Region Blocking



  • Avatar
    rotblitz (Edited )

    A recursive DNS service (like OpenDNS) generally does not perform a reverse (PTR) lookup if you query it for an A or AAAA record.  Not sure if you considered the consequences, but implementing such a feature would mean:

    • OpenDNS change their software to perform a reverse lookup after every A or AAAA query.  This would nearly double their volume and would require also significant hardware investments throughout their data centers across the globe.
    • Introducing some 200+ new categories, one for each country and major region.
    • Filling these categories with domain names in question.  These and the IP address assignments keep changing over time and require a lot of data maintenance, i.e. personnel and time.

    So, bad chances that this will ever be implemented for a free service like OpenDNS...
    Btw, similar functionalities are already implemented in their commercial Umbrella service.

    "How do I block all domains which map back to IP's which are in the Ukraine?"

    Start with adding ua to your "always block" list.  Beside this, services for IP address based blocking are available and can also be a local function.  See if your router supports blocking of IP addresses and ranges, and use this feature for blocking.  In addition, as I said, you may subscribe to the Umbrella service which has such functionality.  You can combine this with a service like Meraki GEO IP blocking.

  • Avatar

    You can block the whole country code domain with the free OpenDNS Home.


  • Avatar

    Yes, this is what I said already: "Start with adding ua to your "always block" list."

  • Avatar

    Not sure if I understand why a reverse lookup is needed, as the answer (in cache) already contains the IP that can be matched (as example) against a GEO IP region/country list (like maxmind).

    I think this is what is asked for (feature request).

    Blocking a country by TLD (ccTLD) is already possible but has a very limited reach as anyone can use any TLD no matter what country. The combination of the two, requests matched against ccTLD and responses against GEO IP would be perfect.

    Just my 2 cents. ;-).

Please sign in to leave a comment.