YouTube script seems to be working very well

Looks handy! If/when more people report good results for this little idea, I might take some time to do it properly and submit a diff.

Big thanks for your hard work as definitely seeing a difference as think i only saw about one ad when using Youtube on my Firecube for a few hours yesterday

1 Like

Would it make a difference which cache is used?

What is the privacy gain if you don't log the domains in Pi-hole but still have them in unbound? Appears to be no privacy gain, you just have to find the information in another place.

1 Like

Sorry if it's a noob question. Will this work with multiple ip's? When I do a log query it returns several, here it is:
grep /var/log/pihole.log

May 2 18:52:09 dnsmasq[188378]: reply is
May 2 18:52:11 dnsmasq[188378]: reply is
May 2 18:52:34 dnsmasq[188378]: cached is

It actually has many dns requests, kept the duplicates, May 2 18:52:09 dnsmasq[188378]: reply is 173.194 -

Pick any one of them.

Do I cycle through them till I find one that blocks ads?

Nope, close your eyes and touch the screen. Pick the IP closest to your fingertip. :slightly_smiling_face:

I just put script to run on my pihole server. It seems works well. But I I've one noob question.

Once the googlevideo adress is add to list, when I run nslookup on that adress, should it return the $forceip? Because for me it show the same ip I've seen before.

Sorry for my english! And thx in advance!

Serious question since I'm a dnsmasq noob.
Why would you use host file overrides with every single address parsed from the pihole log instead of defining a single address override like
This could also be used for IPv6 if the wildcard works as I understand it will.

Do you really see the need for obfuscation?
Those IP addresses are most likely ephemeral anyways. My guess is the redirect needs to be changed in certain intervalls to continue working as expected.

[starting fresh, too many edits pre-coffee this morning!]

The bash script is a PoC to see if my results were reproducible in the wild.

dnsmask has forks that support regex. I'm testing something on it with RR support to "hide in the crowd" but that's not working too well. Presumably an IP from the RR is the one the "ad gun" is waiting to fire on.

coffee time

Exactly why I am poking around with some RR stuff and other stuff. Idea was to have "v2" get new IPs from non-Pi-hole lookups and repopulate the forced IP list.

According to dnsmasq documentation, only using the entire expression /#/ as a domain is treated to match any domain:

-A, --address=/<domain>[/<domain>...]/[<ipaddr>]
(..) /#/ matches any domain. Thus --address=/#/ will always return for any query not answered from /etc/hosts or DHCP and not sent to an upstream nameserver by a more specific --server directive. (..)

Accordingly, a quick test adding your line to my configuration resulted in failure:
pi@pi-hole-v5:~ $ nslookup

** server can't find NXDOMAIN

As Pi-hole embeds a tailored version of dnsmasq, you cannot simply switch to another dnsmasq fork.

However, if you are able to determine a sufficiently selective pattern for subdomain names to block, you could add them as a Pi-hole regex filter.

Indeed, working very well. I have it up and running, on a Win10 machine it removes all ads after skipping an initial first ad. Very sneaky of YouTube to have a discreet "Can I have an ad, please" request which returns the ad on a unique IP. Good job, thank you!!

1 Like

There are regex-capable forks of dnsmasq, I've only just started playing with them on Friday. Not sure how useful it would be as it would require porting to FTL from what I can tell.
Much easier to have the script scheduled so every day (week, whatever) it does outside DNS lookups on the hostnames already in the file, then repopulate the file with a new randomly picked IP from the new lookups.

Not necessary:

Ohh, what a bummer :confused: thx for clarifying.

But regarding regex blocking. Is it possible to setup custom redirections within pihole, too? I was under the impression the target result for all blocklists was set via a single parameter.

Blocking them doesn't work, they need to be redirected to an IP of our choosing.

Ah, I see - this solution relies on answering arbitrary youtube and googlevideos subdomains with a given custom IP, rather than just blocking them.

While this is certainly not Pi-hole's default behaviour, I can't answer if that's possible with pihole-FTL.