Major overhaul of the domain, adlist and client managment

low_rider · February 6, 2023, 10:36pm

It's just complicated. So, first, I have to manually create a txt file with domains, name that, add it with

file:///path/to/file

Then, assign that adlist to a client.

So, if I ever want to change that adlist, the only thing I can do is log in to the main system, edit the file there, save it, update gravity lists, test it, rinse and repeat.

I am not a fan. I think it can be vastly improved.

My use case, let some microsoft domains through on my xbox that share the same name as my windows PC. To do this:

I check the query log (set to 100, checking multiple pages) and only show permitted, hoping I didn't block one that I need to use, and probably did. So I turn on both, and turn off all other devices and go through the log, testing on the 'default' list.
Then, after maybe half an hour or more of testing, I then make an adlist as described above, and assign it to a client.

Just reading that may sound simple but it's NOT something any human being would enjoy doing, and most people who have never used something like pi-hole would just give up.

My recommendation:

Allow queries logged or in the domain management to be added in the GUI to any adlist--or even create one right there in the web interface. None of this host system file editing, updating gravity lists etc, just to do the proposed domain blocking per-client. This would allow me to just click on a domain that I want to allow or block for any client. In fact, I'm shocked it's never been implemented yet.

Addition: Another issue I have is the clients page. There's NOTHING I can do except turn something on or off. For someone who basically wants to block absolutely everything, I'd like to see this screen have a lot more options.

I want to see on the clients page, a way to click on each client, and see what domains are blocked or allowed on each client. This would 100% nullify the need for custom adlists which is exactly what I (and I assume many others) would like to be able to do.

chrislph · February 6, 2023, 11:51pm

Pi-hole uses adlists – externally curated URL-accessible blocklists – as the main source of domains to block. Pi-hole ingests the domains on these lists into its so-called Gravity database. Once a week it will re-check these lists for changes.

To manage your own domains there is a different mechanism using whitelist and blacklist domains and regular expressions. While you certainly could create your own adlist and add it via a file URL, that will require you to maintain the adlist outside of Pi-hole and import changes via Gravity updates, just like any other adlist. As you've experienced, that's fairly high friction and not ideal, especially if the domains on that list are coming out of Pi-hole in the first place.

The intended usage for adlists is that you get your adlists, managed elsewhere, mostly correct and then adjust using blacklist and whitelist domains and regular expressions.

These are correctly managed as domain blocks and can be added right there from the Query Log or Long-term Data > Query Log or Tools > Audit log using the Blacklist buttons. You can label them in Domains and this will allow you to instantly show just your custom domains for editing as needed right there in the interface. You can also create a custom group for them in Groups, assign them to that group, and use that to toggle their use on and off or on a per-client basis in Clients.

The Settings > Teleporter feature will let you save a backup of these changes so you have a quick way to pull them back in if needed in future, for example if you create a fresh install of Pi-hole.

See above, this per-client domain blocking/whitelisting functionality has been available for a long time.

In the Clients screen you can see which groups are in force for a particular client. You can set these groups up however you want. There's an example on Pi-hole Docs, and if you have a play around with it for a while you'll see how powerful it is.

low_rider · February 7, 2023, 1:09am

So if I am reading this correctly, I still have to make a custom adlist, as that's the design, but if I do it right, I can add this adlist to a client? I just feel the entire flow needs to be shuffled around because it seems overly complex.

I'll screw around with it tomorrow and let you know how far I get because I'm certain this really needs to be simplified.

So tomorrow I want to figure out how to have both a custom whitelist as well as a custom blacklist per every client.

I may want to just leave default for most blocking, but for things like

login.live.com

Not sure if I need it or not for xbox functionality, still testing, I want it blocked in default, but in a whitelist or "disabled" as a blacklist I guess, I'm a bit confuaed by the whole idea, and I just have a feeling there is no way I'm the only one who hasn't figured this out yet.

chrislph · February 7, 2023, 2:35am

There are a few ways to achieve what you want; they differ by how manageable they are as they scale up. Whitelisted domains take priority over blacklisted or adlist domains.

Single domain

If the domain login.live.com is already blocked go to Domains and add a whitelist entry for it. This will override the block. Give it a description like "Testing xbox functionality". Now you can toggle that domain being whitelisted on and off using the green slider switch.

If the domain login.live.com is not already blocked, you can instead add a blacklist entry for it. Create entry similar to above and add to blacklist. Now you can toggle that domain being blacklisted on and off using the green slider switch.

Per adlist

Turn off and on the blocking of all domains in an entire adlist in real time using the green slider switch next to it in the Adlist section.

Per client

By default all clients, custom domains and adlists are part of the Default group. Adding custom groups gives the most control, requires the most prep. You only have to do this once then it's a case of maintaining it as your needs change.

In Groups create a dedicated client group for each client. These will be used to group together white and blacklist domains or adlists for each client.

If you want to assign an entire adlist to a client, find it in Adlists and change its group to the required client group or groups and make sure it's not in Default.

Use the Whitelist and Blacklist buttons in the Query Log to flag your domains. Or add them directly in the Domains section. In the Domains section edit the group for each entry and assign it to the required client group and make sure it's not in Default.

Finally go into the Client section and find each client you need to control seperately and click Add to put them in the list below. Now change the group for each client so that it is in both Default AND in its dedicated client group.

Now each client will get the same blocking as normal from the Default group, and it will also get additional blocking or whitelisting from any adlists, blacklist domains or whitelist domains assigned to their dedicated group.

You can now turn that client's entire customisations off and on in Groups by using the green slider next to their dedicated group. With their group off they continue to get the blocking and whitelist they already had from the Default group.

Use the Settings > Teleporter backup feature to save all your work periodically as needed.

system · August 7, 2023, 8:14pm

This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.