-
-
Save ckuethe/f71185f604be9cde370e702aa179fc2e to your computer and use it in GitHub Desktop.
# Here are some domains I block to interfere with DNS-over-HTTPS, so that my own DNS-based security schemes work. | |
# If you're going to be doing this, you should probably block all outbound 53, 853, and 5353 on your network, | |
# except from your own internal DNS resolver (eg. pihole) | |
# | |
# Data from https://github.com/curl/curl/wiki/DNS-over-HTTPS (and other places) | |
1a.ns.ozer.im | |
8888.google | |
aattwwss.duckdns.org | |
abel.waringer-atg.de | |
a-bld.sys-adm.in | |
ad1.heronet.nl | |
adblock.doh.mullvad.net | |
adblock.mydns.network | |
addns.jpr.space | |
adgaurd.lingmont.net | |
adg.geili.me | |
adg.jnorton.us | |
adguard1.jsanagustin.net | |
adguard1.leadmon.net | |
adguard.ambiya.net | |
adguard.avdkishore.dev | |
adguard.beliefanx.cn | |
adguard.bitteeinbyte.de | |
adguard.dekonix.ru | |
adguard.depieri.net | |
adguard.dessoi.cloud | |
adguard-dns.rouga.ch | |
adguard.dtness.com | |
adguard.ef67daisuki.club | |
adguard.ender.fr | |
adguard.firestrike-services.de | |
adguard.frece.de | |
adguard.gbrossi.com.br | |
adguard.haneulo.com | |
adguardh.ga | |
adguard.ihatemy.live | |
adguard.jfchenier.ca | |
adguard.josephyap.me | |
adguard.jpjb.net | |
adguard.korks.tk | |
adguard.laurenlaufman.com | |
adguard.lege.despagne.net | |
adguard.lspcr.space | |
adguard.meddy94.de | |
adguard.mokocup.cf | |
adguard.piekacz.pl | |
adguard.rabmoor.cz | |
adguard.randomaizer.lentel.ru | |
adguard.richardapplegate.io | |
adguard.shuting.idv.tw | |
adl.adfilter.net | |
ag.ff0x.ca | |
ag.ssrahul96.xyz | |
aihe.app | |
airmaxcloud.ml | |
ant.dns.qwer.pw | |
apne1.dns.terumi.club | |
applied-privacy.net | |
area51.mywire.org | |
armorrush.eu.org | |
au01.dns4me.net | |
au02.dns4me.net | |
awan.ftp.sh | |
axaxa.fun | |
basic.rethinkdns.com | |
bcandrade.ml | |
blackhole.gugainfo.com.br | |
blackhole.myon.lu | |
bld.sys-adm.in | |
blitz.ahadns.com | |
block.abstergo.it | |
blockerads.multimediaconcept.fr | |
bluemood.me | |
ca01.dns4me.net | |
ca02.dns4me.net | |
canadianshield.cira.ca | |
captnemo.in | |
c.cicitt.ch | |
cdzopi.duckdns.org | |
chewbacca.meganerd.nl | |
cintra.ml | |
clientdns3.softcom.net | |
cloudflare-dns.com | |
cloudns.bosco.ovh | |
cloud.tezoi.com | |
cluster-0.gac.edu | |
cluster-1.gac.edu | |
commons.host | |
cossxiu.ga | |
cvt-ic-us-adns-001.clearviewtechnology.net | |
d.apemlegit.my.id | |
darkness.is.my.waifu.cz | |
dart.kpsn.org | |
de.teradns.org | |
dgca.myds.me | |
digitale-gesellschaft.ch | |
dns01.flm9.net | |
dns0.eu | |
dns.0ooo.icu | |
dns0.tardishost.ru | |
dns10.quad9.net | |
dns11.quad9.net | |
dns1.adrianion.eu | |
dns1.dnscrypt.ca | |
dns1.in-berlin.de | |
dns1.irumatech.com | |
dns1.tardishost.ru | |
dns2.afastserver.com | |
dns2.cbio.top | |
dns.52306.org | |
dns.5ososea.com | |
dns64.cloudflare-dns.com | |
dns64.dns.google | |
dns.7vpn.com | |
dns.886886886.xyz | |
dns8.org | |
dns9999.duckdns.org | |
