Last active
November 28, 2019 09:42
-
-
Save ksylvan/b818b505cd02c5268af95d9386438571 to your computer and use it in GitHub Desktop.
Pi-Hole Config for pi-hole in Docker container
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # | |
| # After you start your Pi-Hole in a Docker container according | |
| # to this: https://github.com/diginc/docker-pi-hole | |
| # | |
| # NOTE: On the Mac, I had to add "-h $(scutil --get LocalHostName)" to | |
| # the "docker run" command. Otherwise, the Mac hostname was being reset | |
| # to the random hostname generated for the container. | |
| # | |
| # Run this to replicate Will's setup here: | |
| # https://hobo.house/2018/02/27/block-advertising-with-pi-hole-and-raspberry-pi/ | |
| # | |
| # Once this is running, you can visit http://localhost/admin and set the DNS | |
| # settings to CloudFlare's 1.1.1.1 servers. | |
| # | |
| docker exec -i pihole pihole -a -p < /dev/null | |
| ADD=$(docker exec -i pihole grep 'USER ADDED' /etc/pihole/adlists.list) | |
| if [ -z "$ADD" ]; then | |
| docker exec -i pihole tee -a /etc/pihole/adlists.list >/dev/null << EOF | |
| # USER ADDED: Additional block lists | |
| https://hosts-file.net/exp.txt | |
| https://hosts-file.net/emd.txt | |
| https://hosts-file.net/psh.txt | |
| https://v.firebog.net/hosts/Airelle-hrsk.txt | |
| https://v.firebog.net/hosts/Shalla-mal.txt | |
| https://ransomwaretracker.abuse.ch/downloads/RW_DOMBL.txt | |
| https://ransomwaretracker.abuse.ch/downloads/LY_C2_DOMBL.txt | |
| https://ransomwaretracker.abuse.ch/downloads/CW_C2_DOMBL.txt | |
| https://ransomwaretracker.abuse.ch/downloads/TC_C2_DOMBL.txt | |
| https://ransomwaretracker.abuse.ch/downloads/TL_C2_DOMBL.txt | |
| http://www.networksec.org/grabbho/block.txt | |
| https://isc.sans.edu/feeds/suspiciousdomains_Medium.txt | |
| http://someonewhocares.org/hosts/hosts | |
| https://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt | |
| http://www.joewein.net/dl/bl/dom-bl.txt | |
| https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/win10/spy.txt | |
| https://v.firebog.net/hosts/static/SamsungSmart.txt | |
| https://gist.githubusercontent.com/anudeepND/adac7982307fec6ee23605e281a57f1a/raw/5b8582b906a9497624c3f3187a49ebc23a9cf2fb/Test.txt | |
| https://raw.githubusercontent.com/StevenBlack/hosts/master/data/KADhosts/hosts | |
| https://reddestdream.github.io/Projects/MinimalHosts/etc/MinimalHostsBlocker/minimalhosts | |
| https://raw.githubusercontent.com/StevenBlack/hosts/master/data/add.Spam/hosts | |
| https://v.firebog.net/hosts/static/w3kbl.txt | |
| EOF | |
| fi | |
| docker exec -it pihole pihole -g | |
| docker exec -i pihole pihole -w youtu.be opensubtitles.org www.opensubtitles.org t.co | |
| docker exec -i pihole pihole -w pubsub.plex.tv plugins.plex.tv chapterdb.plex.tv cloudfront.net \ | |
| plex.direct csi.gstatic.com dl.opensubtitles.org speedvideo.net ton.twimg.com \ | |
| twimg.com chapterdb.plex.tv tinyurl.com bit.ly ton.twimg.com dropbox.com \ | |
| pubsub.plex.bz fonts.gstatic.com assets.adobedtm.com www.googletagmanager.com \ | |
| links.services.disqus.com ump.plex.tv meta.plex.tv goo.gl | |
| docker exec -i pihole pihole -b dxp.baidu.com hmma.baidu.com pasta.esfile.duapps.com \ | |
| neweegg.net config.a-mo.net nrc.tapas.net xpu.samsungelectronics.com \ | |
| upu.samsungelectronics.com dns.msftncsi.com bn2wns1b.wns.windows.com \ | |
| a-0001.a-msedge.net msnbot-65-52-108-90.search.msn.com a-0011.a-msedge.net \ | |
| bn2ap002.device.ra.live.com a.ads1.msn.com a.ads2.msn.com ad.doubleclick.net \ | |
