IPFire introduces free domain blocklist DBL

The IPFire project has introduced DBL, a comprehensive, community-curated domain blocklist. Unlike competing projects, DBL categorizes millions of domains by threat type rather than lumping them into one massive, monolithic list. The developers aim to solve problems with existing blocklists, which they say are resource-intensive and take control away from users.

IPFire DBL currently includes several categories: malware domains are blocked before retrieving malicious payloads or command-and-control connections, and phishing sites are filtered to intercept credentials. Other categories cover advertising, pornography, gambling, gaming platforms, and DNS-over-HTTPS servers. The latter category aims to maintain network visibility and prevent the circumvention of DNS blocks.

The blocklist uses open standards such as DNS Response Policy Zones (RPZ) with AXFR and IXFR support for instant updates, Squidguard for proxy-based filtering, and the Adblock Plus format. This allows DBL to be integrated into common tools like Pi-hole, BIND, Unbound, PowerDNS, or pfSense. The lists are updated hourly to respond promptly to new threats.

Community reporting and Legal Advantages

Through an online reporting system, users can report incorrectly blocked domains (false positives) and submit new malicious domains. Community intelligence ensures that corrections are quickly incorporated. The IPFire developers emphasize that, unlike many aggregated third-party lists, they have full legal control over their data. The code is under GPLv3+, and the lists themselves are under Creative Commons Attribution-ShareAlike 4.0 (CC BY-SA 4.0). This means the lists can be freely used and shared, but derivative works must be under the same license.

DBL was also created in response to the discontinuation of the Shalla-List, which was retired in early 2022, affecting many users of pfSense, pfBlockerNG, and other systems.

Integration into Core Update 200

IPFire DBL will also be integrated into Core Update 200, which has been available as a test version since January 30, 2026. In addition to Linux Kernel 6.18 LTS, the new version includes a preview of DBL in the URL filter and Suricata. The latter integration enables deep packet inspection at the DNS, TLS, HTTP, and QUIC levels to enforce comprehensive blocking. This makes IPFire itself a provider of Suricata rules. The developers describe it as “unprecedented visibility into network activities.” A final release date for Core Update 200 has not yet been set, and the community is invited to evaluate the beta version. The project has also launched a fundraiser to finance development time for features such as RPZ integration.

Those who wish to use DBL in other network environments can find instructions for integration into DNS resolvers, browser extensions, and other network tools. Open-source alternatives like the StevenBlack hosts list, OISD, or Hagezi offer similar functionalities but rely less on community reporting and categorization.

The IPFire team has published further details in its blog.

(fo)