Pi-hole’s regex filters are surprisingly powerful, allowing you to block domain patterns that traditional wildcard blocking can’t touch, and they often get misinterpreted as just "advanced wildcards."
Let’s watch this in action. Imagine you have a bunch of ads from a specific advertiser, say ads.example-tracker.com, media.example-tracker.com, and video.example-tracker.com. You want to block them all, but also any future subdomains that might pop up from example-tracker.com. A simple wildcard *.example-tracker.com would miss ads.example-tracker.com if that specific subdomain isn’t explicitly listed. This is where regex shines.
Here’s how you’d set it up in Pi-hole:
- Navigate to Group Management -> Domains.
- Click Add Domain.
- In the Domain field, enter the regex pattern:
(^|\.)example-tracker\.com$ - Select the Domain Type: Wildcard (this might seem counterintuitive, but Pi-hole treats regex patterns entered here as wildcards when matching).
- Choose the Group to apply the block to (e.g., "Default").
- Click Add.
Now, when your devices try to resolve ads.example-tracker.com, media.example-tracker.com, video.example-tracker.com, or even new-ad-server.example-tracker.com, Pi-hole’s regex engine will match them against (^|\.)example-tracker\.com$.
Let’s break down the regex (^|\.)example-tracker\.com$:
^: Matches the beginning of the string. This ensures we’re matching from the start of the domain name.|: This is the "OR" operator. It means match what’s before it OR what’s after it.\.: Matches a literal dot (.). We need to escape it with a backslash (\) because a dot in regex normally matches any character.example-tracker\.com: Matches the literal string "example-tracker.com".$: Matches the end of the string. This ensures thatexample-tracker.comitself is matched, and not something likeexample-tracker.com.malicious.net.
So, the entire pattern (^|\.)example-tracker\.com$ means: "Match if the string starts with example-tracker.com OR if it contains a dot (.) followed by example-tracker.com." This effectively covers example-tracker.com and all its subdomains.
The core problem Pi-hole’s regex filters solve is dynamic, pattern-based blocking that goes beyond simple exact matches or single-level wildcards. Many ad networks and tracking services use a hierarchical or patterned subdomain structure. A single regex can capture an entire family of domains that might otherwise require dozens, if not hundreds, of individual wildcard entries. This is particularly useful for blocking telemetry from smart TVs, IoT devices, or specific advertising domains that change subdomains frequently.
Consider another common scenario: blocking all subdomains of a specific service, but not the root domain itself if you happen to need it for some legitimate reason. The pattern (^|\.)sub\.example\.com$ would block tracker1.sub.example.com, tracker2.sub.example.com, but not sub.example.com. If you wanted to block all subdomains of example.com except www.example.com, you’d use two regex filters:
^example\.com$(to allow the root)(^|\.)example\.com$(to block all subdomains) You’d place theALLOWrule in a higher priority group than theBLOCKrule.
The Domain Type setting in Pi-hole for regex is crucial. When you select "Wildcard" for a regex pattern, Pi-hole’s underlying dnsmasq (or unbound if you’re using it) interprets this as a regex match against the incoming query. If you selected "Domain" or "Wildcard" without using regex syntax, it would be treated as a literal string or a glob pattern respectively.
The most surprising aspect of Pi-hole’s regex filtering is how it interacts with the Group Management feature. You can assign different regex blocklists to different groups of clients. This means your "IoT Devices" group could have a very aggressive regex filter for telemetry domains, while your "Work Devices" group might have a more relaxed set, all managed from the same Pi-hole instance. It’s not just about blocking; it’s about granular policy enforcement based on domain patterns across different network segments.
The next thing you’ll likely explore is how to combine regex with Pi-hole’s API for dynamic list management, allowing you to update blocking patterns programmatically based on external threat intelligence feeds.