IPFire DBL works with virtually any network security tool or DNS resolver. Choose the integration method that fits your infrastructure and start blocking malicious domains in minutes.
The IPFire DBL is published as a Response Policy Zone (RPZ) and can be consumed by many popular recursive DNS resolvers.
Resolvers fetch the list via AXFR/IXFR, store it locally, and only
transfer updates when the zone changes — keeping bandwidth usage
low and resolution fast.
The primary to fetch the zones from is hosted at
primary.dbl.ipfire.org and TLS is available.
If your DNS software does not allow to fetch the lists using AXFR/IXFR, a HTTPS download is also available as a fallback.
recursor: rpzs: - name: NAME.rpz.ipfire.org addresses: - 'primary.dbl.ipfire.org'
server: module-config: "respip validator iterator" rpz: name: NAME.rpz.ipfire.org primary: primary.dbl.ipfire.org zonefile: /var/cache/unbound/NAME.rpz.ipfire.org.zone
Ensure to replace NAME with the list you want to block:
| List | Zone | Download |
|---|---|---|
| Advertising | ads.rpz.ipfire.org | Download |
| Dating | dating.rpz.ipfire.org | Download |
| DNS-over-HTTPS | doh.rpz.ipfire.org | Download |
| Gambling | gambling.rpz.ipfire.org | Download |
| Games | games.rpz.ipfire.org | Download |
| Malware | malware.rpz.ipfire.org | Download |
| Phishing | phishing.rpz.ipfire.org | Download |
| Piracy | piracy.rpz.ipfire.org | Download |
| Pornography | porn.rpz.ipfire.org | Download |
| Smart TV | smart-tv.rpz.ipfire.org | Download |
| Social Networks | social.rpz.ipfire.org | Download |
| Violence | violence.rpz.ipfire.org | Download |
IPFire DBL lists are also available as a regular blocklist in DNS. That way, you can quickly check if a domain is listed in a specific category without fetching the entire list.
# dig +short A example.tld.NAME.dbl.ipfire.org 127.0.0.2
The response will be 127.0.0.2 for any listed domains,
and NXDOMAIN otherwise.
Use DNSSEC to ensure the authenticity of the data.
| List | Zone |
|---|---|
| Advertising | ads.dbl.ipfire.org |
| Dating | dating.dbl.ipfire.org |
| DNS-over-HTTPS | doh.dbl.ipfire.org |
| Gambling | gambling.dbl.ipfire.org |
| Games | games.dbl.ipfire.org |
| Malware | malware.dbl.ipfire.org |
| Phishing | phishing.dbl.ipfire.org |
| Piracy | piracy.dbl.ipfire.org |
| Pornography | porn.dbl.ipfire.org |
| Smart TV | smart-tv.dbl.ipfire.org |
| Social Networks | social.dbl.ipfire.org |
| Violence | violence.dbl.ipfire.org |
All IPFire DBL lists are also available as downloadable domain and hosts files.
These formats are intended for setups where the lists are consumed directly, for example by firewalls, filtering proxies, custom scripts, or systems using hosts-file based blocking. The files can be fetched periodically and applied locally.
IPFire DBL lists are available as a ruleset for Suricata which can filter:
Click below to automatically subscribe to our blocklist in compatible clients:
IPFire DBL is natively integrated into IPFire in the following features: