/dns-blocklists

DNS-Blocklists: For a better internet - keep the internet clean!

MIT LicenseMIT

GitHub last commitGitHub issuesGitHub closed issuesHitsshields.io Stars

DNS Blocklists - For a better internet!

Made with 💓 for a safer and cleaner internet!

Table of Contents

  1. Overview
  2. Multi light - Hand brush: Light protection
  3. Multi normal - Broom: All-round protection
  4. Multi pro - Big broom: Extended protection
  5. Multi pro++ - Sweeper: Maximum protection (more aggressive)
  6. Multi ultimate - Ultimate Sweeper: Aggressive protection
  7. Fake - Protects against internet scams, traps & fakes!
  8. Threat Intelligence Feeds - Increases security significantly!
  9. DoH/VPN/TOR/Proxy Bypass - Prevent methods to bypass your DNS!
  10. Safesearch not supported - Prevent the use of search engines that do not support safesearch!
  11. Dynamic DNS - Protects against the malicious use of dynamic DNS services!
  12. Badware Hoster - Protects against the malicious use of free host services!
  13. Most Abused TLDs - Protects against known malicious Top Level Domains!
  14. Personal - My manually maintained blacklist
  15. Native Tracker - Broadband tracker of devices, services and operating systems
  16. Credits
  17. Supporter - Leave a star (top right)!
  18. Recommendation
  19. Online DNS Services: RethinkDNS / DNSforge / DNSwarden / AdGuardDNS / ControlD / NextDNS
  20. About / Referral Domains / Support Me
  21. Sources/Statistics
  22. Raw data collection - Data collection to generate the DNS blocklists

Multi - Cleans the Internet and protects your privacy!

An all in one DNS blocklist in various versions (light, normal, pro, pro++ and ultimate). It can be used as a stand alone blocklist. For every region. Blocks ads, affiliate, tracking, metrics, telemetry, fake, phishing, malware, scam, coins and other "crap". Based on various blocklists.

Multi blocklist version and size overview:

Version Hosts Pro++ Pro Normal Light Fake TIF Personal
Light 272872
131966
= X P X
Normal 959393
315068
= X X P X
Pro 1252994
458446
= X X X P X
Pro++ 1367158
475428
++ X X X P X
Ultimate 2076164
823377
++ X X X X X X

X = contains the named lists in the column header
P = partially contains the named list in the column header
++ = more sources, more aggressive


Multi LIGHT - Light protection

Hand brush - Cleans the Internet and protects your privacy! Blocks Ads, Tracking, Metrics, some Malware and Fake.

Entries: 272872 domains/hosts - 131966 compressed domains | Sources/Statistics

Format Link Can be used for
Domains RAW PiHole, Blocky, eBlocker, Diversion, OpenSnitch, PersonalDNSfilter, pfBlockerNG, PersonalBlocklist, TechnitiumDNS
Hosts RAW Blocky, eBlocker, AdAway, uMatrix, DNS66, GasMask, HostFileEditor, OpenSnitch, NetGuard, TechnitiumDNS
Adblock RAW AdGuard, AdGuard Home, eBlocker, uBlock, AdBlock, AdBlock Plus, Opera, Vivaldi, Brave
Unbound RAW Unbound
DNSMasq RAW DNSMasq
Wildcard RAW DNSCrypt, DNSCloak, YogaDNS, ...
RPZ RAW Response Policy Zone

Multi NORMAL - All-round protection

Broom - Cleans the Internet and protects your privacy! Blocks Ads, Affiliate, Tracking, Metrics, Telemetry, Phishing, Malware, Scam, Fake, Coins and other "Crap".

