Frequently Asked Questions

What is IPFire DBL and how does it work?

IPFire DBL (Domain Blocklist) is a free, community-maintained domain blocklist that protects your network by blocking malicious, unwanted, or inappropriate domains before they reach your devices.

Rather than forcing one massive list on everyone, DBL organises domains into specific categories — such as Malware, Phishing, Advertising, or Gambling — so you can choose exactly what to block based on your own needs.

It integrates with DNS resolvers, firewalls, IPS systems, and browser extensions using open industry standards.

Is IPFire DBL only for IPFire users?

No. While IPFire DBL is built and maintained by the IPFire team and is natively integrated into IPFire's URL Filter and Suricata IPS, it is a completely standalone project designed to work with virtually any compatible tool.

If your setup supports RPZ, domain lists, hosts files, Suricata rulesets, or Adblock Plus syntax, you can use IPFire DBL regardless of what firewall or platform you run.

Why was IPFire DBL created?

The IPFire team had been dissatisfied with the available blocklist options for years. The problem became more pressing when some prominent lists were discontinued.

This left a significant gap for users who needed reliable, categorised domain filtering.

IPFire DBL was built from the ground up to fill that gap with something more accurate, legally sound, and community-powered.

What license is IPFire DBL released under?

The code powering IPFire DBL is licensed under GPLv3+.

The lists themselves are released under the Creative Commons Attribution-ShareAlike 4.0 (CC BY-SA 4.0) licence — meaning they are free to use and share, but any derivative works must be released under the same licence and must give appropriate credit.

What categories are available?

IPFire DBL offers various categories covering a wide range of threat and content types, from security-focused lists like Malware and Phishing through to content categories such as Gambling, Pornography, and Social Networks.

You can browse all available categories here.

How often are the lists updated?

The lists are updated continuously as new threats are identified and community reports are reviewed.

If you are using RPZ via AXFR/IXFR, your resolver will automatically pick up incremental changes as they are published — you only ever download what has changed, not the full list every time.

If you are using the plaintext download formats, you should schedule periodic fetches to keep your local copy current.

Do I need to use all the categories?

Not at all — that is the point.

Each category is entirely independent and you can subscribe to as many or as few as you need. A home user might only want Malware and Phishing. A school might add Pornography, Violence, and Social Networks. A corporate network might add Advertising and Gambling on top of the security-focused categories.

You are in full control of which lists your resolver or firewall enforces.

Can I use multiple categories at the same time?

Yes. Each category is an independent list and can be combined freely.

Most DNS resolvers that support RPZ allow you to load multiple zones simultaneously, each enforcing a different category. Simply add an additional RPZ configuration block for each category you want to enforce.

How do I report a domain that should be blocked?

If you come across a domain you believe should be listed — such as a phishing site, malware distribution point, or content that fits one of our categories — you can submit it via the Report page.

How do I report a false positive?

If a legitimate domain has been incorrectly listed, please let us know via the Report page.

False positive reports are taken seriously — accuracy is a core goal of IPFire DBL and we aim to act on confirmed false positives promptly.

How quickly are reports reviewed?

Reports are reviewed by the IPFire DBL maintainers as part of the regular update cycle. While we cannot guarantee a specific turnaround time, security-related reports such as active phishing or malware domains are prioritised.

What happens to domains that are reported but not listed?

Every report is reviewed, but not every reported domain will be added to a list.

A domain may be rejected if it does not clearly fit a category, if the evidence is insufficient, or if it is already delisted following a false positive review.

Reporters will receive feedback via the report system.

How can I get more involved?

If you want to go beyond submitting reports — for example contributing code, proposing new domain sources, or discussing the direction of the project — the right place is the IPFire DBL mailing list.

You can subscribe by sending an email to dbl+subscribe@lists.ipfire.org.

This is where the development conversation happens and where new contributors are most welcome.

Is there an API for querying the lists programmatically?

Yes. IPFire DBL provides a REST API available at api.dbl.ipfire.org.

It allows you to query individual domains, browse lists and their contents, retrieve list history and sources and search across the DBL.

It is the best option if you want to integrate IPFire DBL data into your own tooling.

Are there rate limits on downloads or zone transfers?

We ask that you be considerate with download frequency. If you are using RPZ via AXFR/IXFR, your resolver will handle this efficiently by only fetching incremental updates.

If you are periodically downloading plaintext files, please avoid fetching them more often than necessary — once per hour should be more than sufficient for most use cases.

How can I contribute a new domain source or feed?

If you know of a reliable source of domain data that would improve one of our categories, we'd love to hear about it. The best place to propose new sources is the IPFire DBL mailing list where the maintainers and community can evaluate it together.

If you are periodically downloading plaintext files, please avoid fetching them more often than necessary — once per hour should be more than sufficient for most use cases.

How can I contribute to the code?

Code contributions and discussion happen on the IPFire DBL mailing list. If you want to get involved, subscribing is the first step — it is where patches are reviewed, ideas are discussed, and development is coordinated.

Can I suggest a new category?

Yes. Category suggestions are welcome on the IPFire DBL mailing list. Bear in mind that new categories require reliable sources, clear inclusion criteria, and ongoing maintenance, so bringing a concrete proposal to the list will give your suggestion the best chance of being taken forward.

Who maintains the IPFire DBL?

IPFire DBL is maintained by the IPFire team and community. The project is built by the same people behind the IPFire firewall distribution, who bring years of experience in network security and edge protection.

Do you aggregate data from third-party lists?

Yes, in part. IPFire DBL draws on a combination of community-curated data, automated threat feeds, and selected third-party sources.

A key principle of the project is that we only include sources where we have the legal right to do so — unlike many aggregated blocklists that redistribute data without clear licensing.

You can inspect the sources for any individual list via the lists page.