( 🇨🇵 Cette page est disponible en Français: Listes de blocage DNS )
DNS filtering is an easy way to block a vast majority of advertising, tracking and malware sites with a minimum of effort. This is quick to setup and easy to revert.
Advantages of DNS filtering:
Drawbacks:
You do not need to worry: The setup is easy to reverse.
URL to use: https://sebsauvage.net/hosts/hosts
This list is an aggregation of the following sources:
The blocklist is available in several formats:
URL | Notes |
---|---|
https://sebsauvage.net/hosts/hosts [RECOMMENDED] | hosts format (0.0.0.0 hostname ) Suited for Android and computers This hosts file can be used as is in Windows, Linux, MaOSX and in personalDNSFilterr and DNS66 on Android. |
https://sebsauvage.net/hosts/hosts-adguard | AdGuard/uBlock-Origin format (||hostname^ ) Suited for Android and computers This list can be used in AdGuard (on Android) and uBlock-Origin. |
https://sebsauvage.net/hosts/raw | Raw format (hostname ) (just the domains, no headers) |
These blocking lists make occasional mistakes. I have put some domains on a whitelist. These domains will never be blocked.
PS: If you find a domain which should not be blocked, please let me know (by email, Mastodon, Wire or Telegram).
You can paste this list at the end of your hosts
file located at: /etc/hosts
Note: Some distributions require that 127.0.0.1 machineName
is defined in host file. You can paste the blocklist after this line.
If you want to automatically update the blocklist, here is an example script which has to be run by root (you can just drop this script in /etc/cron.weekly/
).
#!/bin/bash # Update the DNS blocklist from the web logger "hosts-update: Updating hosts." tempname=`mktemp` echo "127.0.0.1 `hostname`" > $tempname printf "\n\n" >> $tempname curl --fail https://sebsauvage.net/hosts/hosts >> $tempname res=$? if test "$res" != "0"; then logger "hosts-update: Failed to update hosts : $res" rm $tempname exit 1 fi mv /etc/hosts /etc/hosts.old mv $tempname /etc/hosts chmod 0644 /etc/hosts logger "hosts-update: hosts file successfully updated."
services.msc
, right-clic on "DNS Client" > Properties > Startup: Disabled, then restart your computer). regedit
and put 4
(=disabled) in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Start
then restart your computer. DNS Client
service before installing this blocklist. You have been warned.
You can paste this list at the end of your hosts
file located at: C:\Windows\System32\drivers\etc\hosts
If this does not seem to work, run ipconfig /flushdns
in a terminal.
If you want the host file to be automatically updated, you can try the freeware HostMan [NOT TESTED] : http://www.abelhadigital.com/hostsman/
There are several Android applications capable to downloading and applying a blocklist. Please note that these applications use the VPN feature of Android. It's the only way for an application to collect network traffic of all other applications. You can use one of these applications:
In each of these applications, disable the lists provided by default and add https://sebsauvage.net/hosts/hosts
For an extra layer of security, you can use alternate DNS resolvers such as Quad9 (9.9.9.9/149.112.112.112): This resolver also dynamically blocks botnets.
I recommend updating the list every week.
Under Android, personalDNSFilter and DNS66 are capable of updating the list automatically on a regular basis.
Keep in mind that this blocklist alone is not enough. You must: