Blocking via regex now available in FTLDNS

Blocking via regex now available in FTLDNS

2018-04-24 Updates 10

We have implemented GNU Extended Regular Expressions for blocking domains into FTLDNS (as used by popular tools such as egrep (or grep -E ...), awk, and emacs).

To try it, you need to be participating in the FTLDNS beta test (see here for more details). This is a new feature and we invite you to test it out but you should expect some rough edges. We would also appreciate if you could help us find any bugs or issues you run into.

Reach out to us on Discourse or Reddit with any issues you run into.

Once you’re on the beta testing branch you can configure the regex of your choice in /etc/pihole/pihole-FTL.conf. In contrast to our already existing wildcard blocking implementation, you can now configure arbitrarily complex blocking filters with Pi-hole FTLDNS. The following regex:


will block all domains that start with “ab” (^ab), have at least one further character (.+) and end in “.com” (\.com$).

Examples for what would be blocked by this rule:


Examples for what would not be blocked by this rule:

  • (the domain doesn’t start with “ab”)
  • (the domain doesn’t start with “ab”)
  • (there is no character in between “ab” and “.com”)
  • (the domain doesn’t end in “.com”)

Hopefully this illustrates how powerful the new blocking method of FTLDNS is but also why testing its mandatory to ensure it is working correctly in all possible situations. The potential of this new blocking is huge and may even help with things like this.

Notable Replies

  1. Thats very nice! :blush:

  2. Yes (let's say "in principle"). The rules that are listed there aren't written in ERE, however, porting them over isn't complicated. However, note that to this point, it is entirely unexplored how adding a very long and complex regex would affect FTL's performance.

  3. Thanks, just trying to understand. :slight_smile:

    I'm sure lists like these adapted for the Pi-Hole will turn up soon. You can't subscribe to them like the usual lists though right?

  4. No, for now you can specify one single regex in FTL's config. However, if the performance impact turns out to be negligible (we actually have no clue yet!) we might be able to extend this to a few regex strings. Note that, unlike "normal" blocking entries, regex can be really really powerful so it may be possible to combine much into only a very few expressions. We're eager to see what happens.

Continue the discussion

5 more replies