Pihole Block with Tor Exit Relay

I have a tor exit relays. I block abuse ports and websites such as facebook, adult sites, tiktalk, .gov only, known malware sites and really good adblocker lists. These lists are for less ads and abuse of some sites so my exits relays have good ips. I want more people to use it then being blocked. Is this a good idea? I also keep removing my ip address’s off known block lists as much as possible. I added unbound so my dns is 100% private and locally resolved only. Have a privacy first VPS.

What do you think? This is worth it? Just a lot of work to setup it up but after I feel good about it. PS: There is a big white list so don’t worry. Use it myself/ update it.

1 Like

Hello @CookieMonster22,

Nope, it’s a bad idea. You’re censoring websites and messing up with your exit DNS. Stop doing that ASAP or your exits will be flagged by the bad relay working group.

From the Tor Project official documentation:

Expectations for Relay Operators

  1. Make sure your relay isn’t broken
    Exit relays need a working DNS resolver. Also, don’t use a DNS resolver that censors its answers.

Criteria for rejecting bad relays

There is a range of issues that can make an exit relay being misconfigured:

  • DNS resolution is broken (totally or partially)
  • A DNS provider that censors its results is used (such as some OpenDNS or Quad ( configurations)
  • The exit policy is not honored (i.e. there is a conflict between the announced policy and the actually possible destinations. Possible reasons: firewalling, downstream blocking on the network)

Once we get aware of any of those problems, be it through scanning or reports (see below for how to report issues), we first try to get into contact with the relay operator so they can fix the issue. That’s the reason why it is important for us to have some way to reach operators, e.g. via the ContactInfo field. If that’s not possible then we assign those exit nodes the BadExit flag which tells the Tor client they should not be used in an exit position anymore. We leave them in the network, however, as they are still useful for other purposes (e.g. middle or guard relays).


They have been running for over a year and had no problems. If get any abuse complaints they will stop my service and not refund me… They are no reason why people need to spam facebook, adult sites, tiktalk, .gov. No one logins into these accounts, its abuse. Even if you login into them they will block your account. Google - Youtube is allowed. If so there are many different exits then mine. I’ll remove the ad blockers and malware sites. I am about #4 in the country for these exits. So what should I do? Stop running exits and run bridges? I run alot of exits but I don’t log again or judge on what you search or do. I just don’t want my servers to be stopped… Its with unbound so at least it not a dns provider. I eat about 50tb a month on exits. So if you want to lose 50tb then so be it. I have never had the bad exit relay on any server.
The only thing I do is keep the 1-20 highest dns queries then I know if I need block for abuse. I don’t really care about what you do but NO ABUSE.
PS: there was abuse with .gov websites so I blocked it… 5000 queries in a day. Last thing you want to do is upset some in government…

1 Like

You should stop censoring and messing up with your exits DNS. If your ISP complains about abuse and is threatening to cancel your hosting, then either you find a new provider or change to non-exits, or your other exits will get the bad flag too.