HaGeZi Lists and hBlock are added.
I was checking the filters and just saw that the HaGeZi filters that were requested and hBlock is added.
I remember that a lot of people were asking for it and I'm going to test it out to see how it compares to OISD.
I wanted to share it with everyone else so everyone can try it out.
-
As a quick update on HaGeZi filters the Pro one seems to be quite good but still has some FP's like Lightswitch05 and 1HostLite.
Normal seems to be close to OISD in terms of pure compatibility, I'm going to try running both OISD and HaGeZi Normal to see if I see anything in terms of False Positives but quite an amazing filter, now the second filter in the lists to focus on compatibility.
-
Hey
If you find false positives, please report them. I will then see if I can whitelist them for the respective version.
You can report them on Github, here as a message directly to me or via mail.The lists all have a certain strength, the Pro should not contain many false positives. What have you found?
-
- Pro Subscriber
Ha Ge Zi
Tested the blocklists for about a week now...
The PRO++ is the right level for me. Had to whitelist "insideruser.microsoft.com", but nothing else in my whitelist.
The PRO was a bit too light and ULTIMATE broke some of my Google/Nest devices.
- Pro Subscriber
-
Ha Ge Zi I've found a domain that OISD wasn't blocking (at the time) but now they block it too haven't investigated it too much but it's (api.storyly.io) it's used in the Turkish Airlines app, it's basically mini self advertisements such as currently deals and general information about their Miles system and discounts and such.
I can't say it's worth allowing as I've looked at the Storyly site and they do talk about serving ads through their system.
So my initial reaction was yeah this is a FP but now they're blocking it too so I've became 50/50.
-
Jörgen
insideruser.microsoft.com was unblocked, but I forgot to remove the CNAME: insideruser.trafficmanager.net.
Thanks for the hint. I have removed it as well.Can you tell me what caused the problems with Google/NEST devices in Ultimate? This should not be the case and should be fixed.
-
- Pro Subscriber
Ha Ge Zi I saw that the domain geller-pa.googleapis.com was blocked and remembered it from when I had issues before with firmware-updates and device drop-outs. Also some "firebase-domains" was causing issues if I remember correct. I can try activating the ULTIMATE for a while and see how my Google/Nest devices likes it now in 2023 :-)
- Pro Subscriber
-
Jörgen Please test an report them to me. Thanks for your support!
-
- Pro Subscriber
Ha Ge Zi I will try to... Also seeing device-provisioning.googleapis.com is blocked now by ULTIMATE and remember that made issues with drop-outs before.
- Pro Subscriber
-
Hey
I have looked at this and I think it is safe to whitelist. Full-screen Stories ... that's going to limit a lot of apps. The origin list is this:
https://github.com/symbuzzer/Turkish-Ad-Hosts
It got into the 1Hosts lite and oisd via that. -
Jörgen I fixed all the googleapis things fpr Google/Nest devices in the ULTIMATE. The new version is online in NextDNS.
-
Ha Ge Zi Welp, I'll be switching to your Pro filter now because OISD has a false positive that your filter doesn't.
Thanks for the extremely quick fix for the FP's that were mentioned by us. It's great to use NextDNS with a filter that's as stable and as compatible, hopefully for years to come.
Thank you for all the work that's put in the filters, it's a great to have a DNS provider that's extremely stable and just works with your filter that has the same behavior, a perfect match.
-
Ha Ge Zi hi, discords.com false positive. This site is trusted, lists Discord servers.
-
LazJedi Thanks, removed:
https://github.com/hagezi/dns-blocklists/issues/274
-
-
I'm using HaGeZi PRO++ without any issues. It blocks twice as much as OISD, with no increase in false positives. OISD itself uses the HaGeZi whitelist (among others) to make itself better, so there will be a big overlap in that whitelisted entries are very similar in OISD and HaGeZi.
-
Chris Correct, when I analyse an export of the logs, OISD blocked only 1 url HaGeZi didn't (eu-mobile.events.data.microsoft.com). I'll check again in a week,
-
-
I take a different approach than the OISD. The OISD is a great list that you can add to, provides good protection, and usually doesn't need any further maintenance. If something causes functionality restrictions somewhere, it goes on the whitelist there as long as it doesn't cause ads to be displayed on multiple pages, for example.
