New! Hot off the press - view the July 2021 content updates Read more!

The Best PiHole Blocklists (2021)

/ data privacy, DNS, pihole

If you're looking for solid blocklists for your PiHole, then we have a collection of collections of blocklists for you right here.

We also have some words of wisdom to share when it comes to using these blocklists.

Don't have a PiHole? Then you can follow the ATH guide to setting up Pihole.

Picking your blocklist(s)

Use these points as a helpful reference for picking what blocklists you want to use for your PiHole.

1. Consider your "threat" model

In this specific case, you'll want to ask yourself two questions:

  1. What do you want to block? (Malware domains, Advertising, Trackers, Telemetry, Parental Control, etc)

and

  1. What are your reasons for blocking it? (AKA: Why?)

For example, are you...

  • Wanting to block excessive device telemetry because constant requests are slowing down your network?
  • A parent wanting to block malware and adult-content related domains network wide (irrespective of device) because you don't want your kids visiting such sites?
  • Wanting to block intrusive ads across your entire home network because you're tired of targeted and privacy invading ads?

This isn't to say that you need specific justification for blocking certain things via PiHole, but it's definitely important to consider what you need blocked and for what reason. You'll want your PiHole to be efficient and provide the most benefit for you and your network.

Additionally, when you take into things like basic device functionality into account, you'll find that just blocking "everything" is often times not feasible.

Blocking everything usually means many things tend to break, and some devices/services/websites become totally unusable/inaccessible if you go for a "nuke everything" approach.

2. Consider devices on your network

You'll want to heavily consider just what devices run on your home network.

How many devices are connected to your Wi-Fi? What types of devices are these? Keep in mind that many "Smart devices" may connect to your home network.

Some of these might include...

  • Gaming consoles (ex: Xbox)
  • Smartphones (ex: iPhone)
  • Laptops
  • Desktops/PCs
  • Smart watches (ex: Garmin's smart fitness trackers)
  • Tablets (ex: iPad)
  • Smart TVs
  • Streaming devices/sticks (ex: Roku)
  • Smart appliances (ex: "Smart fridges")

For example, while you may wish to block your Windows 10 PC from sending a ton of information (AKA telemetry) to Microsoft, it might not be beneficial for you to block every request related to known Microsoft domains (such as microsoft.com or things served with their cloud platform, Azure.)

Doing so could affect functionality of your device, such as receiving critical updates to crucial services and the operating system itself. If you go as far as to block things related to its Azure cloud platform, you can go as far as breaking certain websites that rely on Azure for all devices on your network. The process of steadily "unbreaking" everything can be frustrating and time-consuming for many users.

What's more is that when you consider your devices, you should also consider some of the internet-connected services they might use...

For example, if you're an avid streamer, then you may not want to blindly block everything reaching out to a hulu.com related domain - else you won't be able to launch and watch hulu on your home network.

Likewise, if you're an console gamer, you might not want to totally blacklist all domains associated with Sony, Microsoft, or Nintendo - or else your console might not function properly in some areas, such as online gaming or recording achievements.

This isn't to say that you can't block some requests to microsoft.com or hulu.com, just that you may not want to blacklist the entire domain or everything associated with it.

3. More is not always better

Say it with me: More. Is. Not. Always. Better.

Listen, I know that the resources linked here have a ton of blocking lists.

I also know that some of these blocking lists are huge.

It may be tempting to use each and every blocklist found here or elsewhere. However, I'm strongly advising you not to do that.

You see, many of these blocklists borrow from each other. Because of this, if you use all of them, you'll find yourself with a lot of overlap and needless redundancy.

Redundancy reduces efficiency and wastes resources. Additionally, the more lists you use, then the more likely you are to run into false positives, which can really be a pain in the ass to deal with.

Remember: a "nuke everything" approach is not necessarily the best approach here. Overall, you want to find a balanced solution that both increases your level of privacy while maintaining good functionality.

