DnsServer icon indicating copy to clipboard operation
DnsServer copied to clipboard
verified publisher icon TechnitiumSoftware

[App Request] Block Queries matching IP List

Open ghost opened this issue 4 months ago • 4 comments

Hi there.

I would like to suggest an App for blocking Domains which resolve to an IP which is defined in an IP List like Hagezi TIF IPs.

ghost avatar Aug 17 '25 09:08 ghost

Thanks for the request. Will evaluate this once the current work on major upgrade is done.

ShreyasZare avatar Aug 17 '25 12:08 ShreyasZare

Thank you so much, it would improve security when blocking IPs of Domains not listed yet, since multiple malicious domains are often bound to the same host.

ghost avatar Aug 17 '25 12:08 ghost

Wouldn't this be better handled at the router level though? Checking every response against a long IP blocklist seems like a difficult thing to do in a performant way. Especially if you're using a threat list that may have a lot of addresses on them.

And compounded by responses with multiple answers, all of which needs ro be filtered.

At least I think this use case would likely need a lot more complex data structures to ensure dns resolution stays performant. Probably something like the way rdns works...

Pretty sure all the firewall code out ther has had a very long time to optimize the heck out of this partiuclar use case.

ruifung avatar Aug 25 '25 13:08 ruifung

@ruifung Agreed. This is the same opinion that I too had earlier. But not everyone may have such a firewall which supports loading block lists so I think this might be useful for some users.

For the lookup part, I already have production code which can lookup from a large set of IP ranges quickly so implementation is not really an issue.

ShreyasZare avatar Aug 26 '25 07:08 ShreyasZare