IPFire DBL works with virtually any network security tool or DNS resolver. Choose the integration method that fits your infrastructure and start blocking malicious domains in minutes.
The IPFire DBL is published as a Response Policy Zone (RPZ) and can be consumed by many popular recursive DNS resolvers.
Resolvers fetch the list via AXFR/IXFR, store it locally, and only
transfer updates when the zone changes — keeping bandwidth usage
low and resolution fast.
The server to fetch the zones from is hosted at
xfr.dbl.ipfire.org and TLS is available.
If your DNS software does not allow to fetch the lists using AXFR/IXFR, a HTTPS download is also available as a fallback.
recursor: rpzs: - name: NAME.rpz.ipfire.org addresses: - 'xfr.dbl.ipfire.org'
server: module-config: "respip validator iterator" rpz: name: NAME.rpz.ipfire.org primary: xfr.dbl.ipfire.org zonefile: /var/cache/unbound/NAME.rpz.ipfire.org.zone
Ensure to replace NAME with the list you want to block:
| List | Zone | Download |
|---|---|---|
| Advertising | ads.rpz.ipfire.org | Download |
| Dating | dating.rpz.ipfire.org | Download |
| DNS-over-HTTPS | doh.rpz.ipfire.org | Download |
| Gambling | gambling.rpz.ipfire.org | Download |
| Games | games.rpz.ipfire.org | Download |
| Malware | malware.rpz.ipfire.org | Download |
| Phishing | phishing.rpz.ipfire.org | Download |
| Piracy | piracy.rpz.ipfire.org | Download |
| Pornography | porn.rpz.ipfire.org | Download |
| Shopping | shopping.rpz.ipfire.org | Download |
| Smart TV | smart-tv.rpz.ipfire.org | Download |
| Social Networks | social.rpz.ipfire.org | Download |
| Streaming | streaming.rpz.ipfire.org | Download |
| Violence | violence.rpz.ipfire.org | Download |
IPFire DBL lists are also available as a regular blocklist in DNS. That way, you can quickly check if a domain is listed in a specific category without fetching the entire list.
# dig +short A example.tld.NAME.dbl.ipfire.org 127.0.0.2
The response will be 127.0.0.2 for any listed domains,
and NXDOMAIN otherwise.
Use DNSSEC to ensure the authenticity of the data.
| List | Zone |
|---|---|
| Advertising | ads.dbl.ipfire.org |
| Dating | dating.dbl.ipfire.org |
| DNS-over-HTTPS | doh.dbl.ipfire.org |
| Gambling | gambling.dbl.ipfire.org |
| Games | games.dbl.ipfire.org |
| Malware | malware.dbl.ipfire.org |
| Phishing | phishing.dbl.ipfire.org |
| Piracy | piracy.dbl.ipfire.org |
| Pornography | porn.dbl.ipfire.org |
| Shopping | shopping.dbl.ipfire.org |
| Smart TV | smart-tv.dbl.ipfire.org |
| Social Networks | social.dbl.ipfire.org |
| Streaming | streaming.dbl.ipfire.org |
| Violence | violence.dbl.ipfire.org |
All IPFire DBL lists are also available as downloadable domain and hosts files.
These formats are intended for setups where the lists are consumed directly, for example by firewalls, filtering proxies, custom scripts, or systems using hosts-file based blocking. The files can be fetched periodically and applied locally.
IPFire DBL lists are available as a ruleset for Suricata which can filter:
If you are using suricata-update, you can add IPFire DBL as a rule source like so:
# suricata-update add-source "IPFire DBL" https://dbl.ipfire.org/lists/suricata.tar.gz
Or you can manually download the rules:
Download Suricata RulesetClick on the button below and right-click on your desired list to select "Subscribe to filter list..." with your favourite extension.
IPFire DBL is natively integrated into IPFire in the following features:
OpenWrt users can enable IPFire DBL directly through the Adblock package by adding it as an external blocklist feed.
In LuCI, navigate to Services → Adblock → Feed Selection, activate the IPFire DBL feed and select the necessary categories. Finally hit Save & Reload to trigger an Adblock reload so the list is downloaded and included in the active blocklist.
IPFire DBL will be automatically updated according to your Adblock refresh schedule.