Pi-hole-like DNS Blocklist
Blocklists can also be directly used as hosts file for local resolvers, such as dnsmasq.
System-wide blocking of malicious or tracking/ad domains can easily be done by a local /etc/hosts
, requiring no additional software.
Basically, blocklist hosts files consist of a list of domains to block by “resolving” them to the (invalid) IP address 0.0.0.0
.
Often, such blocking does not even trigger an “ad-block-detection” some sites use, as it results in a network error from the browser’s perspective. For mobile devices, however, there are often no such easy local solutions.
But similarly to Pi-hole, custom domain blocklists can also be used with a simple DNS resolver, such as dnsmasq.
Dnsmasq should be available (or even pre-installed per default) on most systems such as on Ubuntu/Debian, and allows to define additional custom host-files with for example addn-hosts=/etc/hosts.bad
in dnsmasq.conf
.
This setup can then be used as explicit DNS server or by intercepting and redirecting DNS traffic at the gateway.
For example, the following blocklists can be fetched (regularly) and provided to Dnsmasq in order to create a simple and customizable filtering DNS server.
- StevenBlack unified hosts file, per default included in Pi-hole
- Peter Lowe’s ad and tracking server blocklist
- MVPS custom hosts file
- Disconnectme tracker protection service lists
cat services.json | jq -r '.categories | .[][][] | with_entries(select(.key | startswith("http"))) | .[][]' | sed 's/^/0.0.0.0 /'
- uBlock as browser-based ad blocker maintains badware filters that can also be cheaply parsed for literal domains
egrep '^\|\|[a-z0-9.-]+\^(\$(all|doc))?$' badware.txt | sed 's/^||/0.0.0.0 /; s/\^.*//'