Pi-hole Mentioned On Security Now! Podcast

It was fun to see that the Pi-hole was mentioned on the Security Now podcast.

It made me smile that he grasped the “black hole” concept of sending advertisements to “nowhere.”  And despite his understanding, you actually can whitelist domains, but it doesn’t always work the way you might think:

With most ad-blockers, you would whitelist the domain you want to see ads on, but since the Pi-hole works on the DNS level, this won’t always work the way you intend.  Many advertisements are hosted by a third party, so the ad may be coming from a different domain than the one you whitelisted.

For an example, my site shows ads but the images are hosted somewhere else and are loaded from them when someone visits a page on my site.  If you use Chrome’s or Firefox’s Element Inspector, you can see that the image for the ad is coming from tcp.googlesyndication.com, not jacobsalmela.com.

whitelist google ads

So even if you whitelisted jacobsalmela.com, you would need to also whitelist Google to see ads on my site.  As a secondary effect of this, any other sites that use tcp.googlesyndication.com, would also be whitelisted.

There are sites out there that host their own ads, in which case, whitelisting it would do the trick.  Using the Element Inspector is the best way to find out where the ad is hosted.

6 Replies to “Pi-hole Mentioned On Security Now! Podcast”

  1. Congratulations! I think Steve Gibson has quite the exposure and is believed to be an excellent security researcher, referrals cannot be greater I think!

  2. Is there (or will there be) a way to use wildcards of some sort in the whitelist? I just ran into a problem with one of the getsatisfaction sites I use that have a ton of [random string].cloudfront.net addresses in them. Other than having to whitelist each individual random string URL, I’d like to be able to just whitelist *.cloudfront.net.

      1. Thanks. Rather than use that exact command and whitelist ALL of cloudfront.net, I hit the site with my browser than used a similar command on pihole.log to see which cloudfront addresses were being accessed when I tried to load that site. I then put those into whitelist.txt. I’ll see if that works …

Leave a Reply