dns9.quad9.net | |
dns.aaflalo.me | |
dns.aa.net.uk | |
dns.aaytorr.com | |
dns.adguard.com | |
dns.adrianlam.com | |
dns.alidns.com | |
dns.alloxr.info | |
dns.almir1904.eu | |
dns.amigo-mgn.ru | |
dns.andrewnw.xyz | |
dns.apigw.online | |
dns.artikel10.org | |
dns.b33.space | |
dns.b612.me | |
dns.bebasid.com | |
dns.belnet.be | |
dns.benpro.fr | |
dns.bitdefender.net | |
dns.blokada.org | |
dns.bobstrecansky.com | |
dns.brahma.world | |
dns.brian-hong.tech | |
dns.bw.i81.ru | |
dns.carson-family.com | |
dns.chenu.ch | |
dns.chromeina.top | |
dns.circl.lu | |
dns.clanless.ovh | |
dns.comeonjames.club | |
dns.comss.one | |
dns.connect.fail | |
dns.containerpi.com | |
dns.cwlys.com | |
dns.d365.in | |
dns.d94.xyz | |
dns.d96.info | |
dns.daw.dev | |
dns.decloudus.com | |
dns.deekshith.in | |
dns.dgea.fr | |
dns.digitale-gesellschaft.ch | |
dns.digitalsize.net | |
dns.dnshome.de | |
dns.dns-over-https.com | |
dns.dnsoverhttps.net | |
dns.dnswarden.com | |
dns-doh.dnsforfamily.com | |
dns.dutchwhite.nl | |
dns-east.tylerwahl.com | |
dns.edison42.dev | |
dns.elemental.software | |
dns.ellichua.com | |
dns.emiliyan.com | |
dnsenc.com | |
dns.esegece.com | |
dns.extrawdw.net | |
dns.familiamichels.com.br | |
dns-family.adguard.com | |
dns-family.esegece.com | |
dns.fancyorg.at | |
dns.faze.dev | |
dns.filipccz.eu | |
dns.flatuslifir.is | |
dns.flymc.cc | |
dnsforge.de | |
dns.froth.zone | |
dns.gnb09.id | |
dns.google | |
dns.google.com | |
dns.ha-dvin.pp.ua | |
dns.hafidzradhival.my.id | |
dns.hahnjo.de | |
dns.hanmey.de | |
dns.haoxuan.xyz | |
dns.hee.ink | |
dns.herkhof.nl | |
dns.hinet.net | |
dns.hostux.net | |
dns.iamninja.ru | |
dns.ikataruto.com | |
dns.imaicool.com | |
dns.indust.me | |
dns.invisv.com | |
dns.ipv6dns.com | |
dns.itdept.pro | |
dns.joaofidelix.com.br | |
dns.jucker.engineering | |
dns.kamilszczepanski.com | |
dns.karl.one | |
dns.kawa.tf | |
dns.kernel-error.de | |
dns.kescher.at | |
dns.keweon.center | |
dns.lars-lehmann.net | |
dns.linkr.ninja | |
dnslow.me | |
dns.lsho.top | |
dns.maolaohei.xyz | |
dns.meeo.win | |
dns.mgiptvpro.ml | |
dns.mikeliu.org | |
dns.mipauns.com | |
dns.molinero.dev | |
dns.moog.sh | |
dns.moonssif.com | |
dns.msxnet.ru | |
dns.murgi.de | |
dns.muxinghe.cn | |
dns.mzrme.cn | |
dns.nas-server.ru | |
dns.neubsi.at | |
dns.nextdns.io | |
dns.nhtsky.com | |
dns.njal.la | |
dnsnl.alekberg.net | |
dnsnl-noads.alekberg.net | |
dns.norvig.dk | |
dns.novali.date | |
dns.novg.net | |
dns.nullgate.net | |
dns.nullrecon.com | |
dns-nyc.aaflalo.me | |
dns.ofdoom.net | |
dns.opendns.com | |
dns.opnsource.com.au | |
dns.paesa.es | |
dns.panszelescik.pl | |
dns.porteii.com | |
dns.privilab.net | |
dns.pub | |
dns.quad9.net | |
dns.rafn.is | |
dns.reckoningslug.name | |
dns.rin.sh | |
dns.ronc.ru | |
dns.rotunneling.net | |
dns.rubyfish.cn | |
dnsse.alekberg.net | |
dns-secondary.cloudnx.cloud | |
dns.sellan.fr | |
dnsse-noads.alekberg.net | |
dnsserver.mailchan.eu | |
dns.shecan.ir | |
dns.shimul.me | |
