Use 0.0.0.0 instead of DNS IP in blocklists


#1

I noticed that gravity.sh creates blocklists that redirect to the Pi’s own IP-address.

I’ve used dnsmasq (a lot) in the past and I’ve always been told that redirecting clients to the DNS IP or 127.0.0.1 will take longer than a redirect to 0.0.0.0.
That’s because 127.0.0.1 (and the Pi-hole’s IP) will have the client wait for a time-out, while 0.0.0.0 will force the client to drop it immediately.

There are a lot of sources out there that support this practice. I will reference just one here:

I would like to propose a change to create blocklists which use 0.0.0.0 (IPv4) and :: (IPv6) in stead of the current method.


#2

Pi-hole replies with an empty response (or the block page when appropriate), so there is no real performance gain by using 0.0.0.0. You can make Pi-hole use that IP though, and Pi-hole even automatically uses it if you install without the web interface.
It may be true that redirecting to 127.0.0.1 has a timeout, but not Pi-hole.
Also, when using 0.0.0.0, there will be many errors on the page where there would be empty space with a redirect to Pi-hole.


#3

Correct. Pi-hole itself will not suffer. However, the client will.

On heavily ad-infested pages each ad replaced by Pi-hole will still have to be fetched by the browser.
If 0.0.0.0 is used the browser will skip it. I have never seen any errors appear on webbpages with this method.
If 127.0.0.1 is used the browser will have to wait for each ad to time-out and the user will notice this as lag.
And if the IP of the Pi-hole server is used then the browser will query and possibly fetch the blockpage from Pi-hole. I’ve never seen this blockpage, so I’m guessing that it times out too.


#4

It doesnt time-out because lighttpd got this directive:

server.error-handler-404 = "pihole/index.php"

Thats an existing page (size ~1k) that will be pulled from browser cache.


#5

You wont see it if the ad is in an iframe or similar. Instead a blank page is returned so that the space that would have been taken by the ad is not a grey box with a timeout error message or similar.

Try browsing directly to, say, doubleclick.net (if you have it blocked) and you will see the blockpage.

Start using 0.0.0.0, and you lose the block page functionality. It really doesn’t slow things down, if anything things are sped up due to not having to download the ad from a remote server, rather a small page on the local network.


#6

This is a year old thread, but it’s implemented now with NULL blocking.

https://docs.pi-hole.net/ftldns/blockingmode/#pi-holes-unspecified-ip-blocking-default


#7