
All-in-One DNS block list - foray1010
https://github.com/EnergizedProtection/block
======
surround
How to make a block list:

1) Find a bunch of high-quality block lists on the internet which have been
painstakingly curated my their maintainers for many years

2) Combine it all into one big list. Tell everyone that you will quickly
whitelist any domains if they are causing breakage.

3) Once enough people start using your list, get an advertiser to pay you to
silently remove their domains. If anyone notices, just say it was to fix
breakage on some obscure site.

I’m not saying that Energized or StevenBlack are doing step 3, but please
realize that there are issues with using lists like these. Even if they aren’t
getting paid, they might still have some undesirable whitelisted domains. They
also deprive the original block list maintainers of views (meaning they might
be less inclined to continue maintaining them). You also won’t receive updates
from the lists as quickly because of the middle man.

If you are using Pi—hole, OPNsense, or any other tool which can run multiple
block lists simultaneously, I recommend taking a look at
[https://firebog.net](https://firebog.net) for a list of original-source block
lists.

~~~
stblack
I can see how it might seem that way — I'm Steven Black.

I can point to thousands of combined...

* issues [https://github.com/StevenBlack/hosts/issues?q=is%3Aissue+is%...](https://github.com/StevenBlack/hosts/issues?q=is%3Aissue+is%3Aclosed)

* ...pull requests... [https://github.com/StevenBlack/hosts/pulls?q=is%3Apr+is%3Acl...](https://github.com/StevenBlack/hosts/pulls?q=is%3Apr+is%3Aclosed)

* ... and commits [https://github.com/StevenBlack/hosts/commits/master](https://github.com/StevenBlack/hosts/commits/master)

...that indicate, it's not so easy.

The sources we use are all vetted. Some sources are remarkable in terms of
activity, and responsiveness to problems as they occur.

Overall I think this area is far more dynamic than many realize. Some good
people curate the lists we carry.

~~~
surround
I don’t mean to belittle your project -

Consolidated block lists like yours are still important for people who are
using the traditional etc/hosts file. I believe the Pihole project would like
to focus more on the software and less on the block lists - so they include
your list, which has a good track record of vetting sources and responding to
issues. I also appreciate that your project has produced its own original
block lists (which happen to be included on the Energized list and
firebog.net).

I just wish more people would use the original source when possible.

I dislike this Energized list, partly because I had a bad experience using one
of their non-primary lists which wasn’t well maintained, and partly because
their website ([https://energized.pro/](https://energized.pro/)) makes it
sound like a commercial product.

------
stblack
This repo has a 3-week track record, by one contributor.

Disclosure: Some of us have been actively curating such amalgamated lists for
a long time.
[https://github.com/StevenBlack/hosts](https://github.com/StevenBlack/hosts)

~~~
ciarannolan
What are the dangers of using a sketchy blocklist?

~~~
willis936
I'm no expert, but the most obvious answer is "you MITM yourself".

If there is a userbase for a list, they have to trust the list to not filter
out domains that shouldn't be filtered. I have a hard time thinking how this
could lead to hidden repercussions, other than some security flaw that is only
exploitable when some subset of requests go through.

~~~
ciarannolan
Perhaps they can point a particular host to a malicious IP rather than
"0.0.0.0". In a list of several hundred thousand domains, you wouldn't be able
to notice this manually.

ex., make Bank of America resolve to a phishing site rather than the real BoA
IP.

Pi-Hole and others might check for this though, I don't know.

~~~
willis936
I am under the impression that the blocklist programs (such as ublock origin
or pi-hole) do not have an option to redirect to anything other than the void.
I can only see downsides to allowing this.

~~~
contravariant
Actually ublock-origin has some options to replace Javascripts with custom
(presumably _less_ intrusive) scripts. Although I don't think 3rd party lists
can do this.

Anyway the repository in this post also provides host files, which most
definitely _can_ redirect you to malicious IPs.

Edit: Turns out 3rd party block lists _can_ use the redirect feature but only
to Ublock Origin managed resources:
[https://github.com/gorhill/uBlock/wiki/Resources-
Library](https://github.com/gorhill/uBlock/wiki/Resources-Library)

------
praveenweb
I have been using NextDNS with a few block lists configured at the router
level and device level.

The internet experience has improved a lot since ads and trackers are blocked
system wide.

A few block lists that I would recommend:

1\. Steven Hosts -
[https://github.com/StevenBlack/hosts](https://github.com/StevenBlack/hosts)

2\. Adguard DNS -
[https://github.com/AdguardTeam/AdguardSDNSFilter](https://github.com/AdguardTeam/AdguardSDNSFilter)

3\. disconnect.me

The amount of DNS requests made silently in the background is astonishing
across all devices.

