1. 8
  1. 4
    1. 1

      How similar to both I linked is your list?

      Since both lists I linked come from an automated grouping repository that takes DNs from multiple lists and join them, you should open an issue to propose to join your list to their collected list!

      1. 2

        How similar to both I linked is your list?

        Well, it looks like they use my list as a source, so I don’t think I need to open an issue. :)

        Probably the biggest difference between mine and most of the other lists is that I don’t list individual hostnames if I can help it. It’s more useful as in wildcard and DNS blocking than as a hosts file.

        I can’t really join that list into mine unfortunately. I do my best to verify each entry, so it would take me forever to check out each one.

        1. 1

          Fair enough, thanks for the heads-up and good work checking every domain!

    2. 2

      I use unbound for that. It is a full recursive resolver, which allows me to skip my providers DNS and other providers like goog or cloudflare etc.

      I should write a quick blog post about that, probably…

      1. 1

        You definitely should. I tried to use unbound once, but failed to set it up, so I gave up because I wanted an “easy” setup.

        If you do write about it, post the link as reply, thanks!

        1. 1

          I’m definitely interested in hearing/learning more about your setup. I currently use dnsmasq in a very similar way to this article, but I really hate relying on google/cloudflare for dns.

        2. 1

          The web UI is in PHP, which forces me to have both PHP and their reverse proxy set up if I don’t want to spend 2h configuring everything by myself;

          Where is the problem with that? Is the Pi used for something else so that the webserver shouldn’t run all the time? (and/or php-fpm, no idea how pihole works, but the sentence confused me)

          1. 1

            It isn’t a pi, but a remote VPS (providing ad-blocking to every of my VPN clients).

            The setup and maintenance cost of PHP-FPM is annoying, especially for an optimized configuration to try to avoid burning my server with useless work.

            Also, the server is running CentOS, and PiHole has PHP 5.4 as direct dependency. 5.4

            PiHole sets up PHP-FPM + lighttpd with the “default” setup, and ignoring both and having to set them up with my own servers and such is a cost I don’t want to accept (especially since it isn’t documented).

          2. 1

            I have a very similar setup. One thing I did differently was implement support in the ‘wget’ script for whitelisting since I’ve found lists are sometimes too aggressive.

            # Remove whitelisted sites                                                                                                                                                                                                                                                                                                                                                                                                              
            if [ -f /etc/dnsmasq.d/whitelist.txt ]; then                                                                                                                                                                                                                                                                                                                                                                                            
                    for l in $(</etc/dnsmasq.d/whitelist.txt); do                                                                                                                                                                                                                                                                                                                                                                                   
                            # ignore lines that start with # (comments)                                                                                                                                                                                                                                                                                                                                                                             
                            if [[ $l =~ ^#.* ]]; then                                                                                                                                                                                                                                                                                                                                                                                               
                            sed -i "/$l/c\ " /tmp/hostnames.txt                                                                                                                                                                                                                                                                                                                                                                                     
                            sed -i "/$l/c\ " /tmp/domains.txt                                                                                                                                                                                                                                                                                                                                                                                       
            1. 1

              Too aggressive is fine by me, but that’s definitely something nice to keep.

            2. 1

              Some months ago I moved from Dnsmasq to CoreDNS.

              So far the change has been for the better, CoreDNS has DNS-over-TLS support, cache prefetching, detailed logging (vs. none at all in Dnsmasq, AFAIK) and detailed metrics in Prometheus’ format.

              Both support blocklists, custom hosts files, etc. CoreDNS has a nice set of features for service discovery too, but I don’t use them.

              So far loving it!

              1. 1

                I didn’t know about CoreDNS, I’m gonna check it out now.

                If it allows the usage of dnsmasq-based block lists while providing some simple prometheus metrics, I’m sold.

                1. 1

                  Check out this comment on HN about my CoreDNS setup.

                  It has hosts-style blocklists, caching, cache prefetching, DNS-over-TLS, per-request logging, Prometheus-style metrics…

                  I include my previous Corefile (CoreDNS’ configuration file and format) in it, since then the only changes I’ve made are switching from Cloudflare’s upstream resolvers ( and to Quad9’s (, both support DNS-over-TLS so that my entire home network has it’s DNS encrypted.