Commonly Whitelisted Domains

whitelisting

#1

This post is a wiki post. Anybody can edit it to provide useful tips for whitelisting. Editing abuse may result in a ban from the forums!

Whitelisting Tips

List any tips you’ve discovered on how or what to whitelist in order to solve specific issues!

Google (Maps, Youtube, etc)

Google Maps and other Google services

pihole -w clients4.google.com 
pihole -w clients2.google.com

YouTube history

pihole -w s.youtube.com 
pihole -w video-stats.l.google.com

Google Play

As described here.

pihole -w android.clients.google.com

Microsoft (Windows, Office, Skype, etc)

Windows uses this to verify connectivity to Internet

pihole -w www.msftncsi.com

Microsoft Web Pages (Outlook, Office365, Live, Microsoft.com…)

pihole -w outlook.office365.com products.office.com c.s-microsoft.com i.s-microsoft.com login.live.com

Backup bitlocker recovery key to Microsoft account

pihole -w g.live.com

Windows Store

pihole -w dl.delivery.mp.microsoft.com geo-prod.do.dsp.mp.microsoft.com displaycatalog.mp.microsoft.com

Xbox Live

This domain is used for sign-ins, creating new accounts, and recovering existing Microsoft accounts on your (confirmed by Microsoft)

pihole -w clientconfig.passport.net 

This domain is used for Xbox Live Achievements (confirmed by Microsoft)

pihole -w v10.events.data.microsoft.com

There are several domains discovered initially on Reddit and /r/xboxone, which were also confirmed by Microsoft as being required by Xbox Live for full functionality.

pihole -w xbox.ipv6.microsoft.com device.auth.xboxlive.com www.msftncsi.com title.mgt.xboxlive.com xsts.auth.xboxlive.com title.auth.xboxlive.com ctldl.windowsupdate.com attestation.xboxlive.com xboxexperiencesprod.experimentation.xboxlive.com xflight.xboxlive.com cert.mgt.xboxlive.com xkms.xboxlive.com def-vef.xboxlive.com notify.xboxlive.com help.ui.xboxlive.com licensing.xboxlive.com eds.xboxlive.com www.xboxlive.com v10.vortex-win.data.microsoft.com settings-win.data.microsoft.com

Skype

See the GitHub Topic on these domains.

pihole -w s.gateway.messenger.live.com ui.skype.com pricelist.skype.com apps.skype.com m.hotmail.com s.gateway.messenger.live.com sa.symcb.com s{1..5}.symcb.com 

Microsoft Office

Reddit link - r/pihole - MS Office issues

pihole -w officeclient.microsoft.com

Jackbox.tv

Jackbox.tv will not load unless you whitelist google-analytics

pihole -w www.google-analytics.com
pihole -w ssl.google-analytics.com

Spotify

The Spotify app for iOS will stop functioning unless it’s web service counterpart is whitelisted.

pihole -w spclient.wg.spotify.com apresolve.spotify.com

Target's Weekly Ads

pihole -w weeklyad.target.com m.weeklyad.target.com weeklyad.target.com.edgesuite.net

Facebook

pihole -w creative.ak.fbcdn.net external-lhr0-1.xx.fbcdn.net external-lhr1-1.xx.fbcdn.net external-lhr10-1.xx.fbcdn.net external-lhr2-1.xx.fbcdn.net external-lhr3-1.xx.fbcdn.net external-lhr4-1.xx.fbcdn.net external-lhr5-1.xx.fbcdn.net external-lhr6-1.xx.fbcdn.net external-lhr7-1.xx.fbcdn.net external-lhr8-1.xx.fbcdn.net external-lhr9-1.xx.fbcdn.net fbcdn-creative-a.akamaihd.net scontent-lhr3-1.xx.fbcdn.net scontent.xx.fbcdn.net scontent.fgdl5-1.fna.fbcdn.net graph.facebook.com connect.facebook.com cdn.fbsbx.com

DirectTV

Sourced from here.

pihole -w directvnow.com directvapplications.hb.omtrdc.net s.zkcdn.net js.maxmind.com

Bild DE

pihole -w ec-ns.sascdn.com

Plex Domains

pihole -w plex.tv tvdb2.plex.tv pubsub.plex.bz proxy.plex.bz proxy02.pop.ord.plex.bz cpms.spop10.ams.plex.bz meta-db-worker02.pop.ric.plex.bz meta.plex.bz tvthemes.plexapp.com.cdn.cloudflare.net tvthemes.plexapp.com 106c06cd218b007d-b1e8a1331f68446599e96a4b46a050f5.ams.plex.services meta.plex.tv cpms35.spop10.ams.plex.bz proxy.plex.tv metrics.plex.tv pubsub.plex.tv status.plex.tv www.plex.tv node.plexapp.com nine.plugins.plexapp.com staging.plex.tv app.plex.tv o1.email.plex.tv  o2.sg0.plex.tv dashboard.plex.tv

Domains used by Plex

pihole -w gravatar.com - custom login pictures
pihole -w thetvdb.com - metadata for tv series
pihole -w themoviedb.com - metadata for movies

Sonarr

pihole -w services.sonarr.tv skyhook.sonarr.tv download.sonarr.tv apt.sonarr.tv forums.sonarr.tv

Placehold.it (Image placeholders often used during web design. Not sure why this is even blocked in the first place.)

pihole -w placehold.it placeholdit.imgix.net

Dropbox

As described here:

pihole -w dl.dropboxusercontent.com ns1.dropbox.com ns2.dropbox.com

Fox News

as described here.