Nevertheless, unblocking is done here with a sense of proportion. There are almost no false positive domains in OISD. This is the strength of OISD. A disadvantage, thereby e.g. the tracker number 1, google-analytics.com was partially unblocked because on the popular page reuters.com some videos do not start.
If you don't mind such things and you want a list that doesn't lead to restrictions in any situation, you will make the best choice with OISD. It is a very well maintained list and the maintainer always has an open ear.Maintaining such large lists is hard work. One of the main problems is that domains you unblocked a long time ago because they cause functional restrictions on various pages, apps or devices, might be blocked again today because these restrictions no longer exist due to customization. You need to check your whitelist from time to time. That's very time-consuming.
My approach is different, one example, google-analytics.com for example I would only whitelist if it leads to functional restrictions in mass, but not if it leads to functional restrictions on a handful of pages - the tracker is just too popular for that. And I think it's pretty cheeky to link important site functionality to this top tracker. For this kind of trackers, you actually have to get permission beforehand according to the EU data protection directive, but the directive offers loopholes that are of course used, all a matter of interpretation.
Through the different list versions and the different degree of aggressiveness of these, I am able to decide what is whitelisted where depending on what restrictions the blocked domain leads to. So every user should have the possibility to find the right list for him. Example, the top tracker number 2 googletagmanager.com it leads to function restrictions on various pages therefore it is unblocked in Light to Pro, but because it is popular and partly used as a bypass for google-analytics.com, it is blocked in Pro++ and Ultimate. There are many examples of this.
The OISD is a list that must satisfy all user preferences. For more there is the OISD extra, which is unfortunately not available in NextDNS. But it can be combined with the very effective 1Hosts lists, if you don't mind to create your own whitelist.
Apart from the fact that I don't see my lists as competition for other lists, every user should decide for himself what suits him, a block rate comparison between OISD and PRO PLUS is not meaningful for the reasons mentioned above. Probably the block rate of the LIGHT is higher than the OISD in normal operation, but that is due to my chosen approach.
I spent months compiling the lists, they are not just lists compiled from different sources using a whitelist. Each list has its own extension, which I compiled individually using the CISCO Umbrella 1M top lists. But, without the sources used, the lists would simply be nothing. The OISD and 1Hosts have a significant part in this.
I started with the PRO PLUS, I wanted a list with the right balance between aggressiveness and balance. The other versions were then developed from this. For my needs, the perfect list was created with this attempt, the PRO PLUS.Kind Regards,
Gerd-
Ha Ge Zi Does it make sense to activate OISD in addition to HaGeZi PRO or NORMAL? If I understand it correctly on Github, the OISD domains are included anyway if you use the NORMAL or higher. Do I understand that correctly?
-
Johannes Strasser yes, oisd is included. But it doesn't hurt to include the oisd list. If you use the light, then be sure to include the oisd.
From multi it is not necessary. -
Ha Ge Zi great, thanks so much for confirmation. I am using the PRO, so I should be safe ;)
-
Ha Ge Zi one last question... If I enable both (HaGeZi and OISD): where should I report false positives? To both? What I can see is that OISD is pulling your whitelist but do you do the same in the other direction and can NextDNS handle this in an intelligent way? What do you recommend? Many thanks
-
Johannes Strasser I do not use an OISD whitelist. If you use multiple blocklists, you can see which blocklist has blocked domains in the log. Red "i" or by expanding if the mobile view is used. False positives should of course only be reported to the responsible list maintainer.
-
Ha Ge Zi good to know, thanks! I tested and compared now both variants but I think I am good to only use yours (PRO) for now because almost all blocks are done by both lists in my case. Thanks for your help! :)
-
-
I really like the HaGezi lists.
I use the Ultimate-List and I don´t need any whitelist...until now:
When I open o2online.de , the whole site is just text and some wrong placed images. Normally I will find the "bad" entry in my protocol in my NextDNS account, but this time I failed. Maybe someone here can identify the problem.
-
- Pro Subscriber
Michael I tried it and see that static2.o9.de is blocked in the log. Guess that's where their resources are stored.
