Hosts/Domains should use 0.0.0.0 instead of 127.0.0.1 for Pi-hole

tweedge / emerging-threats-pihole

Block malware on your network using your PiHole, using threat intelligence extracted from Emerging Threats rulesets.

https://hosts.tweedge.net/

Apache License 2.0

58 stars 2 forks source link

Hosts/Domains should use 0.0.0.0 instead of 127.0.0.1 for Pi-hole #1

Closed thomasmerz closed 1 year ago

thomasmerz commented 1 year ago

See https://discourse.pi-hole.net/t/use-0-0-0-0-instead-of-dns-ip-in-blocklists/5412 and https://github.com/StevenBlack/hosts/issues/274 for "why". Thanks for changing (or do you prefer me seding this and make a PR?)!

sml156 commented 1 year ago

Pihole no longer needs 127.0.0.1 or 0.0.0.0 it ignores them

The post you quoted was from a lifetime ago (2017)

tweedge commented 1 year ago

I took a look and I believe that sml156 is correct here. It looks to me like PiHole ingests domain blocklists with either the 0.0.0.0 or 127.0.0.1 prefix, but when a domain is blocked PiHole will check what its blocking mode is set to and implement that block. The default these days is NULL blocking, which should mean that any blocked host (no matter what format the blocklist used) should return 0.0.0.0.

Reference: https://docs.pi-hole.net/ftldns/blockingmode/

I don't believe PiHole allows the lists themselves to override what blocking mode it uses - that seems like it would lead to a lot of inconsistencies. Give it a try though and let me know if there's something I can do to adjust! Would definitely prefer to adhere to best practices if there's an issue using 127.0.0.1 creates.

sml156 commented 1 year ago

There are several lists that work with pihole and do not add either of those IP's.

Take this list for example https://raw.githubusercontent.com/Perflyst/PiHoleBlocklist/master/SmartTV.txt it works perfectly. I believe some lists continue to add 127.0.0.0 and 0.0.0.0 so that people can use them in their OS's hosts file, I guess the rest don't know they do not need them.

thomasmerz commented 1 year ago

I know, but 0.0.0.0 should be preferred over 127.0.0.1 - for other reasons as you told (OS's hosts file for example) 😉

sml156 commented 1 year ago

I don't understand your comment, Pihole ignores both of those IP's you could put 27.27.27.27 and still have the same outcome ... pihole ignores it your point is pointless.

Sorry if this sounds mean and uncaring but them is the fact's, As far as the hosts file goes if your running windows 10 or above you cannot have 100's of thousands domains in your hosts file it will break your network.

Even win 7 had a hard time with a large hosts file unless you disabled "dns client" service, One of the reasons I am using pihole is because Windows 10 was slower than molasses no matter what service I disabled.

tweedge commented 1 year ago

I don't think anyone would use this directly as their hosts file - the only case I would expect is if someone used hBlock or similar, which would also apply its own parsing+transformation. However, considering:

Changing to 0.0.0.0 has a slight file size reduction advantage, and
On the off chance someone does simply do something like curl a bunch of files into /etc/hosts (hopefully not, but I've seen too many manmade technohorrors to say "it'd never happen") it would be a marginally better experience.

Change implemented: https://github.com/tweedge/emerging-threats-pihole/commit/ca761c292fb93fbe87fbc47d70d43532511918c6

thomasmerz commented 1 year ago

Thank you @tweedge 👍🏼