There are 3 ways to block a domain. What are pros and cons of each?

So, I read this article about sites using my CPU for crypto-mining and I want to block access to elthamely[dot]com and hatevery[dot]info. But how?

There seem to be three competing options to block a domain.

  1. I can create two outbound firewall rules, one for each domain (Advanced -> Access Rules)
  2. I can use Local DNS records with an IP address of 127.0.0.1 (Network -> Network settings -> DNS Proxy Settings)
  3. I can use the Customized Domains feature of Web Blocking (Advanced tab -> Content Blocking)

What are the pros and cons of each approach?

One advantage of a firewall rule is that the blocking can be logged.

If web blocking only applies to HTTP/HTTPS then I do not want to use it as I’d like to block these domains (and others) entirely, not just when referenced from websites.
Thank you.

Outbound firewall rules
Pros
Can block the domains regardless of the protocol.
Cons
You need to find the related sub-domains which associated with the domain you are accessing.

Local DNS records
Pros
You can block the required domains easily.
Cons
An advanced user may bypass the domain resolving from router.

Customized Domains
Pros
There are pre-loaded domains in the device which may help to block the unwanted domains.
Cons
You need to find the related sub-domains which associated with the domain you are accessing. It blocks the HTTP/HTTPS protocol only.

I would suggest using Local DNS record and Outbound firewall rules (when needed).

Hope this helps.

1 Like

TK,

I don’t follow this point regarding an outbound firewall rule.

As for Local DNS records, why are they easy? Is it because blocking x.com also blocks a.x.com and b.x.com and c.x.com?

And while advanced users can force their devices to use their desired DNS servers, I always thought the router can over-ride that. Doesn’t the router have the final word?

Thank you.
Michael

These are the sub-domains I am referring to.

You just need to specify the domain you want to redirect (e.g. www.youtube.com) then will do. You no need to find the sub-domain as I mentioned above.

If the advanced user configures www.youtube.com in the hosts file (Windows machine), there will be no DNS Lookup for www.youtube.com from the user.

1 Like