- Pro Subscriber
-
Michael @jorgen_a Thanks, fixed: https://github.com/hagezi/dns-blocklists/issues/279
-
Jörgen @hagezi Whow, that was fast. Thank you both a lot
-
-
Another one:
I‘ve whitelisted „consent.cookiebot.eu“ but the cookie info doesn‘t disappear when I agree with the use of cookies
any ideas?
-
Michael Thanks, fixed.
Whitelisted:
consent.cookiebot.eu consentcdn.cookiebot.eu -
Ha Ge Zi Thank you
-
-
FYI: Currently there seems to be a GitHub problem, the RAW links over which the lists are retrieved do not provide the current list versions, but partly only a cached version from yesterday. Currently only the Multi NORMAL version seems to be available. I see this behavior in other Github repositories as well.
-
Ha Ge Zi Hi, don't you think these two websites are false positives?
semrush.com similarweb.com -
LazJedi Thanks, main domains are removed.
-
Ha Ge Zi You're welcome. These websites offer analytics tools for website owners. I don't know if they include trackers. I'll look into it to avoid false reports.
-
Ha Ge Zi The Github problems seem to be fixed.
-
-
I’m not sure if this is a false positive per say but it does seem to break Amazon browsing history. Some may say that’s the very definition of a tracker and you can’t really argue with that but someone might be using it and it can be turned off in an Amazon account.
fls-xx.amazon.com
fls-xx.amazon.com.xx
fls-xx.amazon.co.xxThis is for multiple regions.
-
R P M Its a tracker: Forrester Log Service - market analytics company
https://docs.aws.amazon.com/workspaces/latest/adminguide/workspaces-port-requirements.html
-
Ha Ge Zi Strangely that page is only listing fls-na.amazon.com as the domain, even for other regions.
-
R P M Where does the history not work? In the Amazon app on iOS it works fine with blocked fls.
-
Ha Ge Zi History is broken in iOS 15 Amazon app and website also (unable to test android app as it requires an android version higher than I have). It appears to not register new items rather than completely blank.
-
R P M Got it, thanks, since it is used for tracking, I would continue to block them in the Pro++ and Ultimate lists. But I could whitelist them in the balanced lists Light to Pro. Would this be an option from your point of view?
-
Ha Ge Zi Sounds like a good plan to me. I definitely agree that it does need to be blocked for the more aggressive lists.
Thanks for looking at it.
-
R P M Should be fixed in light to pro.
-
Ha Ge Zi No need to remove
forester.a2z.comAlso fls domains seem to be still in the GitHub files. Not sure why as the white listing looks ok. Maybe it needs to be more specific?
@@||fls-*.amazon.co*^
-
R P M
Thanks, there is currently a problem with Github again, the RAW cache is not up to date in all regions, so it retrieves partially outdated versions from yesterday. The lists here in NextDNS have therefore an old status. I can't do anything about it myself except wait until Github has fixed the problem permanently.
A2Z Forester is whitelisted because gateway.prod.us-east-1.forester.a2z.com and endpoint.prod.us-east-1.forester.a2z.com is a CNAME for fls-*.amazon*.
-
Ha Ge Zi Another GitHub issue, oh boy. Hopefully it won’t be too long.
Ah, a cname, should’ve remembered to think of that. NextDNS cname flattening hid it from the logs.
Thanks for the info update.
-
Ha Ge Zi true history works fine in iOS 16 app.
-
-
Hi,
eazy.de is blocked in Ultimate, it is a cable-internet-provider
-
Michael It's flagged by Heimdal Security as Malicous but it is a false positve. I will remove it.
-
-
Another one: account.rewe.de
It is used for login by the REWE-App.
-
Michael But someone wanted to give me a treat, rewe.de completely blocked, I'll take care of it immediately ... Sorry!
-
Michael fixed and reported it to the upstream maintainer.
-
Ha Ge Zi Apparently, the website's competitors wanted it blacklisted. :D
-
-
When using WOW (Sky streaming) App on tvOS I found nzdsqcybmv.trkcliq.com as a new entry in my logs. The site belongs to Amazon and I can block it without problems to the streaming service.
-
Michael Thanks, will be checked.
-
Michael Will be added on next full update.
-
Ha Ge Zi please allow dmxleo.dailymotion.com for the app https://play.google.com/store/apps/details?id=de.filmstarts.android
Without this the app don't show's videos.
