My host files and bind config for DNS sink holes
pihole is great at blocking anything by name, not only ads.
That Facebook f icon on nearly every media web page on the internet is how facebook is able to track every page you visit.
Even in private browsing mode that javascript will execute.
Add
https://raw.githubusercontent.com/jrwren/hosts/master/facebook
as an adlist to your pihole to block it along with instagram.
DNS over HTTPS is a nice idea but it lets apps completely subvert your custom DNS configuration, your pihole.
Apps usually use a name to find a DoH and fallback to local DNS.
Add
https://raw.githubusercontent.com/jrwren/hosts/master/doh
to your pihole adlist so that apps cannot find a DoH server.
ebay portscans you just for visiting their page.
https://duckduckgo.com/?q=ebay+port+scanning&t=osx&ia=web
Never let anyone visit their page from your network.
Add
https://raw.githubusercontent.com/jrwren/hosts/master/ebay
to your pihole adlist.
Netflix is great but if you don't subscribe, then they have no business knowing about you.
If you have a network connected television, it is likely telling Netflix when you watch and maybe what you watch even if you aren't a subscriber!
Add
https://raw.githubusercontent.com/jrwren/hosts/master/netflix
to your pihole adlist.
I'm extra paranoid so I intercept ntp on my network.
I don't use the pihole adlist for this because I want the name to resolve to my home NTP server.
Add
time.apple.com
and
time.windows.com
to the
Local DNS
->
DNS Records
in pihole and use your local ntp server IP address.
If you don't have one, run
apt install ntp ntpstat
on your pihole system.
Sadly, these names also have CNAME records and AAAA records and so some traffic may still leak through. TODO: patch pihole to allow adding AAAA records.
Blocking all porn is very difficult.
The top porn sites
https://toppornsites.com
lists popular porn sites.
Sinkholing those domains blocks the most popular porn sites.
Add
https://raw.githubusercontent.com/jrwren/hosts/master/topporn
to your pihole adlist.