~~~
Etheryte
I'm also using NextDNS and one thing that's a huge boon for me is that the
default free tier covers my use case insanely well. Given the statistics for
the last 3 months I seem to consistently fly under the free tier limit but if
I ever do hit it, it will just default back to a regular DNS. A very user-
friendly approach and I hope they keep it as they grow.

~~~
rsyring
The other option would be to pay them. :) It's great service and pretty
inexpensive, why not support them?

~~~
symfoniq
Agreed. They couldn't take my $20 fast enough. Such a great service.

------
bertman
I really appreciate projects like this because I'm sure keeping these lists
up-to-date is not an easy task, and many people benefit from the efforts.

That said: maybe it's just me, but I find their website[1] a bit...strange?

It looks like one of those SAAS startup landing pages, you can pick your "pack
of block list" ranging from "Tru lite" to "XTreme" etc...

Or maybe it's supposed to be ironic and I just don't get it :) [1]
[https://energized.pro/](https://energized.pro/)

~~~
r1ch
Ironically their website doesn't work if you block 3rd party JS due to
Cloudflare.

~~~
cptskippy
I abandoned NoScript because I felt like I spent more time whitelisting JS
than browsing the web and other people just couldn't borrow my browser.

NoScript really needs the ability to whitelist a TLD for providers like
cloudflare.

~~~
aroch
They do? You can globally whitelist urls

~~~
Mathnerd314
The issue for Cloudflare is whitelisting the DDoS protection script included
on each page. It's under a lot of URLs so it would have to be content-based.

------
lightswitch05
Looks like my lists are intended to be included, but it was linking to the raw
Github source instead of the hosted Github pages version. I went through a
major refactor 21 days ago that moved my sources lists around a bit - but
preserved the links that are supplied all over the README and the Github
hosted pages. So, not only is the project linking to the wrong place, but my
list has been broken in it for 21 days now without notice.

Its fine that people love creating these massive all-in-one lists. But I
recommend just using the sources directly. That way, if a list gives you
trouble, you know who to open a ticket with, or just disable that specific
list if its too aggressive for your tastes.

My lists:
[https://www.github.developerdan.com/hosts/](https://www.github.developerdan.com/hosts/)

------
Wronnay
I am pretty happy with
[https://www.reddit.com/r/oisd_blocklist/](https://www.reddit.com/r/oisd_blocklist/)
as a All-in-One Solution ...

~~~
chance_state
I use this with my Pi-Hole. Works very well. Along with a few other lists the
Pi-Hole blocks about 30% of requests with almost no changes on the user end.

------
foobar_
Fundamentally D.N.S is a naming system but each site has a separate naming
system via user names.

Something like this should also be applicable for social networks as well. I
found this for twitter -
[https://blocktogether.org/](https://blocktogether.org/) not sure if it is
possible for others like facebook.

------
rndomsrmn
Also a ref to: [https://github.com/notracking/hosts-
blocklists](https://github.com/notracking/hosts-blocklists)

They have a public whitelist and updates are pushed on a daily basis.

------
dastx
Is there any tools out there that I can use to generate my own aggregated
lists from a set of other blocklists?

Ideally it leverages things like GitHub Actions (or another CI tool) + GH
Pages/GH releases/Netlify to relief the burden of having to host it myself.

The reason for this is so that I can use NetGuard, which allows for only 1
blocklist. Currently I'm flipping between Blokada and DNS66 because they allow
for multiple lists.

------
bluedino
I've been using blockslists from a couple github repositories for a long time,
heck probably since they were found on regular web pages.

They work pretty good, but can be a little cumbersome to turn off or to enable
certain domains from time to time (such as when a site has so many ads it
breaks the site). But the increases safety and speed while surfing is well
worth it.

------
jedisct1
Some other blacklists here: [https://github.com/dnscrypt/dnscrypt-
proxy/wiki/Public-black...](https://github.com/dnscrypt/dnscrypt-
proxy/wiki/Public-blacklists)

Along with a script that aggregates data from multiple lists, removes
duplicates/overlaps, whitelists, etc.

------
3ace
right now I actively using [https://doh.tiar.app](https://doh.tiar.app)
maintained by my friend
[https://twitter.com/pengelana/](https://twitter.com/pengelana/)

------
goldfix
Alternative client to update your hosts file:
[https://github.com/goldfix/pigHosts](https://github.com/goldfix/pigHosts)

------
balboah
This list can be used on Android or iOS by downloading the Blokada app

------
depressedCorgi
Very cool, I’m gonna try this out with PiHole.

------
op03
Are there any Firefox, Ubuntu ppl around? Can you guys bake this stuff (host
blacklists) into browser, os autoupdates?

~~~
Havoc
If you're familiar with *nix stuff I'd suggest just run a pi-hole.

~~~
chrisan
if youre not familiar I would suggest it too :)

I've gotten a few friends started on pi hole and ended up with minecraft
servers, free nas, kodi, and retropi

