TheGreatWall
1Hosts
Our great sponsors
TheGreatWall | 1Hosts | |
---|---|---|
11 | 32 | |
103 | 1,320 | |
- | - | |
0.0 | 0.0 | |
almost 2 years ago | 19 days ago | |
HTML | ||
MIT License | Mozilla Public License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
TheGreatWall
-
Restrict DNS resolution to pihole only
Here's lists: https://github.com/Sekhan/TheGreatWall
-
AdGuard Home and dealing with DoH
I run Pfsense and am able to block most common DoH services. I’m sure you will be able to configure similar options on opnsense. The best way to do this is a DNS block through AGH and an IP block with opnsense. Firefox provides what domains to block to disable their DoH, https://support.mozilla.org/en-US/kb/configuring-networks-disable-dns-over-https. You can also add these two lists to block most other common DoH services, https://github.com/oneoffdallas/dohservers, https://github.com/Sekhan/TheGreatWall. These lists will work with AGH for DNS blocking and for IP blocking aliases. If you have any Apple devices on your network you can use these domains to block private relay, https://raw.githubusercontent.com/Rogacz/private-relay/main/pr2.txt. I recommend you add these private relay domains as a custom entry in AGH to return NXDOMAIN so that the device shows that private relay is unavailable versus using a NULL response where it will say it’s available when it really isn’t. With these lists added to DNS blocklists as well as IP blocklists I have seen almost no DoH services getting through. The only service that I’ve experienced getting through the rules so far is Next DNS since it uses different IPs depending on what is fastest for your location, making it harder to block. I found a way to discover the IPs for their servers near you and will edit the post if I find the instructions again. Also make sure to completely block port 853 to block DoT. Lastly using these instructions from Pfsense, you can redirect or block all DNS queries that aren’t destined for your AGH instance. The instructions should be transferable to opnsense.
-
Device has not a single query?
You can also have the pihole block these DoH servers, using this: https://github.com/Sekhan/TheGreatWall/blob/master/TheGreatWall.txt but for applications that have a list DoH IP's hardwired into them, then pihole blocking won't catch those because they connect without DNS lookups. You have to block them at your firewall.
- PSA - Netflix on iOS seems to be contacting 8.8.8.8 (Google DNS) a lot, possibly to circumvent blocking
- Blocklist for DNS over HTTPS?
- How long until Google [and others] use https://8.8.8.8 internally, and hence bypass Pi-Hole?
- Any guide to catching and redirecting DoH traffic?
-
Adguar home question
Original: https://github.com/Sekhan/TheGreatWall
-
Android defaults to 8.8.8.8 as secondary DNS with Pi-hole as DHCP server
Another test is android also offers Private DNS under advanced settings if set to automatic it will send requests to google DoH, turn this off and see if that changes anything. You could also add the The Great Wall DoH pihole blocklist to see if that helps too: https://github.com/Sekhan/TheGreatWall/blob/master/TheGreatWall.txt
-
Blocking DNS over HTTPS Suggestions
Hopefully this helps: https://github.com/Sekhan/TheGreatWall
1Hosts
-
Big things are happening with RaspAP's Ad Blocking 🛑 Users will soon have more blocklist sources to choose from
Others include badmojr's excellent blocklists and OISD's dnsmasq-ready domains lists.
-
[HELP] Energized Protection 403 Forbidden Error
Oh btw a sidenote: instead of the Energized lists you can use the 1Hosts lists, it is awesome as well.
- BlockList Project?
-
Energized GitHub has been unmaintained since few months, and is showing 404 error on HOSTS files. Here is a copy of Energized Ultimate HOSTS ruleset file, and alternative HOSTS ruleset providers to consider.
I think 1Hosts PRO is a good replacement, but try Lite or Pro whichever you prefer. https://github.com/badmojr/1Hosts You may try combining other HOSTS lists with this if you want to, and are technically adept enough.
-
Android malware from Amazon straight to your door
For what it's worth that domain in your repo is also listed in the 1Hosts block-list [1] but only in the Xtra category, not sure why. It seems that is a known malware site. Oddly enough it is not listed in the PiHoleBlocklist [2]
[1] - https://github.com/badmojr/1Hosts [listed but only in Xtra]
[2] - https://github.com/Perflyst/PiHoleBlocklist.git [not listed]
- Apple and Google Telemetry
- MacOS/iOS iDp/Auth can’t connect
-
What is BlissDNS?
Well, our goal is to stay problem free 100% of the time while maximizing our effectivness. The lists we use are as follows: https://abp.oisd.nl/ https://github.com/badmojr/1Hosts/raw/master/Lite/adblock.txt https://raw.githubusercontent.com/CipherOps/AdList/main/Blocklist
-
What happen to Energize Ultimate?
I will strongly suggest to opt out from their lists. That's what I did. 1Hosts is very good and the people in charge of the lists respond and are pretty helpful. https://github.com/badmojr/1Hosts
-
1Hosts Website flagged as False Positive by AI-Driven Threat Detection
If you have it switched on, try accessing https://o0.pages.dev/
What are some alternatives?
blocklists - Domain-ONLY Filter Lists (for use with DNS / Domain blocking tools)
hosts-blocklists - Automatically updated, moderated and optimized lists for blocking ads, trackers, malware and other garbage
Inversion-DNSBL-Blocklists - Malicious URLs identified by scanning various public URL sources using the Google Safe Browsing API (over 6 billion URLs scanned daily)
GoodbyeAds
pihole-phishtank-list - A blocklist for Pihole from PhishTank
oisd - oisd blocklist
Pi-hole - A black hole for Internet advertisements
NextDNS-Config
DoH
easylist - EasyList filter subscription (EasyList, EasyPrivacy, EasyList Cookie, Fanboy's Social/Annoyances/Notifications Blocking List)
doh-cf-workers - DNS-over-HTTPS proxy on Cloudflare Workers
pihole-unbound - Guide to setup Unbound recursive DNS resolver with Pi-Hole. With additional configs for speed and security!! 🚀🔒