It seems this does not work if the same domain is already on a gravity blacklist as gravity has a higher priority than custom blacklists: Blocklist vs regex preference? - #2 by DL6ER
Question:
Can ;reply= be used for regex blacklist if the same domain is already as regex within a list in gravity? If not, how can this be achieved, if at all? I tried using ;reply= with a regex whitelist rule instead, but this does also not work.
My intention:
I want to be able to change the Blocking mode (Blocking mode - Pi-hole documentation) on a domain level, if needed.
All the blocking modes (NULL, NXDOMAIN, NODATA) are dependend on the specific implementation on the calling app to be correctly interpreted. One app, which uses add-domain abc.xyz, might be ok with getting NULL reply. But the other app, which calls another ad-domain xyz.abc, might start hammering the pi-hole with queries, if it receives a NULL-reply and might act better if it gets an NXDOMAIN or NODATA.
My current tests are with regex (.|^)cws.conviva.com$ as one of the subdomains is used heavily by Disney+.
I know that 3-4 queries per second, during the time that the app runs, is not a problem for my pi-hole. And I don't want to start a discussion if it's worth the effort to even do this.
It's just that I read the docs on how to achieve it and it turned out that it's not possible because of the list priorities. Which I understand as checking gravity has a way higher performance than checking the blacklist regex.
So the question is: Can Pi-hole extensions - Pi-hole documentation be done on a Regex, which is also in gravity?
I'm also asking as, even if I create a reply-type response with regex and it works today, it might not be working anymore tomorrow as one of my list-sources puts it on their list, which will trigger a block via gravity, which will trigger the reply of the default blocking-mode instead of the one that I defined via custom rule.
You do not mention the reply type you want to supply.
If that would happen to be NXDOMAIN, you could try the following:
a) allow cws.conviva.com in Pi-hole
b) create a custom dnsmasq configuration file, e.g. /etc/dnsmasq.d/42-reply-types.conf with the following contents
Thanks for providing this method.
I did not mention he reply type as I don't know which one I need. As stated above, it is based on a per-app basis as it is dependent on the application developer and the libraries that are used for connecting to a service on how the response is treated.
Is there a similar way of doing this for NODATA? Or can you share documentation where I can find this myself to not waste your time?
I tried searching with parts of your example but was not able to find why and how this works.