Entries: 959393 domains/hosts - 315068 compressed domains | Sources/Statistics

Format Link Can be used for
Domains RAW PiHole, Blocky, eBlocker, Diversion, OpenSnitch, PersonalDNSfilter, pfBlockerNG, PersonalBlocklist, TechnitiumDNS
Hosts RAW Blocky, eBlocker, AdAway, uMatrix, DNS66, GasMask, HostFileEditor, OpenSnitch, NetGuard, TechnitiumDNS
Adblock RAW AdGuard, AdGuard Home, eBlocker, uBlock, AdBlock, AdBlock Plus, Opera, Vivaldi, Brave
Unbound RAW Unbound
DNSMasq RAW DNSMasq
Wildcard RAW DNSCrypt, DNSCloak, YogaDNS, ...
RPZ RAW Response Policy Zone

Multi PRO - Extended protection (Recommended)

Big broom - Cleans the Internet and protects your privacy! Blocks Ads, Affiliate, Tracking, Metrics, Telemetry, Phishing, Malware, Scam, Fake, Coins and other "Crap".

Entries: 1252994 domains/hosts - 458446 compressed domains | Sources/Statistics

Format Link Can be used for
Domains RAW PiHole, Blocky, eBlocker, Diversion, OpenSnitch, PersonalDNSfilter, pfBlockerNG, PersonalBlocklist, TechnitiumDNS
Hosts RAW Blocky, eBlocker, AdAway, uMatrix, DNS66, GasMask, HostFileEditor, OpenSnitch, NetGuard, TechnitiumDNS
Adblock RAW AdGuard, AdGuard Home, eBlocker, uBlock, AdBlock, AdBlock Plus, Opera, Vivaldi, Brave
Unbound RAW Unbound
DNSMasq RAW DNSMasq
Wildcard RAW DNSCrypt, DNSCloak, YogaDNS, ...
RPZ RAW Response Policy Zone

Multi PRO++ - Maximum protection

Sweeper - Aggressive cleans the Internet and protects your privacy! Blocks Ads, Affiliate, Tracking, Metrics, Telemetry, Phishing, Malware, Scam, Fake, Coins and other "Crap".

More aggressive version of the Multi PRO blocklist. It may contain few false positive domains that limit functionality. Therefore it should only be used by experienced users. Furthermore, an admin should be available to unblock incorrectly blocked domains. Reported false positive domains will be removed from the list!

Entries: 1367158 domains/hosts - 475428 compressed domains | Sources/Statistics

Format Link Can be used for
Domains RAW PiHole, Blocky, eBlocker, Diversion, OpenSnitch, PersonalDNSfilter, pfBlockerNG, PersonalBlocklist, TechnitiumDNS
Hosts RAW Blocky, eBlocker, AdAway, uMatrix, DNS66, GasMask, HostFileEditor, OpenSnitch, NetGuard, TechnitiumDNS
Adblock RAW AdGuard, AdGuard Home, eBlocker, uBlock, AdBlock, AdBlock Plus, Opera, Vivaldi, Brave
Unbound RAW Unbound
DNSMasq RAW DNSMasq
Wildcard RAW DNSCrypt, DNSCloak, YogaDNS, ...
RPZ RAW Response Policy Zone

Multi ULTIMATE - Aggressive protection

Ultimate Sweeper - Strictly cleans the Internet and protects your privacy! Blocks Ads, Affiliate, Tracking (+Referral), Metrics, Telemetry, Phishing, Malware, Scam, Free Hoster, Fake, Coins and other "Crap".

Stricter version of the Multi PRO++ blocklist. It may contain false positive domains that limit functionality. Therefore it should only be used by experienced users. Furthermore, an admin should be available to unblock incorrectly blocked domains. Reported false positive domains will be removed from the list!

Entries: 2076164 domains/hosts - 823377 compressed domains | Sources/Statistics

Format Link Can be used for
Domains RAW PiHole, Blocky, eBlocker, Diversion, OpenSnitch, PersonalDNSfilter, pfBlockerNG, PersonalBlocklist, TechnitiumDNS
Hosts RAW Blocky, eBlocker, AdAway, uMatrix, DNS66, GasMask, HostFileEditor, OpenSnitch, NetGuard, TechnitiumDNS
Adblock RAW AdGuard (oversized, limited to 535000 rules!), AdGuard Home, eBlocker, uBlock, AdBlock, AdBlock Plus, Opera, Vivaldi, Brave
Unbound RAW Unbound
DNSMasq RAW DNSMasq
Wildcard RAW DNSCrypt, DNSCloak, YogaDNS, ...
RPZ RAW Response Policy Zone

Expires: 24 hours (update frequency)


Fake - Protects against internet scams, traps & fakes!

