Pi-hole Part 4 - Configure DNS Blocklists

Pi-Hole comes pre-configured with a perfectly acceptable DNS blocklist. However, the list of blocked domains can be expanded with lists from other sources. Pi-Hole will take care of deduplicating entries and streamlining the aggregate list.

There is a balance to find here:

• Too many blocked domains increases the likelihood of broken web applications
• Too few blocked domains means ads or malicious connections may slip through

I prefer to err on the side of quantity. If a blocked domain interferes with a service, it is simple to allow-list (whitelist) the needed domain(s). This is why we created allow lists for important domains before incorporating third party blocklists.

Blocklists used in this demonstration

Advertising and Trackers

• Hegezi Light (primarily ads and tracking)
• Hegezi Popups (popup ad domains)
• Blocklist Project - Ads (general advertising domains)
• AdGuard (general advertising domains)
• Prigent Ads (general advertising domains)

Threat Intelligence

• Hegezi Fakes (scams and social engineering)
• Hegezi Threat Intelligence (malware, cryptojacking, phishing)
• CERT Polska List (SMS social engineering, scams)
• NoCoin (Block Javascript cryptocurrency miners in your browser)
• Prigent Crypto (cryptojacking)
• ThreatFox IOCs (associated with cyberattacks)
• Blocklist Project - Malware (general malware domains)
• Blocklist Project - Ransomware (ransomware-specific)
• Matomo - Referrer Spam (nuisance spam domains)
• Asso Echap - Stalkerware (cyberstalking domains)
• Phishing Army (phishing)