The website is without this running.
-
mike Can you please test this again, I can't reproduce it. The tracker is blocked in almost every block list. Even in AdGuardDNS with more than 50 million users.
Have you activated the block page in NextDNS, which often causes problems?
In Ultimate I had to allow streaming.split.io for the app to work. This is fixed. -
Ha Ge Zi no is not working. Must I reload NextDNS for update your Blocklist? I have only pro ++.
Next things is sport1.de. Please allow tag.aticdn.net
-
Ha Ge Zi yes blocker page is enabled. No, with streaming.split.io it is not working. All time is the issue without dmxleo.dailymotion.com.
-
mike disable blockpage …
-
Ha Ge Zi It works without blockpage
-
mike Never use the Blockpage feature, it causes problems in so many places that are not really problems. This feature should be removed from NextDNS ...
-
Ha Ge Zi
I can't see the trailer on https://www.moviepilot.de/news/erste-reaktionen-auf-john-wick-4-ueberschlagen-sich-mit-begeisterung-einer-der-besten-actionfilme-aller-zeiten-1140494
Can you confirm that?
-
mike
I can confirm, is also with OISD so. moviepilot.de is not exactly AdBlock friendly. ;)
You need to whitelist the following:
securepubads.g.doubleclick.net cdn.lib.getjad.ioBut this will cause ads to be displayed on lots of other sites. Therefore this is something for your personal whitelist.
-
mike I'm a third part to the conversation but just to let you know that site seriously hates any methods to block ads.
They use a video player that checks for the ad box and only starts when the said box loads, this usually can be bypassed by a few tricks as SBS.AU uses a similar thing I bypassed. But neither of my previous fun tests work on this site.
On top of that check, they also use BlockAdblock that hits a ton of ad domains, so they're ensuring that the user is annoyed either way.
At that point, I wouldn't even use the said site as they'll constantly find ways to try to stop you until they realize that they start losing a ton of users and start backtracking until that point, they're just going to annoy you.
-
Ha Ge Zi What's the problem with it?
-
Lone Wolf ?
-
Ha Ge Zi the block page
-
Lone Wolf Normally the client gets 0.0.0.0 as IP back when something is blocked. So an IP that does not exist. If you have enabled the block page, the client will get an existing IP, the IP of the block page.
-
Ha Ge Zi Can't the devs fix it?
-
Hey I don't use this Site anymore. I blocked this Site by Google News.
-
-
mike whitelist pagead2.googlesyndication.com. However, this leads to the display of advertisements on other pages.
-
Ha Ge Zi with blockpage works the site. I have done nothing else
-
-
Using instead 1host, better than 1host without any issue :3 (ultimate version)
-
Both entries are used by the app „Opensignal“. With this entries the networkstatistics (where the average speed of mobile providers were displayed) only shows an error message. The „tiles“-entry is needed for showing the network coverage in a map. I‘ve whitelisted these entries and everything works nice.
-
Michael Thanks, fixed.
-
-
It seems, that dpm.demdex.net was added to be blocked to your „Pro++“ list recently (as far as I know, it was only included in your Ultimate list before). It is needed for starting the wowtv streaming service on my AppleTV.
Maybe you could check, if it is possible to remove it or I just keep it whitelisted as long I watch WOW. Thanks
-
Michael Thanks, will be fixed after next full update.
-
-
www.revolverheld.de is blocked in Ultimate-List (someone seems not to like german music
) -
Michael blocked by CNAME affectionate-varahamihira-c7a5ba.netlify.com via adroitadorkhan/antipopads-re. Will be removed ...
-
-
mx.freenet.de is a German email provider.
kiwisearchservices.com is a good browser
revanced.io is a no ads YouTube alternative
All this are just know blocked. Why?
-
mike Is already known, will be fixed.
-
-
Hi,
www.marinetraffic.com is blocked in the Ultimate list. It is just a site for tracking ships.
-
Michael Thanks fixed.
-
-
vto.partners-eu.api.ditto.com and bsdk.api.ditto.com are blocked in ULTIMATE. They are needed for testing glasses on misterspex.de.
-
Michael Thanks, will be removed on next update.
-
