piholemanual VS Pi-hole

read this document. It describes how to block (o)DoH on a firewall. The IP lists are generated daily, as is the RPZ (response policy zone) file. A pihole specific blocklist isn't available, but the document contains the instructions to generate one yourself from the database.

> the most ill thought out "privacy" feature

Whose privacy? DoH helps to protect billions in ad revenue for the ad network that funds Chrome, Firefox, Safari and web standards. A better web will need a different revenue model.

In the meantime, here's a maintained guide to blocking DoH with pfsense, https://github.com/jpgpi250/piholemanual/blob/master/doc/Blo...

This list is just one of the available lists on github (and some other places), unfotunatelly, it isn't complete. I've been consolidating the lists I could find. Two options: - For those who have a decent firewall, capable of adding IP lists from url, they can use the IPv4 and IPv6 lists, daily generated, on GitHub.

Otherwise you can create a fw alias for known DOHipv4/ipv6 enpoints and block them with a list like https://github.com/jpgpi250/piholemanual/blob/master/DOHipv4.txt and block TCP on port 853 to catch default DoT traffic and force everyone to use the local resolver.

The bambenek list is almost two years old. There are a lot of DOH lists available, some even update almost daily. I've been working continuously on blocking DOH on my network, and made a list of IPv4 and IPv6 addresses available on github, an description on how to use these lists on pfsense can be found here, but I'm sure the lists can be used on other firewalls. The lists only contain the IP addresses of resolvable DNS entries, If an entry from the source doesn't resolve, the entry is ignored. You can find the list of lists in the pdf document. Be a ware that using a dns entry to block DOH may not work. We all know that devices, such as chromecast, have 8.8.8.8 hard coded, smart IOT devices may have the IP of a well known (sure that it will never go disappear, such as google or cloudflare) configured. Blocking DNS entries that point to these DOH servers will never have effect. Also be aware that blocking some entries may considerably slow down your browser experience, ref the section on exceptions in the pdf.

For DoH, you're playing a game of cat and mouse. Create two address groups with all known DoH servers - one for IPv4 and another for IPv6. There are some pages out there that list all known addresses, such as this github repo. Then, setup a rule to block those IP addresses.

Si te preguntas, ¿por qué no usar Adguard o Pihole? 🤔

This is an overreaction, almost to the point of absurdity.

Risks inherent to pipe installers are well understood by many. Using your logic, we should abandon Homebrew [1] (>38k stars on GitHub), PiHole [2] (>46k stars on GitHub), Chef [3], RVM [4], and countless other open source projects that use one-step automated installers (by piping to bash).

A more reasonable response would be to coordinate with the developers to update the docs to provide alternative installation methods, rather than throwing the baby out with the bathwater.

[1] https://brew.sh/

[2] https://github.com/pi-hole/pi-hole

[3] https://docs.chef.io/chef_install_script/#run-the-install-sc...

[4] https://rvm.io/rvm/install

Pi-hole to block ads and tracking for my less technically savvy relatives

https://pi-hole.net/

I ran a competing project[0] on my home network for a few years before I discovered NextDNS[1]. What I lost in performance (requests don't leave my house) I gained in portability: ALL my devices can take advantage – at home and away – and time-saved. PiHole works 90% of the time, but when it did stop working, I'd have to spend a bit of time fixing it. At $20/year, I simply couldn't compete with NextDNS.

Note: This isn't a shill for NextDNS; I love these kinds of projects and think they absolutely should exist, but NextDNS just happens to be one of those dead-simple SaaS tools that is an insanely good value.

0 - https://pi-hole.net/

1 - https://nextdns.io

It definitely IS an option, but at the network level.

https://pi-hole.net/

It runs on damn near everything, and is a DNS level adblocker for the whole network.

I recently switched to Wipr [0]. It’s dead simple to use, and will auto update its filter lists in the background.

Adguard [1] is a decent free option.

I also use a Pi-hole [2] on my network.

[0] https://kaylees.site/wipr.html

[1] https://adguard.com/en/adguard-safari/overview.html

[2] https://pi-hole.net/

Are you trying to build a DNS proxy (similar to Pi-hole) that intercepts DNS requests and checks for the ones that look harmful? If so, I would suggest trying to separately build a DNS client and a DNS server, before trying to integrate them together. Start with Beej's Guide to Network Programming if you need to learn the basics of sockets, and then take a look at the documents that define the DNS protocol itself (RFC1034 and RFC1035).

Setup a pi-hole.

It's definitely not as simple as installing an app on your phone, but I run a Pi-hole on my home network, and it does block ads in many games.