An blocklist for blocking fake stores, -news, -science, -streaming, rip-offs, cost traps and co.

Entries: 10293 domains/hosts - 5382 compressed domains | Sources/Statistics

Format Link Can be used for
Domains RAW PiHole, Blocky, eBlocker, Diversion, OpenSnitch, PersonalDNSfilter, pfBlockerNG, PersonalBlocklist, TechnitiumDNS
Hosts RAW Blocky, eBlocker, AdAway, uMatrix, DNS66, GasMask, HostFileEditor, OpenSnitch, NetGuard, TechnitiumDNS
Adblock RAW AdGuard, AdGuard Home, eBlocker, uBlock, AdBlock, AdBlock Plus, Opera, Vivaldi, Brave
Unbound RAW Unbound
DNSMasq RAW DNSMasq
Wildcard RAW DNSCrypt, DNSCloak, YogaDNS, ...
RPZ RAW Response Policy Zone

Expires: Updated regularly


Threat Intelligence Feeds - Increases security significantly!

An blocklist for blocking malware, crypto, coin, scam, spam and phishing. Blocks domains known to spread malware, launch phishing attacks and host command-and-control servers.

Entries: 1038623 domains/hosts - 590675 compressed domains | Sources/Statistics

Format Link Can be used for
Domains RAW PiHole, Blocky, eBlocker, Diversion, OpenSnitch, PersonalDNSfilter, pfBlockerNG, PersonalBlocklist, TechnitiumDNS
Hosts RAW Blocky, eBlocker, AdAway, uMatrix, DNS66, GasMask, HostFileEditor, OpenSnitch, NetGuard, TechnitiumDNS
Adblock RAW AdGuard (oversized, limited to 535000 rules!), AdGuard Home, eBlocker, uBlock, AdBlock, AdBlock Plus, Opera, Vivaldi, Brave
Unbound RAW Unbound
DNSMasq RAW DNSMasq
Wildcard RAW DNSCrypt, DNSCloak, YogaDNS, ...
RPZ RAW Response Policy Zone

Expires: 24 hours (update frequency)


DoH/VPN/TOR/Proxy Bypass - Prevent methods to bypass your DNS!

Prevent method to bypass your DNS. To ensure the bootstrap is your DNS server you must redirect or block standard DNS outbound (TCP/UDP 53) and block all DNS over TLS (TCP 853) outbound.

The block list exists in two versions:

Complete Edition - Encrypted DNS Servers, VPN, TOR, Proxies

Entries: 1432 domains/hosts - 1316 compressed domains | Sources/Statistics

Format Link Can be used for
Domains RAW PiHole, Blocky, eBlocker, Diversion, OpenSnitch, PersonalDNSfilter, pfBlockerNG, PersonalBlocklist, TechnitiumDNS
Hosts RAW Blocky, eBlocker, AdAway, uMatrix, DNS66, GasMask, HostFileEditor, OpenSnitch, NetGuard, TechnitiumDNS
Adblock RAW AdGuard, AdGuard Home, eBlocker, uBlock, AdBlock, AdBlock Plus, Opera, Vivaldi, Brave
Unbound RAW Unbound
DNSMasq RAW DNSMasq
Wildcard RAW DNSCrypt, DNSCloak, YogaDNS, ...
RPZ RAW Response Policy Zone

Expires: Updated regularly

Encrypted DNS Servers only

Entries: 363 domains/hosts - 277 compressed domains | Sources/Statistics

Format Link Can be used for
Domains RAW PiHole, Blocky, eBlocker, Diversion, OpenSnitch, PersonalDNSfilter, pfBlockerNG, PersonalBlocklist, TechnitiumDNS
Hosts RAW Blocky, eBlocker, AdAway, uMatrix, DNS66, GasMask, HostFileEditor, OpenSnitch, NetGuard, TechnitiumDNS
Adblock RAW AdGuard, AdGuard Home, eBlocker, uBlock, AdBlock, AdBlock Plus, Opera, Vivaldi, Brave
Unbound RAW Unbound
DNSMasq RAW DNSMasq
Wildcard RAW DNSCrypt, DNSCloak, YogaDNS, ...
RPZ RAW Response Policy Zone

Expires: Updated regularly


Safesearch not supported - Prevent the use of search engines that do not support safesearch!