dns.silen.org | |
dns.silentlybren.com | |
dns.siry.de | |
dns.skrep.eu | |
dns.slinkyman.net | |
dns.spil.co.id | |
dns.startupstack.tech | |
dns.stvsk.ml | |
dns.surfshark.com | |
dns.switch.ch | |
dns.syaifullah.com | |
dns.t53.de | |
dns.techcpu.net | |
dns.telekom.de | |
dns.therifleman.name | |
dns.tls-data.de | |
dnstls.mobik.com | |
dns.truong.fi | |
dns.twnic.tw | |
dns.umbrella.com | |
dns.unerror.network | |
dns.vinnyp.xyz | |
dns.vmath.my.id | |
dnsvps.familiamv.ml | |
dns.wakgood.net | |
dns.youni.win | |
dns.zfsystem.tech | |
dog.dns.qwer.pw | |
doh003.280blocker.net | |
doh-01.spectrum.com | |
doh-02.spectrum.com | |
doh1.b-cdn.net | |
doh2.gslb2.xfinity.com | |
doh-2.seby.io | |
doh.360.cn | |
doh.42l.fr | |
doh.applied-privacy.net | |
doh.armadillodns.net | |
doh.beauty | |
doh.boje8.me | |
doh.bortzmeyer.fr | |
doh.bt.com | |
doh.buzz | |
doh.captnemo.in | |
doh.ccb-net.it | |
doh.centraleu.pi-dns.com | |
doh-ch.blahdns.com | |
doh.cleanbrowsing.org | |
doh.cloud-sekeng.com | |
doh.crypto.sx | |
doh.datacore.ch | |
doh.datahata.by | |
doh-de.blahdns.com | |
doh.disconnect.app | |
doh.dns4all.eu | |
doh.dns.apple.com | |
doh.dnslify.com | |
doh.dns.sb | |
dohdot.coxlab.net | |
doh.dscloud.me | |
doh.eastus.pi-dns.com | |
doh.familyshield.opendns.com | |
doh.ffmuc.net | |
doh-fi.blahdns.com | |
doh.futa.gg | |
doh.gcp.pathofgrace.com | |
doh.ibr.cs.tu-bs.de | |
doh.iucc.ac.il | |
doh.jeroenhd.nl | |
doh-jp.blahdns.com | |
doh.killtw.im | |
doh.lacontrevoie.fr | |
doh-lb-atl.dnsflex.com | |
doh-lb-br.dnsflex.com | |
doh-lb-ca-tor.dnsflex.com | |
doh-lb-de.dnsflex.com | |
doh-lb-gb.dnsflex.com | |
doh-lb-in.dnsflex.com | |
doh-lb-sg.dnsflex.com | |
doh-lb-tr.dnsflex.com | |
doh.li | |
doh.libredns.gr | |
doh.luigi.nexific.it | |
doh.lujiacai.top | |
doh.lv | |
doh.mullvad.net | |
doh.nic.lv | |
doh.niyawe.de | |
doh.nl.ahadns.net | |
doh.northeu.pi-dns.com | |
doh.onedns.net | |
doh.opendns.com | |
doh.powerdns.org | |
doh-primary-pool.detoxifypornblocker.com | |
doh.pyry.me | |
doh.rezhajul.io | |
doh.safesurfer.io | |
doh.sb | |
doh.seby.io | |
doh-sg.blahdns.com | |
doh.syshero.org | |
doh.tiarap.org | |
doh.tiar.app | |
doh.totoro.pub | |
dohtrial.att.net | |
doh.westus.pi-dns.com | |
doh.xcom.pro | |
doh.xfinity.com | |
do.shimul.me | |
dotdns.cryptroute.com | |
doth.huque.com | |
d.toairs.com | |
dukun.de | |
easyhandshake.com | |
echoe1yidzu4ioo5.myfritz.net | |
edgy-dns.com | |
esel.stusta.mhn.de | |
eu1.dns.lavate.ch | |
eweyo.duckdns.org | |
example.doh.blockerdns.com | |
externalmobiel.lekdijk.online | |
family.5ososea.com | |
family.canadianshield.cira.ca | |
family.cloudflare-dns.com | |
felipefalcao.me | |
fi.doh.dns.snopyta.org | |
findmethedns.info | |
fra1.eyecay.xyz | |
fr-dns1.bancuh.com | |
freedns.controld.com | |
freedom.mydns.network | |
free.shecan.ir | |
frog.dns.qwer.pw | |
fuchur.pentament.de | |
galileo.math.unipd.it | |
gateway.fomichev.cloud | |
gclouddns.com | |
groupy.ga | |
guard.sntrk.ru | |
