We’re launching a powerful new feature today. We are giving you the power to block specific websites. That means you can protect your computer, your house, your office and anything else that uses DNS from being able to service domains that you don’t want to load. Oh, and best of all: This service is totally free.

When customers started to ask for this feature we wondered who would want this. The geeks here in the office remarked that this kind of blocking would be trivial with a Linux server and some proxy/filtering software installed. Then it quickly dawned on us. (Eureka!) It’s not just mom and dad at home who have no easy way to just block an individual domain with any ease but it’s also network administrators at offices. Network administrators can now block problem domains for their entire office in a simple way without having to pay 1000’s of dollars in new hardware and time to achieve similar functionality. Does your ISP’s DNS server let you do this?

Blocking domains is really easy. Here’s how you do it:

  1. Sign in to your OpenDNS account and make sure you have a network configured.
  2. Go to the Networks tab in your account and click on the Settings icon () for your network.
  3. Click on the Blocked domains link and add a domain to be blocked.

You can delete or edit blocked domains on that same page. When you block a domain you block what is technically called a “zone.” This means it also blocks all sub-domains. Here’s an example. If you block craigslist.org then you’ll also be blocking la.craigslist.org (Craigslist Los Angeles) and sfbay.craigslist.org (Craigslist San Francisco), etc. If, instead, you just blocked newyork.craigslist.org then the rest of the Craigslist properties would load just fine.

When you try to visit a domain that is blocked in your network you’ll see a page that looks like this:

Since this is your network, we will show your logo on the blocked page, just as we do on the Guide pages. What? You haven’t uploaded your own logo yet? Go do it now, and go block some domains!

Let us know what you think!

  • This is nice, but what I’m really running into more and more is that I’d like any domain example.org where example.org doesn’t exist but http://www.example.org does a redirection to the latter address. Of course, this could be optional, but I still don’t see any downsides (I suggested it some time ago, it was said you were looking into it). Any news on that?

  • Mysterious1der

    Since OpenDNS is a DNS service (and a darned good one at that!), not a true content filtering service, does that mean that typing IP addresses into your address bar will still work?

    I don’t mean so be a naysayer since I love you guys and I’m glad to see all the new features, but I think people should know where the holes in the blocking are.

    **Update: Just tested this feature: I was able to block google.com, but not

  • Martin

    Of course, if someone decides to go get the IP from another source (a website, another DNS server, their home pc), this won’t do anything….

  • Deep

    Wooooooooooooooow … thanks a lot for this amazing addition and also giving it out for free …. ….

    I wish you all the best … a big ~~*HUG*~~ for all you there … 😀

  • I like it 🙂 But, any possibility to make it not so obvious? lol.

    Lately, I’ve just been using HOSTS files across all 3 computers, to restrict access to certain domains by routing them to (internet bad guys) and I just sorta “play stupid” and blame it on the ISP 😛

  • Sam

    As a network administrator this is very useful, thanks!!

  • IanP

    Surely I can do this already just by adding a filter into my routers.

  • Dougie Lawson

    Wow, thanks for this. I had been doing this with

    zone “bad-nasty-domain.com” { type master; file “db.block.addr”; };
    in my /etc/named.conf

    and a dummy zone file

    $TTL 24h
    @ IN SOA machine.my-own-domain.co.uk admin.machine.my-own-domain.co.uk. ( 1 86400 300 604800 3600)
    @ IN NS my-own-domain.co.uk.
    @ IN A
    * IN A

    I like your system better, it’s easier to manage (more dynamic) and I can be sure my kids machines will get blocked since they get the OpenDNS addresses from my home router. I can take my home server out of that config (if I choose). They also won’t moan so much if my home server is unavailable.

    Thank you.

  • IanP,

    You might be able to do this on your own router… as I point out in my post… but it’s complicated and a PITA. Why not make your life easier? 🙂

  • i have at least few hundreds of bad domains i like to block.
    entering them one by one will take … few days if i’m doing just this one thing….

  • @dennyhalim – domain blocking isn’t for hundreds of domains. It’s a pinpoint, precision tool. It’s not a category filter, like our phishing protection or our adult filtering (in the works). As we watch how people use the feature, we’ll adjust the limits or decide what else needs to be done.

    @Martin – by definition, yes, IP addresses don’t go through DNS. But how many people want to fight through that? There’s a reason we all depend on DNS — IP addresses are no fun to remember/track down, and they change.

  • Do you have any plans to make a feature that makes and exception to that block, Like I use myspace, but I dont wnat my little brother on myspace, he is too young to be on it. any way to do that?

  • pdabr


    This now means that I can block all of .cn and .ru from my mum’s connection, and also occasionally add suspicious domains we see reported in various security fora.

  • @Andy – we’ll consider additional complexity in the future. Keeping it nice and simple for now. 😉

    @pdabr, you just made my colleague David very happy, based on an internal discussion about how much flexibility w/r/t TLDs should be provided. Have fun.

  • Pingback: links for 2007-05-15 « insignificant thoughts()

  • Pingback: Dragos Lungu Dot Com()

  • how well does this protect against PROXYs?

  • howbt providing and option for admins to see a blocked website after typing in a password?

    example. parents want to use myspace.com but not for their kids?

  • Pingback: Block the bad guys with OpenDNS! « Bloggitation()

  • Great work guys, another fantasticly helpful feature!!

  • If many users block a specific web site, will you take the hint and block it for everyone else, as a “preventive measure”?

    Are everyone’s entries truly private?

  • Great! You rock! Hope this feature expands to take over the internet!

  • Tim Thein

    It’s a nice feature but using it created a few unexpected results. Internet Explorer complains about security certificate errors when accessing a web page using secure http and the web page contains references to blocked domains. For example, when I sign into BankOfAmerica.com to view my account, the web page has a few references to doubleclick.net which I blocked because that domain is a big source of web advertisements.

  • Christoph

    So I blocked a couple advertising servers (doubleclick.net, atdmt.com, and advertising.com are the top offenders).

    But something I noticed is that they still show up in the Top Domains Resolved list. Is this intentional? Perhaps a new list is needed called something like Top Domains Blocked. Otherwise the blocked domains just spam the normal Top Domains Resolved list.

    (For me, ad.doubleclick.net, view.atdmt.com, and servedby.advertising.com still show up my Top Domains Resolved list)

  • @Christoph, reasonable point. It’s not intentional, but it’s something we’ll take a look at.

  • theo

    Perhaps OpenDNS should consider a menu of blockable sites. For example, the military regularly configures its firewalls to block outbound traffic to domains in hostile contries, under the assumption that any traffic bound to them is generated by malware or trojans – or spies. One possible drawback – such malware may rely on IP addresses, and not require DNS lookup.

    Great service, guys…keep it up.

  • CoolWolf_Uk

    1. Couldn’t direct IP access be blocked by your proxy by blocking the .0 thru .255 tld’s?

    2. The OpenDNS Updater could do with a couple of adjustments:

    2a. A hide Taskbar/Tooltip icon when run as a Service option.

    2b. A filter from this with name option for requests from this computer, used with more than 1 computer on a single ip network.

  • bderen

    Great feature but even with all the categories I needed to block the cap of 50 individual domains is very limiting, I already reached that. Please help, I can’t understand how this cap is enough for all these big name companies you’ve listed as users on this website.

  • routemebaby

    I don’t want to signup how can I use OPENDNS?

  • Hi routemebaby,

    If you don’t want to sign up, you don’t need to – simply change your DNS to OpenDNS’ ( & and you’ll be set.