You are trying to load an IP for strict.bing.com that likely does not provide the correct https certficate. Without the correct site SSL certificate, the site will not load.
You are essentially spoofing the website.
Where are you trying to add that? I think you're trying to use it as a blacklist which isn't the right place for adlists.
Have patience. You're getting free support on a Sunday from volunteers.
2 Likes
I appreciate the help.. the link is a list of domains to block for HTTPS bypass...it's not an adlist.
The issue I'm having is I am using my router to implement SafeSearch, but firefox doh feature completely bypasses any filtering..so I was told that adding that list of domains can help block the domains that browsers use for DNS over HTTPS...and it does work..but they are over 700.
I was told I can just add the link to the Domains field and it gets updated automatically just like the adlists.
ok, so that's what I am doing wrong... now, what do I need to do?
Not quite.
You now have defined both bing.com and strict.bing.com as A records, where you'd want bing.com to be a CNAME pointing to strict.bing.com - just as you had it before (and noone has asked you to change that).
HTTPS may still ruin your endeavours, but its worth a try.
Pi-hole already employs the Firefox DoH canary domain, which should prevent Firefox from using DoH.
For other browsers, you may have to disable DoH explicitly in your respective browser's options.
well, whenever I enable DNS over HTTPS in Firefox it works and any filtering is completely bypassed.
Specially SafeSearch.. I use Dnsmasq on my router to enforce SafeSearch, but Firefox ignores it as it should because of doh is enabled....so I was thinking, maybe if I enforce SafeSearch in Pihole...but I see I can't and I've searching, but I can't seem to find how to do it.. I get notified of what Im doing wrong...but not what I need to right and how.
Could you elaborate how you do this?
Are you perhaps forcing Firefox to use DoH ("DoH always" preference)?
You were told wrong. Only adlists can be accessed via URL. Domains need to be entered directly into your Pi-hole instance.
If this is the case, then adding these domains to your Pi-hole will have no effect, since traffic from that browser won't go through Pi-hole and you won't get requests for those domains from that browser.
Yes.. I am enabling DNS over HTTPS in Firefox on purpose because I want to find a way to prevent that feature from bypassing SafeSearch... I don't want any user doing that.
Don't do this. When you enable DoH in the browser, it will do exactly as you have specified. DNS traffic will go somewhere other than Pi-hole (i.e. to a DoH server).
The link I posted that has over 700 domains... if I add all those domains individually, it seems to block firefox's DNS over HTTPS...but, I don't want to add those 700 individually because I want them to be updated automatically using the link. - - I have already tested and it does block dns over https.
Add the following URL to your adlists:
https://raw.githubusercontent.com/jumpsmm7/GeneratedAdblock/master/NoBypass.list
Run pihole -g and update gravity, and all those domains should now be in your gravity list.
1 Like
YES.. that seems to have worked... I wonder why they told me to add it to the domains section.
Now firexfox is not bypassing safesearch with dns over https... thanks so much!!
All this time all I needed is to add it to the adlist..lol.. that's what I get for not knowing anything.
Thanks again.
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.