If you're looking for solid blocklists for your PiHole, then we have a collection of collections of blocklists for you right here.
We also have some words of wisdom to share when it comes to using these blocklists.
Don't have a PiHole? Then you can follow the
ATH guide to setting up Pihole.
Use these points as a helpful reference for picking what blocklists you want to use for your PiHole.
In this specific case, you'll want to ask yourself two questions:
- What do you want to block? (Malware domains, Advertising, Trackers, Telemetry, Parental Control, etc)
- What are your reasons for blocking it? (AKA: Why?)
For example, are you...
- Wanting to block excessive device telemetry because constant requests are slowing down your network?
- A parent wanting to block malware and adult-content related domains network wide (irrespective of device) because you don't want your kids visiting such sites?
- Wanting to block intrusive ads across your entire home network because you're tired of targeted and privacy invading ads?
This isn't to say that you need specific justification for blocking certain things via PiHole, but it's definitely important to consider what you need blocked and for what reason. You'll want your PiHole to be efficient and provide the most benefit for you and your network.
Additionally, when you take into things like basic device functionality into account, you'll find that just blocking "everything" is often times not feasible.
Blocking everything usually means many things tend to break, and some devices/services/websites become totally unusable/inaccessible if you go for a "nuke everything" approach.
You'll want to heavily consider just what devices run on your home network.
How many devices are connected to your Wi-Fi? What types of devices are these? Keep in mind that many "Smart devices" may connect to your home network.
Some of these might include...
- Gaming consoles (ex: Xbox)
- Smartphones (ex: iPhone)
- Smart watches (ex: Garmin's smart fitness trackers)
- Tablets (ex: iPad)
- Smart TVs
- Streaming devices/sticks (ex: Roku)
- Smart appliances (ex: "Smart fridges")
For example, while you may wish to block your Windows 10 PC from sending a ton of information (AKA telemetry) to Microsoft, it might not be beneficial for you to block every request related to known Microsoft domains (such as microsoft.com or things served with their cloud platform, Azure.)
Doing so could affect functionality of your device, such as receiving critical updates to crucial services and the operating system itself. If you go as far as to block things related to its Azure cloud platform, you can go as far as breaking certain websites that rely on Azure for all devices on your network. The process of steadily "unbreaking" everything can be frustrating and time-consuming for many users.
What's more is that when you consider your devices, you should also consider some of the internet-connected services they might use...
For example, if you're an avid streamer, then you may not want to blindly block everything reaching out to a hulu.com related domain - else you won't be able to launch and watch hulu on your home network.
Likewise, if you're an console gamer, you might not want to totally blacklist all domains associated with Sony, Microsoft, or Nintendo - or else your console might not function properly in some areas, such as online gaming or recording achievements.
This isn't to say that you can't block some requests to microsoft.com or hulu.com, just that you may not want to blacklist the entire domain or everything associated with it.
Say it with me: More. Is. Not. Always. Better.
Listen, I know that the resources linked here have a ton of blocking lists.
I also know that some of these blocking lists are huge.
It may be tempting to use each and every blocklist found here or elsewhere. However, I'm strongly advising you not to do that.
You see, many of these blocklists borrow from each other. Because of this, if you use all of them, you'll find yourself with a lot of overlap and needless redundancy.
Redundancy reduces efficiency and wastes resources. Additionally, the more lists you use, then the more likely you are to run into false positives, which can really be a pain in the ass to deal with.
Remember: a "nuke everything" approach is not necessarily the best approach here. Overall, you want to find a balanced solution that both increases your level of privacy while maintaining good functionality.
In fact, in some cases, you may find that the stock blocklist fits your personal needs, which is perfectly fine. More is not always better - remember that!
If you plan on running an aggressive blocking set up, then you shouldn't be afraid to whitelist certain domains.
It seems counterintuitive but here is the logic... the more "aggressive" you are with blocking, then the more likely (legitimate) websites/services are to break. Aggressive blocking can also increase the frequency of false positives.
This doesn't necessarily mean that you have to be any less aggressive in your blocking - especially if your threat model calls for it or you don't mind dealing with breakage. However, to maintain functionality you might want to take care by whitelisting domains that totally break things when blocked.
When you whitelist those blocked domains that cause substantial breakage, you can more easily continue to run aggressive blocklists. However, you should be forewarned that you'll need to stay on top of updating your whitelist, as these domains can readily change. For example, a whitelisted domain can become obsolete.
If you weren't aware already, PiHole comes out-the-box with an optional blocklist:
This blocklist is well maintained and provides good blocking functionality without breaking normal functionality. For some it might be enough, but users often find they want to add their own custom lists for enhanced blocking capabilities.
However, if there comes a time where you need or want to delete your accumulated blocklists and/or restore the "default" blocklist...
To remove existing blocklists, run this command in Terminal:
sudo sqlite3 /etc/pihole/gravity.db "DELETE FROM adlist"
To restore the default blocklists, follow the steps outlined on the PiHole discourse forum.
The Firebog (WaLLy3k)
The lists found at The Firebog are separated several ways. First, the lists are separated into categories:
- Tracking & Telemetry
Then, they're separated into green and blue. Green is the least likely for breakage, whereas blue lists are more likely to break things.
I personally recommend using 1 to 2 blocklists from the Advertising, Tracking & Telemetry, and Malicious sections.
You should avoid the crossed out lists. Feel free to experiment mixing the more aggressive "blue" lists with the less aggressive green ones.
For many users, the categories and green/blue lists found here should cover what you need and/or want your PiHole to block.
(Personally, I use the AdGuardDNS, Threat-Intel, and SmartTV lists. Use
CTRL+F on the Firebog page to find them.)
Developer Dan (lightswitch05)
Most users will want to checkout the Ads & Tracking list and the Google AMP hosts list. You can experiment with the Tracking Aggressive as well.
These lists are well maintained and updated very frequently.
Personally, I use the Tracking Aggressive list and found it fits the bill for good blocking and functionality. As always, consult your own needs and threat model.
OISD Domain Blocklist
This list comes in 2 flavors: Basic and Full.
While this list is big and incorporates many other lists, it remains
controversial in the PiHole community.
Please use at your discretion.
Basic primarily blocks advertisements whereas Full contains everything from advertisements, malware, scam/phishing, telemetry, tracking, etc. Additionally Full includes everything from the Basic list.
The Full list is massive and incorporates a ton of smaller blocklists. If you run this one, chances are you won't need to run any other lists.
However, this results in you having to place a lot of trust in a single party. You also will not be able to assign different lists , which negates the "Group management" feature of PiHole. Group management has the capability of applying different blocking rules to different user-defined "groups."
Both lists are updated approximately every 24 hours.
PiHole features RegEx (regular expression), which can create more complex filter rules for your PiHole set up. This is often described as an "advanced" function, but any user can take the time to learn how to properly write RegEx entries. Remember, that Syntax is extremely important.
View RegEx list
More info on RegEx
With that said, happy blocking and as always, stay safe out there!