[chewz]

I am running Pi-Hole like system assembled myself. OpenVPN, Tor, dnscrypt-proxy[3] and dnsmasq[2] plus large lists of blocks from Steven Black hosts project[1] and firehole.

I am running this for four years now in different incarnations and it is generally smooth. It was also quite educational to assemble.

[1] https://github.com/StevenBlack/hosts

[2] [3] dnsmasq isn't necessary as dnscypt-proxy is now able to block domains and IPs and of caching requests. I am using dnsmasq mostly for dhcp and to spread traffic among two dnscrypt-proxy clients and Google DNS.

[thinkMOAR]

Do note that the sources for the list of Steven Black receive little to no scrutiny and are just merged from random sources on the internet. An in my opinion, better approach would be to add proper egress filtering with apps like on little snitch, net limiter etc instead of pointing some fixed blacklist which will never have the latest entries and you will still be leaking information to parties using new urls etc.

[QuasiAlon]

Interesting. For the less tech savvy, is there a way to take the list on [1] and _automatically_ update the hosts file on my own machine (mac)?

[giobox]

For the less tech savvy, I’d still recommend considering installing PiHole. The “one line” command install can be run on an out of the box Raspberry Pi (starting at 5 dollars plus cost of power supply/SD card/usb network adapter if using the Pi Zero) and attached to your existing router in very few steps, then you have pretty robust adblocking on everything on your network: computers, games consoles, TV streaming sticks/boxes - great for devices that otherwise don’t support adblocking extensions. The 3 steps on PiHole’s front page really is all that’s involved.

You don’t need to use a Raspberry Pi either, If you have an old computer lying around you can repurpose it for this task. I just like using the Pi because it’s tiny, super cheap, fanless and consumes very little electricity.

[chewz]

Here you have a gist that can get you started. https://gist.github.com/chew-z/2b4d4ff905fd64473e18f130c8c39...

Also dnscrypt-proxy has an option to download a bloc-klist from sources (I haven't used it). If on Mac you are using Murus it also has an option of regular downloading of a selected block-list as well as blocking traffic form selected countries. The tricky part is to select right list for you..

[Raphmedia]

Not automatically but you can use something such as Gasmask (https://github.com/2ndalpha/gasmask) to easily manage your host.

[unforswearing]

You can actually use a "Remote" hosts file with Gasmask and set the update interval in preferences. I actually just figured this out after a little bit of trouble -- my issue was that Gasmask cannot files from Github or any https site[0]. There are non-Github mirrors listed in the table at https://github.com/StevenBlack/hosts which I have been able to use successfully.

[0]: https://github.com/2ndalpha/gasmask/issues/90

[pletnes]

Obviously it can be hacked together with bash scripting, but that’s fairly advanced usage.