PiHole: Unterschied zwischen den Versionen
imported>Burghardt (Die Seite wurde neu angelegt: „To reduce advertisement annoyances and the attack surface in our browsers I've installed "pihole". If you want to give it a try set 172.28.5.19 as your DNS re…“) |
imported>Burghardt |
||
Zeile 3: | Zeile 3: | ||
If you want to give it a try set |
If you want to give it a try set |
||
− | 172.28.5.19 |
+ | 172.28.5.19 |
− | as your DNS resolver. |
+ | as your DNS resolver. This must be done manually - due to possible side effects it cannot get configured automatically by DHCP. |
+ | |||
⚫ | |||
+ | |||
+ | Besides some blacklists it uses our normal DNS-Servers to resolve all legit names, so no functionality is lost. |
||
⚫ | |||
While I can not demonstrate the effect of lowering the risk by loading less junk I can show what a difference this blacklist makes regarding advertisement. I have put some screenshots here: |
While I can not demonstrate the effect of lowering the risk by loading less junk I can show what a difference this blacklist makes regarding advertisement. I have put some screenshots here: |
||
Zeile 17: | Zeile 20: | ||
Of course there are some problems with this approach: |
Of course there are some problems with this approach: |
||
* otherwise acceptable advertisement is blocked too |
* otherwise acceptable advertisement is blocked too |
||
− | * some websites refrain to deliver content if |
+ | * some websites refrain to deliver content if ad-blocks are detected |
* some websites do not work correctly if they can not load third party content |
* some websites do not work correctly if they can not load third party content |
||
− | For _me_ the positive aspects overweight... |
+ | For _me_ the positive aspects overweight by far... |
+ | If you are unsure if you are actually using this nameserver you may test it with a simple query on a command line. An example on Windows: |
||
− | Simple Test on a (Windows) command line: |
||
<pre> |
<pre> |
||
P:\>nslookup lagrotta4u.de 172.28.5.19 |
P:\>nslookup lagrotta4u.de 172.28.5.19 |
||
Zeile 33: | Zeile 36: | ||
</pre> |
</pre> |
||
− | Problematic names do resolve to one of the two piholes. |
+ | Problematic names do resolve to one of the two redundant piholes. See the corresponding screenshot for the effect inside a browser. |
Currently this system blocks 611000 (!) hosts by cumulating these lists: |
Currently this system blocks 611000 (!) hosts by cumulating these lists: |
||
Zeile 72: | Zeile 75: | ||
https://v.firebog.net/hosts/AdguardDNS.txt |
https://v.firebog.net/hosts/AdguardDNS.txt |
||
</pre> |
</pre> |
||
− | |||
− | |||
Version vom 17. November 2017, 11:31 Uhr
To reduce advertisement annoyances and the attack surface in our browsers I've installed "pihole".
If you want to give it a try set
172.28.5.19
as your DNS resolver. This must be done manually - due to possible side effects it cannot get configured automatically by DHCP.
Please note that this is a local-only (RFC1918) address and can only be used locally inside our LAN.
Besides some blacklists it uses our normal DNS-Servers to resolve all legit names, so no functionality is lost.
While I can not demonstrate the effect of lowering the risk by loading less junk I can show what a difference this blacklist makes regarding advertisement. I have put some screenshots here:
https://owncloud.gwdg.de/index.php/s/XvfxFhvu35H82Ak
The screenshots are taken with identical configured browsers on two machines at the exact same time but with/without pihole active.
Of course there are some problems with this approach:
- otherwise acceptable advertisement is blocked too
- some websites refrain to deliver content if ad-blocks are detected
- some websites do not work correctly if they can not load third party content
For _me_ the positive aspects overweight by far...
If you are unsure if you are actually using this nameserver you may test it with a simple query on a command line. An example on Windows:
P:\>nslookup lagrotta4u.de 172.28.5.19 Server: pihole.ifi.loc Address: 172.28.5.19 Name: lagrotta4u.de Address: 172.28.5.21
Problematic names do resolve to one of the two redundant piholes. See the corresponding screenshot for the effect inside a browser.
Currently this system blocks 611000 (!) hosts by cumulating these lists:
https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts https://mirror1.malwaredomains.com/files/justdomains http://sysctl.org/cameleon/hosts https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt https://hosts-file.net/ad_servers.txt https://hosts-file.net/exp.txt https://hosts-file.net/emd.txt https://hosts-file.net/psh.txt https://www.malwaredomainlist.com/hostslist/hosts.txt https://v.firebog.net/hosts/Airelle-hrsk.txt https://v.firebog.net/hosts/Shalla-mal.txt https://ransomwaretracker.abuse.ch/downloads/RW_DOMBL.txt https://ransomwaretracker.abuse.ch/downloads/LY_C2_DOMBL.txt https://ransomwaretracker.abuse.ch/downloads/CW_C2_DOMBL.txt https://ransomwaretracker.abuse.ch/downloads/TC_C2_DOMBL.txt https://ransomwaretracker.abuse.ch/downloads/TL_C2_DOMBL.txt http://www.networksec.org/grabbho/block.txt https://isc.sans.edu/feeds/suspiciousdomains_Medium.txt http://someonewhocares.org/hosts/hosts https://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt http://www.joewein.net/dl/bl/dom-bl.txt https://raw.githubusercontent.com/ZeroDot1/CoinBlockerLists/master/hosts https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/win10/spy.txt https://v.firebog.net/hosts/static/SamsungSmart.txt https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt https://v.firebog.net/hosts/Easyprivacy.txt https://hosts-file.net/ad_servers.txt https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt https://gist.githubusercontent.com/anudeepND/adac7982307fec6ee23605e281a57f1a/raw/5b8582b906a9497624c3f3187a49ebc23a9cf2fb/Test.txt https://v.firebog.net/hosts/Easylist.txt https://v.firebog.net/hosts/AdguardDNS.txt