| adnexus.net adnxs.com ads.msn.com ads1.msads.net ads1.msn.com \ | |
| az361816.vo.msecnd.net az512334.vo.msecnd.net ca.telemetry.microsoft.com \ | |
| cache.datamart.windows.com choice.microsoft.com corp.sts.microsoft.com \ | |
| choice.microsoft.com.nsatc.net choice.microsoft.com.nstac.net \ | |
| choice.microsoft.com.nstac.net compatexchange.cloudapp.net corp.sts.microsoft.com \ | |
| corpext.msitadfs.glbdns2.microsoft.com cs1.wpc.v0cdn.net \ | |
| db3wns2011111.wns.windows.com df.telemetry.microsoft.com \ | |
| diagnostics.support.microsoft.com fe2.update.microsoft.com.akadns.net \ | |
| fe3.delivery.dsp.mp.microsoft.com.nsatc.net feedback.microsoft-hohm.com \ | |
| feedback.search.microsoft.com feedback.windows.com i1.services.social.microsoft.com \ | |
| i1.services.social.microsoft.com.nsatc.net msnbot-207-46-194-33.search.msn.com \ | |
| oca.telemetry.microsoft.com oca.telemetry.microsoft.com.nsatc.net \ | |
| pre.footprintpredict.com preview.msn.com rad.msn.com \ | |
| redir.metaservices.microsoft.com reports.wes.df.telemetry.microsoft.com \ | |
| settings-sandbox.data.microsoft.com settings-win.data.microsoft.com \ | |
| settings.data.microsof.com sls.update.microsoft.com.akadns.net spynet2.microsoft.com \ | |
| spynetalt.microsoft.com sqm.df.telemetry.microsoft.com sqm.telemetry.microsoft.com \ | |
| sqm.telemetry.microsoft.com.nsatc.net ssw.live.com statsfe1.ws.microsoft.com \ | |
| statsfe2.update.microsoft.com.akadns.net statsfe2.ws.microsoft.com \ | |
| survey.watson.microsoft.com telecommand.telemetry.microsoft.com \ | |
| telecommand.telemetry.microsoft.com.nsatc.net telemetry.appex.bing.net \ | |
| telemetry.microsoft.com telemetry.urs.microsoft.com view.atdmt.com \ | |
| v10.vortex-win.data.microsoft.com vortex-sandbox.data.microsoft.com \ | |
| vortex-win.data.microsoft.com vortex.data.microsoft.com watson.live.com \ | |
| watson.microsoft.com watson.ppe.telemetry.microsoft.com \ | |
| watson.telemetry.microsoft.com watson.telemetry.microsoft.com.nsatc.net \ | |
| wes.df.telemetry.microsoft.com win10.ipv6.microsoft.com adservice.google.com \ | |
| ads.aws.viber.com stats.appsflyer.com adservice.google.ie referrer.disqus.com \ | |
| browser.pipe.aria.microsoft.com tracking.campaign-tracking-service.placelocal.com \ | |
| primoitaliablob.blob.core.windows.net srv.dc-1.net \ | |
| wdcpeurope.microsoft.akadns.net wdcp.microsoft.akadns.net | |
| docker exec -i pihole -wild bidr.io 88-f.net mythings.com | |
| docker exec -i pihole pihole -g | |
| cat <<EOF | |
| NOW set the DNS to 1.1.1.1: | |
| IPv4 DNS #1 -> 1.1.1.1 | |
| IPv4 DNS #2 -> 1.0.0.1 | |
| IPv6 DNS #1 -> 2606:4700:4700::1111 | |
| IPv6 DNS #2 -> 2606:4700:4007::1001 | |
| EOF |
@sadsfae Thanks. Made that change.
@ksylvan looks like the pihole -wild commands don't work quite right containerized.
rpc error: code = 2 desc = oci runtime error: exec failed: container_linux.go:247: starting container process caused "exec: \"-wild\": executable file not found in $PATH"
rpc error: code = 2 desc = oci runtime error: exec failed: container_linux.go:247: starting container process caused "exec: \"-wild\": executable file not found in $PATH"
rpc error: code = 2 desc = oci runtime error: exec failed: container_linux.go:247: starting container process caused "exec: \"-wild\": executable file not found in $PATH"
Running this manually it seems to break pi-hole as well, my guess is because of the way it's writing out to /etc/dnsmasq.d/03-pihole-wildcard.conf
root@2212eaa2d5ff:/# pihole -wild badterribledomain.com
[i] Adding badterribledomain.com to wildcard blacklist...