An blocklist for blocking search engines that do not support safesearch.

Entries: 152 domains/hosts - 149 compressed domains | Sources/Statistics

Format Link Can be used for
Domains RAW PiHole, Blocky, eBlocker, Diversion, OpenSnitch, PersonalDNSfilter, pfBlockerNG, PersonalBlocklist, TechnitiumDNS
Hosts RAW Blocky, eBlocker, AdAway, uMatrix, DNS66, GasMask, HostFileEditor, OpenSnitch, NetGuard, TechnitiumDNS
Adblock RAW AdGuard, AdGuard Home, eBlocker, uBlock, AdBlock, AdBlock Plus, Opera, Vivaldi, Brave
Unbound RAW Unbound
DNSMasq RAW DNSMasq
Wildcard RAW DNSCrypt, DNSCloak, YogaDNS, ...
RPZ RAW Response Policy Zone

Expires: Updated regularly


Dynamic DNS blocking - Protects against the malicious use of dynamic DNS services!

An blocklist for blocking dynamic DNS services to protect against malicious use in phishing campaigns and others.

Entries: 793 domains/hosts - 791 compressed domains | Sources/Statistics

Format Link Can be used for
Domains RAW PiHole, Blocky, eBlocker, Diversion, OpenSnitch, PersonalDNSfilter, pfBlockerNG, PersonalBlocklist, TechnitiumDNS
Hosts RAW Blocky, eBlocker, AdAway, uMatrix, DNS66, GasMask, HostFileEditor, OpenSnitch, NetGuard, TechnitiumDNS
Adblock RAW AdGuard, AdGuard Home, eBlocker, uBlock, AdBlock, AdBlock Plus, Opera, Vivaldi, Brave
Unbound RAW Unbound
DNSMasq RAW DNSMasq
Wildcard RAW DNSCrypt, DNSCloak, YogaDNS, ...
RPZ RAW Response Policy Zone

Expires: Updated regularly


Badware Hoster blocking - Protects against the malicious use of free host services!

An blocklist for blocking known free hosters that also host badware via user content to prevent the use of these hosters for malicious purposes.

Entries: 51 domains/hosts - 50 compressed domains | Sources/Statistics

Format Link Can be used for
Domains RAW PiHole, Blocky, eBlocker, Diversion, OpenSnitch, PersonalDNSfilter, pfBlockerNG, PersonalBlocklist, TechnitiumDNS
Hosts RAW Blocky, eBlocker, AdAway, uMatrix, DNS66, GasMask, HostFileEditor, OpenSnitch, NetGuard, TechnitiumDNS
Adblock RAW AdGuard, AdGuard Home, eBlocker, uBlock, AdBlock, AdBlock Plus, Opera, Vivaldi, Brave
Unbound RAW Unbound
DNSMasq RAW DNSMasq
Wildcard RAW DNSCrypt, DNSCloak, YogaDNS, ...
RPZ RAW Response Policy Zone

Expires: Updated regularly


Most Abused TLDs - Protects against known malicious Top Level Domains!

An blocklist for blocking Top Most Abused Top Level Domains, merged from @Yokoffing, @DandelionSprout and SpamHaus.

Format Link Can be used for
AdGuard RAW AdGuard, AdGuard Home
uBlock RAW uBlock

Expires: Updated regularly


Personal - My manually maintained blacklist

My personal blocklist, an extension for known blocklists. Blocks ads, trackers, native device trackers, badware and more. Not intended to be used as a standalone blocklist, it serves as a addition for other blocklists!

