There are 3 ways to block a domain. What are pros and cons of each?

So, I read this article about sites using my CPU for crypto-mining and I want to block access to elthamely[dot]com and hatevery[dot]info. But how?

There seem to be three competing options to block a domain.

  1. I can create two outbound firewall rules, one for each domain (Advanced -> Access Rules)
  2. I can use Local DNS records with an IP address of (Network -> Network settings -> DNS Proxy Settings)
  3. I can use the Customized Domains feature of Web Blocking (Advanced tab -> Content Blocking)

What are the pros and cons of each approach?

One advantage of a firewall rule is that the blocking can be logged.

If web blocking only applies to HTTP/HTTPS then I do not want to use it as I’d like to block these domains (and others) entirely, not just when referenced from websites.
Thank you.

Outbound firewall rules
Can block the domains regardless of the protocol.
You need to find the related sub-domains which associated with the domain you are accessing.

Local DNS records
You can block the required domains easily.
An advanced user may bypass the domain resolving from router.

Customized Domains
There are pre-loaded domains in the device which may help to block the unwanted domains.
You need to find the related sub-domains which associated with the domain you are accessing. It blocks the HTTP/HTTPS protocol only.

I would suggest using Local DNS record and Outbound firewall rules (when needed).

Hope this helps.

1 Like


I don’t follow this point regarding an outbound firewall rule.

As for Local DNS records, why are they easy? Is it because blocking also blocks and and

And while advanced users can force their devices to use their desired DNS servers, I always thought the router can over-ride that. Doesn’t the router have the final word?

Thank you.

These are the sub-domains I am referring to.

You just need to specify the domain you want to redirect (e.g. then will do. You no need to find the sub-domain as I mentioned above.

If the advanced user configures in the hosts file (Windows machine), there will be no DNS Lookup for from the user.

1 Like