• Is there a guide or thread explaining the basic differences between DNSBL vs IPV4 rules?

  • Moderator

    There are feeds that have a list of malicious IPs and there are feeds that have a list of ADvert domains and/or Malicious domains…

    So with IP blocking, you will block the whole IP addresses.
    With DNSBL, you will block the DNS request to those domains but this could be circumvented by accessing the literal IP address (unless those IPs are blocked in an IP block list).

    Sometimes an IP can host several domains (sometimes hundreds..), so with an IP block it would block access to all the domains on that IP.... But blocking via Domain name, you are limiting the blocking to the known Domains only.

    There are plus and minuses for both.... I find it best to block and deal with the False positives as the appear. You can suppress a Blocked IP and/or create a Permit rule to allow a blocked IP before a block rule takes effect. With DNSBL you can whitelist a domain.