FAQ
My lists are not a blunt one-to-one copy from other sources. The versions are compiled individually using basic sources, own extensions, domain categories and Top 1M lists (Umbrella, Cloudflare, Tranco, Chrome, DomCop, ...).
False positives and dead domains are removed. Domains reported by the community have been added.
Furthermore, I regularly analyse logs in several networks to find potentially blockable domains that have not yet been blocked.
Wherever possible, only native sources are used as basic sources, not lists that have already been combined.
The total base list from which the domains for the individual lists are extracted currently comprises ~40M domains. This also includes the domains from the top 1M lists of the last 12+ months. This merged top list is used, among other things, to identify popular domains.
The list of base sources used can be found here:
https://github.com/hagezi/dns-blocklists/blob/main/sources.md
The statistics of the compilation of the lists can be viewed here:
https://github.com/hagezi/dns-blocklists/blob/main/statistics.md
- Light: Should not lead to any restrictions. It is particularly suitable for environments in which there is no admin nearby who can unblock something and if you have to pay attention to the size of the list, because the AdBlocker does not support large lists.
- Normal: Should not lead to any restrictions for the most part. It is particularly suitable for environments in which there is no admin nearby who can unblock something.
- Pro: Should only very rarely lead to restrictions. It is suitable for environments where there is an admin nearby who can unblock something. My personal recommendation for mostly problem-free adblocking with good privacy protection.
- Pro++: More aggressive version of the Pro list. It may contain a few false positive domains that limit functionality. Therefore it should only be used by experienced users. Furthermore, an admin should be available to unblock incorrectly blocked domains.
- Ultimate: Stricter version of the Pro++ list. It contains domains that limit functionality in apps and on websites - some popular trackers, that lead to restrictions, are blocked in this list. Therefore it should only be used by very experienced users. Furthermore, an admin should be available to unblock incorrectly blocked domains.
Important
Another important recommendation is to combine one main list with the Threat Intelligence Feeds list if possible. For Adblockers that have problems with the size of the full TIF list there is a smaller medium and mini version. If you use AdGuard Home or AdGuard DNS, I also recommend using the Dandelion Sprout's Anti-Malware List. There is also an IPv4 list that can be used additionally to the TIF or TIF medium/mini list.
Tip
Only for NextDNS users: The Threat Intelligence Feeds list is not available in NextDNS, the security features should be used instead. Furthermore, I recommend that NextDNS users also use the OISD list, which also contains a handful TIF sources that are not covered by the NextDNS security features.
This combination does not cover the entire bandwidth of the TIF, but it compensates a little.
Further additional options to the main lists depending on the use case are:
- Security: In addition to the Threat Intelligence Feeds list, use the Dynamic DNS, Badware Hoster, Most Abused TLDs and Newly Registered Domains (NRDs) list to further protect yourself from malicious things.
- Protection of children: Use the Gambling, Anti Piracy, Safesearch, DoH/VPN/TOR/Proxy Bypass and oisd NSFW lists in addition to block gambling, piracy, no safesearch engines, DNS bypassing, porn, shock and adult sites.
Affiliate and tracking links (referral domains) that appear frequently on offer web pages like Slickdeals, in emails or in search results are allowed in my lists. These are mostly called only after manual clicking on a link and are not used to display advertising. If these are blocked, the first hit links from search results, for example, no longer work. Furthermore, some of these domains are also used to unsubscribe from newsletters.
Referral domains have been removed from all lists. Only a few domains that also function as pure non link tracker are blocked in the aggressive lists (Pro++ and Ultimate). E.g. ad.doubleclick.net, adservice.google.*, app.adjust.*, ...
The referral domain allowlist can be found here:
| Format | Links |
|---|---|
| Adblock | Link |
| Wildcard Domains |
Link |
| Domains Subdomains |
Link |
| ControlD folder |
Link |
Why are CMPs (Consent Management Platform/Provider) used for cookie consent solutions not blocked in the lists?
Network-wide blocking of CMPs (Consent Management Plattform/Provider) used for cookie consent solutions breaks a lot of things and takes away the user's freedom to decide what he wants to allow and what not - blocking usually allows everything (#1979).
Blocking or automatic allow/deny is reserved for content blockers with corresponding filter lists. These can be used to decide which sites are excluded from blocking a specific CMP domain and which are not. You only have to look at the exclusions in the known cookie filter lists to see why network wide blocking via DNS is not a good idea.
Availability of the lists in the respective DNS services:
| Service | Light | Nor mal |
Pro | Pro ++ |
Ulti mate |
TIF | By pass |
Dyn DNS |
Hoster | TLDs | Anti Piracy |
Gam bling |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| AdGuard DNS |
β | π’ | π’ | π’ | π’ | π’ | π’ | π’ | π’ | π’ | π’ | π’ |
| ControlD | π’ | π’ | π’ | π’ | π’ | π’ | π¨ | π¨ | π | π | π¨ | π¨ |
| NextDNS | π’ | π’ | π’ | π’ | π’ | β | β | β | β | β | β | β |
| Rethink DNS |
π’ | π’ | π’ | π’ | π’ | π’ | β | π’ | π’ | β | β | β |
| DNS warden |
π’ | π’ | π’ | π’ | π’ | π’ | β | β | β | β | β | β |
π¨ Are included in the ControlD native lists of the respective category.
π Available as ControlD folder.
For the family (for my devices I use the Ultimate instead of the Pro):
