Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
IPFire has introduced IPFire DBL (Domain Blocklist), a new community-driven filtering platform designed to give administrators greater control over network security policies.
Instead of relying on a single massive blocklist, IPFire DBL organizes millions of domains into clearly defined categories. This allows administrators to enable only the categories that match their organization’s requirements, improving efficiency and reducing unnecessary resource usage.
Available categories include Malware, Phishing, Advertising, Pornography, Gambling, Games, DNS-over-HTTPS (DoH), and more. By using a modular approach, DBL offers more granular policy control compared to traditional all-in-one blocklists.
The project was created in response to long-standing concerns about transparency and redistribution rights in existing third-party lists. IPFire DBL addresses this by maintaining clear licensing:
- The underlying code is licensed under GPLv3+
- The published blocklists are released under Creative Commons Attribution-ShareAlike 4.0 (CC BY-SA 4.0)
IPFire DBL is built on open standards to ensure broad compatibility. It supports:
- DNS Response Policy Zones (RPZ) with AXFR/IXFR transfers
- SquidGuard for proxy-based filtering
- Direct HTTPS downloads in multiple plaintext formats
- Adblock Plus syntax
Thanks to this standards-based approach, DBL can be integrated not only with IPFire but also with other DNS resolvers and filtering solutions such as BIND, Unbound, PowerDNS, Pi-hole, browser extensions, and commercial firewalls that support common formats.
The lists are updated hourly and continuously refined. A built-in reporting platform allows users to submit false positives or newly discovered malicious domains, enabling fast community-driven improvements.
IPFire DBL will be included in Core Update 200, accessible via the existing URL Filter, and will also integrate with Suricata. Additional technical details are expected in future updates.
Although developed for IPFire, DBL is not restricted to it. Because it uses widely supported standards like RPZ and Adblock syntax, the blocklists can be deployed across a wide range of DNS and network filtering environments.
