SBN

Avoid The Hack: The Best Pi-Hole Blocklists (2024)

This post was originally published on 26 APR 2021; it has since been updated and revised.

Looking for solid and maintained blocklists to round out the blocking capabilities of your Pi-Hole install? You’ve come to the right page.

Preface

While this post is geared towards users with a Pi-Hole on their network, it can also be applied to adblocking/domain filtering DNS providers with custom list loading options and browser ad/tracker blocking plugins like uBlock Origin, though users should double-check whether the format is compatible with their service/platform.

Why dedicate a whole post to just ad blocklists? The short story is, ads suck. They pose a considerable cybersecurity risk in the modern threat landscape for the regular user (you), are ridiculously privacy invasive, and can be difficult to keep blocked.

Ad blocking lists can easily become outdated and useless, so to keep on top of blocking ads, it’s usually best to use lists/services that update blocking lists frequently.

Note:A DNS sinkhole like Pi-Hole isn’t the only way to block ads; ads can be blocked in the browser and on-device as well.

Picking your blocklist(s)

Use these points as a helpful reference for picking what blocklists you want to use for your Pi-Hole set up. It is important to consider what and why you are blocking, understand the networking needs of the devices on your network, minimize false positives and redundancy, and know when to whitelist a domain.

1. Consider your “threat” model

In this specific case, you’ll want to ask yourself two questions:

  1. What do you want to block? (Malware domains, Advertising, Trackers, Telemetry, Parental Control, etc)

and

  1. What are your reasons for blocking it? (AKA: Why?)

For example, are you…

  • Wanting to block excessive device telemetry because constant requests are slowing down your network?
  • A parent wanting to block malware and adult-content related domains network wide (irrespective of device) because you don’t want your kids visiting such sites?
  • Wanting to block intrusive ads across your entire home network because you’re tired of targeted and privacy invading ads?
  • Concerned about the potential security risks posed by targeted ads or malvertising in general?
    )

red skull and crossbones on a green vector background

This isn’t to say that you need specific justification for blocking certain things via Pi-Hole, but it’s definitely important to consider what you need blocked and for what reason. You’ll want your Pi-Hole to be efficient and provide the most benefit for you and your network.

Additionally, when you take into things like basic device functionality into account, you’ll find that just blocking “everything” is often times not feasible.

Blocking everything usually means many things tend to break, and some devices/services/websites become totally unusable/inaccessible if you go for a “nuke everything” approach. This can easily become more hassle than its worth, so it’s best to plan accordingly.

2. Consider devices on your network

You’ll want to heavily consider just what devices run on your home network.

How many devices are connected to your Wi-Fi? What types of devices are these? Keep in mind that many “Smart devices” may connect to your home network.

Some of these might include…

  • Gaming consoles (ex: Xbox)
  • Smartphones (ex: iPhone)
  • Laptops
  • Desktops/PCs
  • Smart watches (ex: Garmin’s smart fitness trackers)
  • Tablets (ex: iPad)
  • Smart TVs
  • Streaming devices/sticks (ex: Roku)
  • Smart appliances (ex: “Smart fridges”)
  • Various IoT devices (ex: smart thermostats, internet-capable security cameras)

For example, while you may wish to block your Windows 10 PC from sending a ton of information (AKA telemetry) to Microsoft, it might not be beneficial for you to block every request related to known Microsoft domains (such as microsoft.com or things served with their cloud platform, Azure.)

Doing so could adversely affect the functionality of your device, such as receiving critical updates to crucial services and/or updating the operating system itself.

example diagram of a home network

For example, if you go as far as to block things related to its Azure cloud platform, you can go as far as breaking websites relying on Azure for all devices on your network. The process of steadily “unbreaking” everything can be frustrating and time-consuming for many users. Quite frankly, finding out where things went wrong isn’t fun or conducive for people who want some protection that just works.

What’s more is that when you consider your devices, you should also consider some of the internet-connected services they might use…

For example, if you’re an avid streamer, then you may not want to blindly block everything reaching out to a hulu.com related domain – else you won’t be able to launch and watch hulu on your home network.

Likewise, if you’re a console gamer, you might not want to totally block all domains associated with Sony, Microsoft, or Nintendo – or else your console might not function properly in some areas, such as online gaming or recording achievements.

This isn’t to say that you can’t block some requests to microsoft.com or hulu.com, just that you may not want to blacklist the entire domain or everything associated with it.

3. More is not always better

Say it with me: More. Is. Not. Always. Better.

Listen, I know that the resources linked here have a ton of blocking lists.

I also know that some of these blocking lists are huge.

It may be tempting to use each and every blocklist found here or elsewhere. However, I’m strongly advising you not to do that.

man holding up "help" sign buried underneath a mess of books

Why? Many of these blocklists borrow from each other. Because of this, if you use all of them, you’ll find yourself with a lot of overlap and needless redundancy.

Redundancy reduces efficiency and wastes resources. Additionally, the more lists you use, then the more likely you are to run into false positives, which can really be a pain in the ass to deal with.

Remember: a “nuke everything” approach is not necessarily the best approach here. Overall, you want to find a balanced solution that both increases your level of privacy – and in many cases, improves security – while maintaining good functionality. You should keep in mind your own threat model.

In fact, in some cases, you may find that the stock blocklist fits your personal needs, which is perfectly fine. More is not always better – remember that!

4. Don’t be afraid to Whitelist

If you plan on running an aggressive blocking…

*** This is a Security Bloggers Network syndicated blog from Avoid The Hack! authored by Avoidthehack! RSS. Read the original post at: https://avoidthehack.com/best-pihole-blocklists