Entries: 73729 domains/hosts - 30492 compressed domains

Format Link Can be used for
Domains RAW PiHole, Blocky, eBlocker, Diversion, OpenSnitch, PersonalDNSfilter, pfBlockerNG, PersonalBlocklist, TechnitiumDNS
Hosts RAW Blocky, eBlocker, AdAway, uMatrix, DNS66, GasMask, HostFileEditor, OpenSnitch, NetGuard, TechnitiumDNS
Adblock RAW AdGuard, AdGuard Home, eBlocker, uBlock, AdBlock, AdBlock Plus, Opera, Vivaldi, Brave
Unbound RAW Unbound
DNSMasq RAW DNSMasq
Wildcard RAW DNSCrypt, DNSCloak, YogaDNS, ...
RPZ RAW Response Policy Zone

Expires: Updated regularly


Native Tracker - Broadband tracker of devices, services and operating systems

Blocks native broadband tracker from devices, services and operating systems that track your activity.

Device/Service Domains Hosts Adblock Unbound DNSMasq Wildcard RPZ
Apple (iOS, macOS, tvOS) RAW RAW RAW RAW RAW RAW RAW
Huawei (Devices) RAW RAW RAW RAW RAW RAW RAW
Microsoft (Windows, Office, MSN) RAW RAW RAW RAW RAW RAW RAW
TikTok (Fingerprinting) RAW RAW RAW RAW RAW RAW RAW

Expires: Updated regularly


Credits

A huge thank you to the following list maintainers of the sources that were partially used, alphabetical order:

abpindo, abpvn, abuse.ch, adaway, adguardteam, adroitadorkhan, amnestytech, anti-ad, anudeepnd, assoechap, azorult-tracker.net, badmojr, barbblock, bigdargon, bkrucarci, blahdns, bongochong, botvrij.eu, cats-team, cbuijs, cert-agid.gov.it, cipherops, cmiksche, craiu, d3ward, dandelionsprout, davidonzo, developerdan, digitalside.it, dogino, drsdavidsoft, durablenapkin, easylist, easylist-lithuania, easylist-thailand, elliotwutingfeng, fademind, fanboy, firebog.net, frogeye.fr, gioxx, guardicore, hblock, hexxiumcreations, hole.cert.pl, hoshsadiq, hpthreatresearch, hufilter, iam-py-test, ihgalis, infinitytec, jawz101, jdlingyu, jkrejcha, joewein.net, kargig, kees1958, kevinthomas0, kriskintel.com, laicure, laniksj, lassekongo83, latvian-list, list-kr, logroid, malware-filter, marco-acorte, matomo-org, metamask, migueldemoura, mitchellkrogza, molinero.dev, mvps.org, netlab.360, nextdns, nitrohorse, notonmyshift, notracking, oisd.nl, olbat, oneoffdallas, ookangzheng, paulgb, perflyst, phishing.army, piperun, piquark6046, polishfiltersteam, prodaft, quidsup, rescure.me, scafroglia93, shadowwhisperer, shallalist, shreyasminocha, sjhgvr, smed79, someonewhocares.org, stamparm, stanev.org, stevenblack, stopforumspam.com, symbuzzer, systemjargon, t145, th3m3, tiuxo, tomasko126, ublockorigin, ultimate-hosts, uniartisan, ut1, velesila, wally3k, yokoffing, yourduskquibbles, yous, yoyo.org, zerodot1, zoso.ro


Recommendation

As a network-wide DNS blocker, I recommend using Adguard Home, PiHole, TechnitiumDNS, Blocky (advanced users) or eBlocker.

DNS blocker offer a good protection of privacy by blocking tracking, metrics and telemetry. They can be used to block the vast majority of ads, malware, scam, fake and co, but not everything can be blocked at the DNS level!
Therefore, I
additionally recommend the use of a browser content blocker such as AdGuard or uBlock with the appropriate block lists (EasyList, AdGuard, uBlock, ...).

Check out @yokoffing's Recommended Filters for uBlock Origin for content blocker filter lists.