gustamadh.dynv6.net | |
gztech.me | |
hitian.me | |
hk2.ooroot.com | |
hole.elbschloss.xyz | |
home27.duckdns.org | |
home.dlinkddns.com | |
home.marcrnt.de | |
ibksturm.synology.me | |
ibuki.cgnat.net | |
ihctw.synology.me | |
ines.zfn.uni-bremen.de | |
intertop.link | |
iris.woozeno.eu | |
irre.li | |
jackyes.ovh | |
jcdns.fun | |
jp2.ooroot.com | |
jp.68360612.xyz | |
jp-dns1.bancuh.com | |
jpdns.cola16.app | |
jp.dns.ikataruto.com | |
jp.kano.sh | |
jp.tiarap.org | |
jp.tiar.app | |
jurre-home.duckdns.org | |
kaitain.restena.lu | |
karimdns.com | |
keithchung.hopto.org | |
kennethhuang.com | |
kids.5ososea.com | |
kids.dns0.eu | |
korzhov.dev | |
kr1.ooroot.com | |
kr2.ooroot.com | |
kr.pigs.eu.org | |
krtekvpn.duckdns.org | |
kswro.web.id | |
lastentarvike.fi | |
leecurrylawfirm.com | |
lindung.pp.ua | |
lion.dns.qwer.pw | |
lion.yazilimatolye.com | |
mail.data.haus | |
mailer.amlegion.org | |
mainframe.dewed.de | |
masters-of-cloud.de | |
mozilla.cloudflare-dns.com | |
msr177.com | |
muc-ns01.ibytex.systems | |
muli.stusta.mhn.de | |
n0.eu | |
n.3363.net | |
n5.lsasss.com | |
nas1403.duckdns.org | |
ninny.duckdns.org | |
ns.00dani.me | |
ns1.1899.com.mx | |
ns1.dotls.org | |
ns1.flodns.net | |
ns1.qquack.org | |
ns2.1899.com.mx | |
ns2.flodns.net | |
ns3.bit-trail.nl | |
ns3.com | |
ns3.cx | |
ns3.link | |
n-wan.dynv6.net | |
ny.teradns.org | |
nz01.dns4me.net | |
o1.lt | |
odvr.nic.cz | |
odvr.nic.cz | |
one.one.one.one | |
open.dns0.eu | |
opennic1.eth-services.de | |
opennic.i2pd.xyz | |
oraclejp2.chungyu.com | |
orau.lz0724.com | |
ordns.he.net | |
o.rsaikat.com | |
osefcorp.duckdns.org | |
pdns.faelix.net | |
per.adfilter.net | |
pi1.node15.com | |
pihole1.hoerli.net | |
pihole2.hoerli.net | |
pihole3.hoerli.net | |
pihole4.hoerli.net | |
pihole.aws.ketan.dev | |
pihole.datamatter.co.za | |
pope.cnblw.me | |
premiumtier-network.instadart.net | |
private.canadianshield.cira.ca | |
project-evoex.de | |
pro.shecan.ir | |
protected.canadianshield.cira.ca | |
ps1.modr.club | |
public.dns.iij.jp | |
punono.duckdns.org | |
puredns.org | |
qlf-doh.inria.fr | |
r1bnc.com | |
rayneau.fr | |
rdjdns.ajraspi.xyz | |
rdns.faelix.net | |
res-acst1.absolight.net | |
res-acst2.absolight.net | |
res-acst3.absolight.net | |
resolver1.absolight.net | |
resolver2.absolight.net | |
resolver3.absolight.net | |
resolver-eu.lelux.fi | |
resolver.noaddns.com | |
resolver.r0cket.net | |
resolver.rferee.dev | |
resolver.unstoppable.io | |
rjmva.com | |
sa01.dns4me.net | |
safe.kswro.web.id | |
safeservedns.com | |
sagutxustech.com | |
sbdns.co.in | |
sby-doh.limotelu.org | |
secure.avastdns.com | |
securedns.vendorvista.xyz | |
securenet.mhsystems.net | |
secure.onedns.cc | |
security.cloudflare-dns.com | |
sg01.dns4me.net | |
sg2.ooroot.com | |
sg-dns1.bancuh.com | |
sgpcloud.duckdns.org | |
sg.teradns.org | |
shalenkov.dev | |
shield.afixer.app | |
sink.nolo.ltd | |
sitdns.com | |
sky.rethinkdns.com | |
surt.ml | |
syd.adfilter.net | |