[i] Using cached Event Horizon list...
[i] 464997 unique domains trapped in the Event Horizon
[i] Number of blacklisted domains: 93
[i] Number of wildcard blocked domains: 1
[✓] Restarting DNS service
[✗] DNS service is NOT running
@ksylvan here's my updated blocklist as well below, I also made a modified gist that does what your script does pretty much here:
https://gist.github.com/sadsfae/ec07f4b227b91ccd9f13fec2902d67c7
Here's the blocklists
https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
https://mirror1.malwaredomains.com/files/justdomains
http://sysctl.org/cameleon/hosts
https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist
https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt
https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
https://hosts-file.net/ad_servers.txt
https://hosts-file.net/exp.txt
https://hosts-file.net/emd.txt
https://hosts-file.net/psh.txt
https://v.firebog.net/hosts/Airelle-hrsk.txt
https://v.firebog.net/hosts/Shalla-mal.txt
https://ransomwaretracker.abuse.ch/downloads/RW_DOMBL.txt
https://ransomwaretracker.abuse.ch/downloads/LY_C2_DOMBL.txt
https://ransomwaretracker.abuse.ch/downloads/CW_C2_DOMBL.txt
https://ransomwaretracker.abuse.ch/downloads/TC_C2_DOMBL.txt
https://ransomwaretracker.abuse.ch/downloads/TL_C2_DOMBL.txt
http://www.networksec.org/grabbho/block.txt
https://isc.sans.edu/feeds/suspiciousdomains_Medium.txt
http://someonewhocares.org/hosts/hosts
https://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt
http://www.joewein.net/dl/bl/dom-bl.txt
https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/win10/spy.txt
https://v.firebog.net/hosts/static/SamsungSmart.txt
https://gist.githubusercontent.com/anudeepND/adac7982307fec6ee23605e281a57f1a/raw/5b8582b906a9497624c3f3187a49ebc23a9cf2fb/Test.txt
https://raw.githubusercontent.com/StevenBlack/hosts/master/data/KADhosts/hosts
https://reddestdream.github.io/Projects/MinimalHosts/etc/MinimalHostsBlocker/minimalhosts
https://raw.githubusercontent.com/StevenBlack/hosts/master/data/add.Spam/hosts
https://v.firebog.net/hosts/static/w3kbl.txt
Cool. Thanks @sadsfae
So the additional lists for the adlist.list are these: (the first 7 lines are already in the setup by default).
https://hosts-file.net/exp.txt
https://hosts-file.net/emd.txt
https://hosts-file.net/psh.txt
https://v.firebog.net/hosts/Airelle-hrsk.txt
https://v.firebog.net/hosts/Shalla-mal.txt
https://ransomwaretracker.abuse.ch/downloads/RW_DOMBL.txt
https://ransomwaretracker.abuse.ch/downloads/LY_C2_DOMBL.txt
https://ransomwaretracker.abuse.ch/downloads/CW_C2_DOMBL.txt
https://ransomwaretracker.abuse.ch/downloads/TC_C2_DOMBL.txt
https://ransomwaretracker.abuse.ch/downloads/TL_C2_DOMBL.txt
http://www.networksec.org/grabbho/block.txt
https://isc.sans.edu/feeds/suspiciousdomains_Medium.txt
http://someonewhocares.org/hosts/hosts
https://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt
http://www.joewein.net/dl/bl/dom-bl.txt
https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/win10/spy.txt
https://v.firebog.net/hosts/static/SamsungSmart.txt
https://gist.githubusercontent.com/anudeepND/adac7982307fec6ee23605e281a57f1a/raw/5b8582b906a9497624c3f3187a49ebc23a9cf2fb/Test.txt
https://raw.githubusercontent.com/StevenBlack/hosts/master/data/KADhosts/hosts
https://reddestdream.github.io/Projects/MinimalHosts/etc/MinimalHostsBlocker/minimalhosts
https://raw.githubusercontent.com/StevenBlack/hosts/master/data/add.Spam/hosts
https://v.firebog.net/hosts/static/w3kbl.txt
And that looks like it's exactly what is added at line 23 of the script.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hey @ksylvan I also added this recently: