is Pi-Hole not able to block youtube vanilla version?

If you took the time to search our forums, you could have spared yourself from typing up a new topic.

This has been asked over and over and over in this forum, and there have been plenty of largely futile attempts to get around it.

At DNS level, a domain that serves both wanted (like videos) and unwanted content (like ads) cannot be blocked, unless you are willing to block the wanted content also.

I am not sure what in my original post made you think that I want to block youtube ads. I said I want to block youtube. Both wanted and not wanted content.

I applied the filters you can see and both wanted and unwanted content is still playing. Is there a solution to that?

Ah, I see.
That intention isn't quite clear from your topic's current wording.
You may want to adjust your title accordingly, to attract the right group of users to share their experience.

I'm not aware of any blocklist that would block Youtube in its entirety. Also note that blocklists are maintained by their respective list curators, independently from Pi-hole.

To find out about involved domains yourself, you'd have to watch Pi-hole's Query Log for domains im much the same way you'd hunt for ads:

I thought it could be done with a filter - do I need a blocklist to block one domain?

(I changed the title of the post, I hope it is more clear now)

If I search the query log for "youtube" I get zero results...

This indicates that the client on which you are able to load YouTube is not using Pi-hole for DNS. The client apparently is using a different DNS.

Pi-hole records all queries in the query log, and it appears that your regex to block YouTube is correct.

From the client in question (the one on which you are able to load YouTube), and directly from the terminal or command prompt on that client (not via ssh to Pi-hole), what is the output of the following:

nslookup youtube.com

I thought this was in a Feature Request and was about completely blocking youtube ads. I apologize if I was incorrect. That sometimes happens when I'm answering user questions at 2 AM.

As others have noted, the screenshot regex should be sufficient in blocking anything with the youtube domain, if it is not then the clients are either not using Pi-hole or they have more than Pi-hole as their DNS server and are getting around Pi-hole with the other DNS servers.

thank you guys, I found what the problem was - the computer I was using to see if youtube still loads is my work computer that uses a VPN. youtube is blocked for the other computers.
learning something every day...

well there's something else going on
I am trying to block my son's access to youtube. I don't care if I block the entire network accessing youtube.
But it still doesn't work.
With the filters in place as per my first screenshot my phone for example is not able to access youtube but my son't laptop is.
I checked if he installed a VPN, there's no VPN.
I modified his wifi adapter settings to use the Pihole as DNS. That worked until I disabled and re-enabled the pihole. After re-enabling, the filtering is not applied anymore.
I tried other computers on the network, for phones for example access is blocked as per filters, for laptops it's not.
Am I missing something or are there limitations to pihole and I need to look for something else?
What am I missing?
same thing happens with other sites, like evowars.io - it is blocked on my phone, not on my son's laptop.

nslookup youtube.com returns this (192.168.1.87 is the IP address of the PiHole device)

C:\Users\dmatiesa>nslookup youtube.com
Server: raspberrypi
Address: 192.168.1.87

DNS request timed out.
timeout was 2 seconds.
Non-authoritative answer:
Name: youtube.com
Addresses: 2a00:1450:4016:806::200e
216.58.207.142

I notice this: the filters work until I disable the PiHole from the "disable" option. Once I re-enable PiHole the filters are not working anymore. In other words, PiHole stays disabled even after it is re-enabled from this menu option.
Is there some procedure to ensure that pihole is truly enabled?

debug token
https://tricorder.pi-hole.net/5826q1g01e

Run ipconfig /all and look at what DNS servers are listed on the laptop.

*** [ DIAGNOSING ]: Setup variables
    DNSMASQ_LISTENING=local
    PIHOLE_DNS_3=208.67.222.222
    PIHOLE_DNS_4=4.2.2.1
    PIHOLE_DNS_5=8.26.56.26
    PIHOLE_DNS_6=84.200.69.80
    PIHOLE_DNS_7=9.9.9.9
    PIHOLE_DNS_8=9.9.9.10
    PIHOLE_DNS_9=9.9.9.11
    DNS_FQDN_REQUIRED=true
    DNS_BOGUS_PRIV=true
    DNSSEC=false
    REV_SERVER=false
    PIHOLE_INTERFACE=eth0
    IPV4_ADDRESS=192.168.1.87/24
    IPV6_ADDRESS=
    PIHOLE_DNS_1=9.9.9.9
    PIHOLE_DNS_2=149.112.112.112
    QUERY_LOGGING=true
    INSTALL_WEB_SERVER=true
    INSTALL_WEB_INTERFACE=true
    LIGHTTPD_ENABLED=true
    BLOCKING_ENABLED=true

You have way too many upstream DNS servers configure, and at least one duplicate. Just use two upstreams.

You need to go back to stock and try again:

There are malformed regex:

   2        3        1  0             (\.|^)youtube\.com$                                                                                   2020-10-12 06:37:48  2020-10-21 09:37:32                                                    
   3        3        1  0             (\.|^)googlevideo\.com$                                                                               2020-10-12 06:41:40  2020-10-20 08:02:55                                                    
   4        3        1  0             (\.|^)diep\.io$                                                                                       2020-10-12 09:29:57  2020-10-12 09:29:57  Joc tancuri                                       
   5        3        1  0             (\.|^)evowars\.io$                                                                                    2020-10-16 09:08:57  2020-10-21 10:57:43                                                    
   14       3        1  0             (\.|^)0\.0\.0\.0	accounts\.epicgames\.com$                                                            2020-10-16 10:30:16  2020-10-16 10:30:16                                                    
   15       3        1  0             (\.|^)0\.0\.0\.0	accounts\.launcher-website-prod07\.ol\.epicgames\.com$                               2020-10-16 10:30:16  2020-10-16 10:30:16                                                    
   16       3        1  0             (\.|^)0\.0\.0\.0	accounts\.nintendo\.com$                                                             2020-10-16 10:30:16  2020-10-16 10:30:16                                                    
   17       3        1  0             (\.|^)0\.0\.0\.0	accounts\.xboxlive\.com$   

You have YouTube as a regex block for group 0:

*** [ DIAGNOSING ]: Domainlist (0/1 = exact white-/blacklist, 2/3 = regex white-/blacklist)
   id    type  enabled  group_ids     domain                                                                                                date_added           date_modified        comment                                           
   ----  ----  -------  ------------  ----------------------------------------------------------------------------------------------------  -------------------  -------------------  --------------------------------------------------
   2        3        1  0             (\.|^)youtube\.com$                                                                                   2020-10-12 06:37:48  2020-10-21 09:37:32                                                    

But the laptop is in group 1:

*** [ DIAGNOSING ]: Groups
   id    enabled  name                                                date_added           date_modified        description                                       
   ----  -------  --------------------------------------------------  -------------------  -------------------  --------------------------------------------------
   0           1  Default                                             2020-08-20 21:14:26  2020-08-20 21:14:26  The default group                                 
   1           1  <redact>                                            2020-10-16 10:42:32  2020-10-16 10:42:32  <Redact>                                

*** [ DIAGNOSING ]: Clients
   id    group_ids     ip                                                                                                    date_added           date_modified        comment                                           
   ----  ------------  ----------------------------------------------------------------------------------------------------  -------------------  -------------------  --------------------------------------------------
   1     1             192.168.1.75                                                                                          2020-10-16 10:42:00  2020-10-16 10:42:52  <Redact>                                    

So none of the regex'es from Group 0 will apply to the laptop in Group 1.

You have 1,041 regex formatted like this, with the leading 0's. Were these generated from a generator, or did you find them online?

(\.|^)0\.0\.0\.0 www\.epicbundle\.com$

You can quickly delete all of your regex with this SQL command, then start adding correct regex one at a time.

sudo sqlite3 /etc/pihole/gravity.db "delete from domainlist where type=3;"

so, I removed all those 1000+ wrong regex entries
but now the blacklist does not have a group column anymore so I cannot assign a filter to a group or tell to which group will a filter apply

image1920×1080 331 KB

this seems to solve a lot - now what is blacklisted is also blocked

It never had. Go to Group Management /Domain.