In fact, in some cases, you may find that the stock blocklist fits your personal needs, which is perfectly fine. More is not always better - remember that!

4. Don't be afraid to Whitelist

If you plan on running an aggressive blocking set up, then you shouldn't be afraid to whitelist certain domains.

It seems counterintuitive but here is the logic... the more "aggressive" you are with blocking, then the more likely (legitimate) websites/services are to break. Aggressive blocking can also increase the frequency of false positives.

This doesn't necessarily mean that you have to be any less aggressive in your blocking - especially if your threat model calls for it or you don't mind dealing with breakage. However, to maintain functionality you might want to take care by whitelisting domains that totally break things when blocked.

When you whitelist those blocked domains that cause substantial breakage, you can more easily continue to run aggressive blocklists. However, you should be forewarned that you'll need to stay on top of updating your whitelist, as these domains can readily change. For example, a whitelisted domain can become obsolete.

"Stock" Blocklists

If you weren't aware already, PiHole comes out-the-box with an optional blocklist:

https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts

This blocklist is well maintained and provides good blocking functionality without breaking normal functionality. For some it might be enough, but users often find they want to add their own custom lists for enhanced blocking capabilities.

However, if there comes a time where you need or want to delete your accumulated blocklists and/or restore the "default" blocklist...

To remove existing blocklists, run this command in Terminal:

sudo sqlite3 /etc/pihole/gravity.db "DELETE FROM adlist"

To restore the default blocklists, follow the steps outlined on the PiHole discourse forum.

Blocklist Collections

The Firebog (WaLLy3k)

View Blocklists

The lists found at The Firebog are separated several ways. First, the lists are separated into categories:

  • Suspicious
  • Advertising
  • Tracking & Telemetry
  • Malicious
  • Other

Then, they're separated into green and blue. Green is the least likely for breakage, whereas blue lists are more likely to break things.

I personally recommend using 1 to 2 blocklists from the Advertising, Tracking & Telemetry, and Malicious sections.

You should avoid the crossed out lists. Feel free to experiment mixing the more aggressive "blue" lists with the less aggressive green ones.

For many users, the categories and green/blue lists found here should cover what you need and/or want your PiHole to block.

(Personally, I use the AdGuardDNS, Threat-Intel, and SmartTV lists. Use CTRL+F on the Firebog page to find them.)

Developer Dan (lightswitch05)

View Blocklists

Most users will want to checkout the Ads & Tracking list and the Google AMP hosts list. You can experiment with the Tracking Aggressive as well.

These lists are well maintained and updated very frequently.

Personally, I use the Tracking Aggressive list and found it fits the bill for good blocking and functionality. As always, consult your own needs and threat model.

Combo blocklists

OISD Domain Blocklist

This list comes in 2 flavors: Basic and Full.

Basic: https://dbl.oisd.nl/basic/

Full: https://dbl.oisd.nl/

While this list is big and incorporates many other lists, it remains controversial in the PiHole community. Please use at your discretion.

Basic primarily blocks advertisements whereas Full contains everything from advertisements, malware, scam/phishing, telemetry, tracking, etc. Additionally Full includes everything from the Basic list.

The Full list is massive and incorporates a ton of smaller blocklists. If you run this one, chances are you won't need to run any other lists.

However, this results in you having to place a lot of trust in a single party. You also will not be able to assign different lists , which negates the "Group management" feature of PiHole. Group management has the capability of applying different blocking rules to different user-defined "groups."

Both lists are updated approximately every 24 hours.

More Information

RegEx Blocklist

PiHole features RegEx (regular expression), which can create more complex filter rules for your PiHole set up. This is often described as an "advanced" function, but any user can take the time to learn how to properly write RegEx entries. Remember, that Syntax is extremely important.

View RegEx list

More info on RegEx

...

With that said, happy blocking and as always, stay safe out there!

Next Post Previous Post