We have implemented GNU Extended Regular Expressions for blocking domains into FTLDNS (as used by popular tools such as
grep -E ...),
To try it, you need to be participating in the FTLDNS beta test (see here for more details). This is a new feature and we invite you to test it out but you should expect some rough edges. We would also appreciate if you could help us find any bugs or issues you run into.
Reach out to us on Discourse or Reddit with any issues you run into.
Once you’re on the beta testing branch you can configure the regex of your choice in
/etc/pihole/pihole-FTL.conf. In contrast to our already existing wildcard blocking implementation, you can now configure arbitrarily complex blocking filters with Pi-hole FTLDNS. The following regex:
will block all domains that start with “ab” (
^ab), have at least one further character (
.+) and end in “.com” (
Examples for what would be blocked by this rule:
Examples for what would not be blocked by this rule:
testab.com (the domain doesn’t start with “ab”)
tab.test.com (the domain doesn’t start with “ab”)
ab.com (there is no character in between “ab” and “.com”)
test.com.something (the domain doesn’t end in “.com”)
Hopefully this illustrates how powerful the new blocking method of FTLDNS is but also why testing its mandatory to ensure it is working correctly in all possible situations. The potential of this new blocking is huge and may even help with things like this.
Pi-hole will remain free in both meanings of the word: free of charge and open source. We know the survey spooked many of your fears and you may have considered several worst case scenarios. We heard you loud and clear, you don’t want us to charge money for Pi-hole and we won’t.
In it’s current state, Pi-hole is free of charge and can be used to protect your privacy–a human right to which everyone is entitled. And we intend to keep it that way. At the end of this article, you will find some information on how much it costs to run Pi-hole from month-to-month; something you wanted to know based on the survey. This will be specific, including the salaries needed to allow us to develop full/part time and bring you more updates and features faster while also providing you better support. It will also include the cost of support and QA/testing, marketing, research, business development, legal, operational, etc. Continue reading “Results of the Pi-hole User Survey”
[UPDATE: 2018-04-18: 05:51]
The latest version of FTLDNS (vDev-3656ba2) now fixes this issue. We have modified it to spawn child processes for handling individual TCP queries. By this, Netflix (or any other application) shouldn’t be able to claim the resolver for itself, thus solving the issue.
If you have been beta testing FTLDNS, and want to get this update you’ll need to run a few commands:
git fetch && git pull
Subsequent updates can simply be acquired with
pihole -up, which didn’t work until you have the latest code acquired from the previous commands.
[UPDATE: 2018-04-10: 14:39]
We have determined the crash happens when
dnsmasq stalls out after receiving an invalid TCP request from Netflix.
In the short term, you can run these
iptables commands if you want to prevent the issue from happening:
sudo iptables -A INPUT -i eth0 -p tcp --destination-port 53 -j REJECT
sudo iptables -A INPUT -i eth0 -p udp --destination-port 53 -j ACCEPT
Continue reading “PSA: Issue With Pi-hole, DoH, and dnsmasq”
The survey is now complete. Thanks to those who contributed.
Pi-hole has grown far beyond what any of us could have imagined. As Pi-hole continues to evolve, we are looking at what Pi-hole is and if it’s meeting the demands of the market. An experienced product manager has been helping us and has put together two surveys. If you’re willing, please consider filling one of them out.
- If you are already using Pi-hole, please fill out
this short survey.
- If you have not installed Pi-hole before, please fill out
this short survey