Online DNS Services

If you don't run your own DNS server on your home network or if you are looking for additional protection for your mobile devices when they are not connected to the home network, then I recommend one of the following DNS services:

RethinkDNS - free

In RethinkDNS you can use my blocklists:

Blocklists DNS-over-HTTPS DNS-over-TLS Apple Mobileconfig
Normal (PRO + TIF) https://sky.rethinkdns.com/1:AAoACBAA 1-aafaacaqaa.max.rethinkdns.com Visit and click on the red apple
Aggressive (PRO plus + TIF) https://sky.rethinkdns.com/1:AAoACAgA 1-aafaacaiaa.max.rethinkdns.com Visit and click on the red apple
Strikt (ULTIMATE) https://sky.rethinkdns.com/1:gAAAQA== 1-qaaaaqa.max.rethinkdns.com Visit and click on the red apple

DNSforge (Germany) - free

DNSforge uses my light blocklist:

Blocklists DNS-over-HTTPS DNS-over-TLS DNS-over-QUIC
Normal (LIGHT + more) https://dnsforge.de/dns-query dnsforge.de quic://dnsforge.de:853

DNSwarden - free

In DNSwarden you can use my light, multi, pro, pro++ and tif list.

AdGuardDNS - limited free/paid

My blocklist recommendations for AdGuardDNS are:

Profile Blocklists
Pro 1Hosts (Lite) + AdGuard DNS + HaGeZi Personal Black & White + OISD full + NoTracking + StevenBlack

Black & White includes: Personal + Wildcard Rules + Fake + Whitelist + Whitelist Referral

You can also import my server settings, it contains - under the user rules - also my RegEx rules. Follow these download instructions to save the file in the correct format!

ControlD - free/paid

In ControlD you can use my blocklists:

Blocklists DNS-over-HTTPS DNS-over-TLS/QUIC
Normal https://freedns.controld.com/x-hagezi-normal x-hagezi-normal.freedns.controld.com
Pro https://freedns.controld.com/x-hagezi-pro x-hagezi-pro.freedns.controld.com
Pro Plus https://freedns.controld.com/x-hagezi-proplus x-hagezi-proplus.freedns.controld.com

NextDNS - limited free/paid

In NextDNS you can use my light, multi, pro, pro++ and ultimate list.

Check out @yokoffing NextDNS Config Guide for recommended NextDNS configuration settings.


About

"If the plan doesn‘t work, change the plan but never the goal."
There's no place like 127.0.0.1!

The blocklists are based on various sources and my own blacklists. They were designed to avoid false positive domains as much as possible without losing effectiveness and efficiency. Dead hosts are regularly removed from the lists to keep them as small as possible. Made with 💓 for a safer and cleaner internet.
All lists were tested against 6000 websites from the Cisco Umbrella Top 1 million list. It was checked whether the pages load, the page content is displayed correctly, navigation links work, images load, videos start and much more.
They are updated and maintained daily.

No, it's not just blocklists cobbled together from multiple sources. They have been optimized and extended to efficiently "clean the Internet" in all areas.
Test them and give feedback!

Please report false positive domains.

Referral Domains

Affiliate and tracking links (referral domains) that appear frequently on offer web pages, in emails or in search results are allowed in my lists. These are mostly called only after manual clicking on a link and are not used to display advertising. If these are blocked, the first hit links from search results, for example, no longer work.

Referral domains have been removed from all lists except from the ultimate list, only some of them were removed but not all!

There are users who want to block referral domains anyway, so for each list I show the domains that were whitelisted because of referral. You can see them in the list of used sources behind the link "whitelisted referral domains" per list. This list can then be used as a blocklist to "undo" the whitelisting of referral domains.

Allowing referral domains in my lists is equivalent to the NextDNS feature "Privacy > Allow Affiliate & Tracking Links".

Support Me

I do not want any money donations. If you don't know what to do with your money, invest it in aid or similar projects, do something good with it. There is enough misery in the world.
Accepting money donations would also be absolutely unfair to the maintainers of the sources used, that's not my way. Without the existing lists. these lists would be simply nothing.

If you like the project and you can benefit from it, leave a ⭐ (top right) and become a stargazer!

Give feedback, show me your ideas, report false positve domains and help to keep the internet safe and clean.
Help and cooperation of any kind is welcome!

Thanks for your support!


Keep the internet clean! - Join the Matrix: #dnsblocklists:matrix.org