pihole -w widget-cdn.rpxnow.com

Images on Marketwatch.com

pihole -w s.marketwatch.com

Apple Music

pihole -w itunes.apple.com

GoDaddy webmail buttons

pihole -w imagesak.secureserver.net

Google Chrome (to update on ubuntu)

pihole -w dl.google.com

Apple ID

pihole -w appleid.apple.com

SnapChat

Does anyone have a source on this? I am blocking the first two and the Android app seems to work just fine.

pihole -w app-analytics.snapchat.com sc-analytics.appspot.com cf-st.sc-cdn.net

WatchESPN

as described here.

pihole -w fpdownload.adobe.com entitlement.auth.adobe.com livepassdl.conviva.com

NVIDIA GeForce Experience

GFE requires this to download driver updates (or events.gfe.nvidia.com, but that is also used for telemetry).

pihole -w gfwsl.geforce.com

Videos not playing in times.com and nydailynews.com


pihole -w delivery.vidible.tv img.vidible.tv videos.vidible.tv edge.api.brightcove.com cdn.vidible.tv

Bing Maps Platform

as described here.

pihole -w dev.virtualearth.net ecn.dev.virtualearth.net t0.ssl.ak.dynamic.tiles.virtualearth.net t0.ssl.ak.tiles.virtualearth.net

Google Play Android updates

pihole -w android.clients.google.com

Moto phones OS updates

pihole -w appspot-preview.l.google.com

Captive-portal tests

These domains are checked by the operating systems when connecting via wifi, and if they don’t get the response they expect, they may try to open a wifi login page or similar as they believe they are located behind a captive portal.

Android/Chrome

pihole -w connectivitycheck.android.com android.clients.google.com clients3.google.com  connectivitycheck.gstatic.com 

Windows/Microsoft

pihole -w msftncsi.com www.msftncsi.com ipv6.msftncsi.com

iOS/Apple
(note that this does not cover all domains used older iOS versions)

pihole -w captive.apple.com gsp1.apple.com www.apple.com www.appleiphonecell.com

Grand Theft Auto V Online PC

Since March blocking Rockstar telemetry seems to crash GTAOnline.
Unblocking the domain fixed crashing for people at GTA Forums.

pihole -w prod.telemetry.ros.rockstargames.com

Youtube 10-Second Black Screen
Steam Link negatively effected by Pi Hole
Unblocking a single devices
Windows 10 Store app updates being blocked
Windows Store not updating
Pi-Hole prevents xBox1 Hulu and Netflix updates
Pi-hole and playstation
'safe' list to use on my parents' network?
Kodi no longer working after pihole install
Windows Spotlight is blocked
An issue I've been having with Youtube
Skype connection failed
Dutch (Netherlands) websites whitelisting
Xbox one dns problem
Smart TV, Sony KDL-48WD650
Can't sign into Xbox live
How to debug a website that doesn't work properly
Xbox app not working with pi-hole enabled
What files does Pi-hole use?
Pi-hole causing "additional logon information may be required" message
Login.live.com getting blocked
YouTube "watched"
White list "list" instead of individually?
The pihole Command With Examples
Blocked Facebook
Google Play updates
Dutch (Netherlands) websites whitelisting
Whitelist for Spotify premium account
Xbox Live app
Xbox and Windows lose DNS ~every 2 days
Login.live.com getting blocked
Windows 10 showing no internet access but I am connected to the internet
Apple music
Images on Marketwatch.com being blocked
Why doesn't Xbox Live load while using Pi-hole?
Can't watch Fox News Live?
Pi Hole admin page needs 2 minutes to load
Whitelist still being blocked
#7

#8

Windows10 Update

Without the follwing Whitelist Entrys Windows10 update can’t be completed.
Default is blacklisting.

pihole -w settings-win.data.microsoft.com
pihole -w v10.vortex-win.data.microsoft.com


#9

@hennix
That’s curious. Those are blacklisted in my pihole and I’ve gotten all windows updates


#10

I can confirm this!

Not that updates won’t be completed, you just won’t get any, when you have those two addresses blocked!


#11

Roku - ETWN App
Episode thumbnails were not loading when blocked.

pihole -w f1.media.brightcove.com


#12

Microsoft added another one, found it today when my Xbox One X complained about “Local Cache not being able to be emptied”

v20.vortex-win.data.microsoft.com


#13

Images won’t load in the cnn ios app without whitelisting

pihole -w dynaimage.cdn.turner.com


#14

does anyone have CNN whitelist? videos doesnt play.


#15

I don’t have access to edit directly (probably as I am a new user), but I just noticed a potential error in the Microsoft section, in the text area for “There are several domains discovered initially on Reddit”:

xkms.xbolive.com - should most likely be updated to xkms.xboxlive.com.


#16

Thank you. I corrected the typo.


#17

Are you guys sure about Plex? I have nothing whitelisted and nothing is showing up blocked/pi-holed.

Edit:
Just tried - appleid.apple.com no need to whitelist.
target - needs api.target.com, redsky.target.com and profile.target.com to search their site
BJs app - needs cdn.cpnscdn.com to show pictures of products in the app

h-sdk.online-metrix.net - my banking app needed this to permit functionality on iOS. seems to be tied with ThreatMetrix


#18

It could be a few things. The blocklists are updated and change over time. It’s possible that it used to be blocked, but is no longer blocked.

In addition to the default blocklists, many users choose to add additional lists. So another possibility is that Plex may be blocked in other popular lists.


#19

Is it possible to install this list of commonly whitelisted domains all in one go from the GUI? Failing that all in one go from the command line?


#20

Try taking a look at this page for a batch command line option and more whitelisting suggestions:

Also, once you’re inside the web interface, you can navigate to the the white list section and simply copy and paste all of sites in one go.