t2c.240130034.xyz | |
testaghome.meshkov.info | |
thanos.pleumkungz.com | |
tiger.dns.qwer.pw | |
timmes.nl | |
tj.jamesxue.xyz | |
tk31z.com | |
tlz.asia | |
toaster.lol | |
tor.vasi.li | |
ttag.dns.nomu.pw | |
tuandns.duckdns.org | |
tungdnsne.duckdns.org | |
tw2.ooroot.com | |
tx.teradns.org | |
typaza.com | |
ueni.dyndns.org | |
uk01.dns4me.net | |
unfiltered.adguard-dns.com | |
unixfox.duckdns.org | |
us01.dns4me.net | |
us02.dns4me.net | |
us1.blissdns.net | |
us-ny-alula.heliumcloud.cc | |
virga.pp.ua | |
vm.mytm.cc | |
vvmm.me | |
wantaquddin.com | |
www.c-dns.com | |
www.dnsadguard.co.uk | |
www.elshad-adgh-dns.ru | |
www.ggrbb.xyz | |
www.morbitzer.de | |
www.muxyuji.ru | |
xenergy.cc | |
xray.krnl.eu | |
yarp.lefolgoc.net | |
ychen.cf | |
ychen.ga | |
yovbak.com | |
zero.dns0.eu | |
zrh1-ns01.monzoon.net | |
zxcvb.pp.ua |
Thanks. I'll probably review the list of DOH servers soon; for my purposes it doesn't hurt to have these names in my block list, whether or not they're in use.
Nice! Thank you!
Could you please move this to a Git repository so updates can be pulled from a static address.
https://gist.githubusercontent.com/ckuethe/f71185f604be9cde370e702aa179fc2e/raw/ always points to the most current version - just delete the stuff after /raw/
. That trick works best for any gist with a single file
This was really helpful. Thank you.
https://github.com/curl/curl/wiki/DNS-over-HTTPS
List of over 500 DoH domain you can block. A script to scrape all the domains on that list is at the bottom.
Thank you @serendrewpity
How would you use this scrape tool to generate the text file? Can you put this on GIT to make it accessible for us n00bs?
HI
Do we have any list like this for website categories?
Thank you
Hello 2024, I am attempting to make this more streamlined. Please help me make this the best DoH pihole blocklist: https://github.com/Bryantdl7/pihole-blocklists/blob/main/dns-https-block.txt
Hello 2024, I am attempting to make this more streamlined. Please help me make this the best DoH pihole blocklist: https://github.com/Bryantdl7/pihole-blocklists/blob/main/dns-https-block.txt
If you're going to do a wildcard on apple-dns, you might want to do a wildcard on doh.*
, dns*
and any other obvious patterns.
You'll still need to block communications to any resolver from anything other than your intended internal DNS. Chromecasts, for example, are hard-wired to google dns. A few other things will also try to fall back to public resolvers if they get NXDOMAIN or whatever from DHCP DNS.
Not sure if you are still keeping this list updated, but if so, here are some that need to be removed.
The DNS query name does not exist: fi.doh.dns.snopyta.org. [for Block_DOH]
The DNS query name does not exist: adblock.mydns.network. [for Block_DOH]
The DNS query name does not exist: dns.containerpi.com. [for Block_DOH]
The DNS query name does not exist: dns.flatuslifir.is. [for Block_DOH]
The DNS query name does not exist: doh.armadillodns.net. [for Block_DOH]