(Simple Question) How to block all .wpad and .localdomain traffic?

Hey all,

I've tried following the documentation over here to block all .wpad and .localdomain traffic, however, I can't manage to do it? I'm not sure if I'm typing the commands in wrong, or if it just isn't supported, but it's not working.

What I want to do is block all traffic with .wpad and .localdomain . Ex. test.localdomain or wpad.test or wpad.localdomain .

I'm not sure what structure of $ or . or / or ^ to use, and i've tried following the documentation and Googling, but couldn't find anything that worked.

Any help is welcome. Thank you :slight_smile:

^wpad\.
(^|\.)localdomain$

in Regex & Wildcard blocking

1 Like

That appears to be the documentation he was trying to follow.

1 Like

Do both of those commands do the same thing? Is one for Wildcards and the other for Regex? Does one command have to be wildcard, and the other regex? I also tried to read into the differences between the two, and I couldn't understand it.

I tried to understand it, and even tried to "implement" it into PiHole, but I couldn't get it to work, which I mentioned in my post.

Here is a handy site for diagramming your regex expressions.

https://regexper.com

1 Like

Referring to the relevant blog post I think that a better solution is

^wpad($|\.)

as it catches

wpad
wpad.example.com

but not

wpadexample.com

Please correct me if I'm wrong.

1 Like

So I added all 3

As regex in the blacklist.

Whenever I search up, for example, wpad.ikjnsdakjnkjnasd (random jargon), the DNS query still gets send, and PiHole doesn't block it, however, with that same example, if I were to just add the exact phrase to the blacklist, the DNS query does not get send. Why is that?

Using the regex commands given above (taken from tail pihole.log):

Oct 9 08:23:45 dnsmasq[1183]: 54956 192.168.54.100/50434 query[A] wpad.ikjnsdakjnkjnasd from 192.168.54.100
Oct 9 08:23:46 dnsmasq[1183]: 54956 192.168.54.100/50434 <unknown> wpad.ikjnsdakjnkjnasd is 0.0.0.0
Oct 9 08:23:46 dnsmasq[1183]: 54957 192.168.54.100/52293 query[A] duckduckgo.com from 192.168.54.100
Oct 9 08:23:46 dnsmasq[1183]: 54957 192.168.54.100/52293 forwarded duckduckgo.com to 1.0.0.1
Oct 9 08:23:46 dnsmasq[1183]: 54958 192.168.54.100/50434 query[A] wpad.ikjnsdakjnkjnasd from 192.168.54.100
Oct 9 08:23:46 dnsmasq[1183]: 54958 192.168.54.100/50434 <unknown> wpad.ikjnsdakjnkjnasd is 0.0.0.0
Oct 9 08:23:46 dnsmasq[1183]: 54959 192.168.54.100/52293 query[A] duckduckgo.com from 192.168.54.100

Adding the exact URL/phrase/DNS query to the "exact" blacklist (taken from tail pihole.log):

Oct 9 08:23:55 dnsmasq[1183]: 54961 192.168.54.100/52528 query[A] wpad.ikjnsdakjnkjnasd from 192.168.54.100
Oct 9 08:23:55 dnsmasq[1183]: 54961 192.168.54.100/52528 /etc/pihole/black.list wpad.ikjnsdakjnkjnasd is 0.0.0.0
Oct 9 08:23:55 dnsmasq[1183]: 55062 192.168.54.100/52528 query[A] wpad.ikjnsdakjnkjnasd from 192.168.54.100
Oct 9 08:23:55 dnsmasq[1183]: 55062 192.168.54.100/52528 /etc/pihole/black.list wpad.ikjnsdakjnkjnasd is 0.0.0.0
Oct 9 08:23:55 dnsmasq[1183]: 55063 192.168.54.100/52528 query[A] wpad.ikjnsdakjnkjnasd from 192.168.54.100
Oct 9 08:23:55 dnsmasq[1183]: 55063 192.168.54.100/52528 /etc/pihole/black.list wpad.ikjnsdakjnkjnasd is 0.0.0.0

I have added ($|.)fritz.box
because i found lots of different domain names in the log ended in fritz.box

I'm not sure what you're trying to achieve. Why did you start the regex with an end of string expression ($)?

But then you should escape the period:

fritz\.box

plus this one to perform the check: https://regex101.com/

hmmm... you'r right !!

I just wanna catch all of it, like these
aczjafma.fritz.box
adaway.fritz.box
adffnluqtfhagh.fritz.box
adjatcmdsn.fritz.box
adjyxnctdooyn.fritz.box
adnauseam.fritz.box
aedxjqyvgldlyp.fritz.box
aegjzkljhquljsz.fritz.box
aenlznued.fritz.box
aeqyroa.fritz.box
aexhvbk.fritz.box
aeziguusrtqhuat.fritz.box
afbvpeiiw.fritz.box
afffamsli.fritz.box
aftenbladet.fritz.box
agkdudxztpsfa.fritz.box
agksbddztjijll.fritz.box
agmlvchke.fritz.box

and so on, i am lightyears far of a hero in regex, the syntax i mentioned earlier is not ok as well.

\.fritz\.box$

thanks, but this is the result at regex101.com


There is something with the flags on the right in the red cirkel, how to interpret these ?

1 Like

Why "but"? On the right hand side you see "Full match" multiple times. Job done.



On both seperatly, 1 match, both on is the printscreen from my previous reply

If it is allmatch, does it mean that all is blocked AndrewZ ? that is what i want.
I have 1200 queriesnames to fritz.box

Once you use the right syntax - all of them should be blocked, I believe you can easily test this.

ok, that sounds good, thank you for the help !

So... Can anyone explain my question...?

Well, if you read the regex tutorial you'll see that a period matches any character. So yes, the regex

fritz.box

matches

fritz.box

indeed. But it also matches, e.g.,

fritzabox
fritz1box

etc. So in order to make sure that those cases are not matched you have to escape the period.