We often get asked: “Can your DNS service block access to a specific IP address?”
The short answer is: No, DNS resolvers don’t control IP-based traffic. But we’ll explain why, and what options you do have if you need to block IPs on your network.
TLDR;
| Feature | DNS Resolver (like CleanBrowsing) | Firewall (Router or Device) |
|---|---|---|
| Blocks domain names | ✅ Yes | ❌ Not directly |
| Blocks direct IP access | ❌ No | ✅ Yes |
| Works without DNS lookup | ❌ No | ✅ Yes |
| Controls app-level connections | ❌ No | ✅ Yes (in some cases) |
✅ What a DNS Resolver Does
A DNS (Domain Name System) resolver is like a phonebook for the internet. Its job is to:
- Convert domain names (like
example.com) into IP addresses (192.0.2.1) - Help your device connect to websites and services using domain names
That’s it. A resolver never sees or manages direct IP traffic — it only responds to requests asking “what is the IP address for this domain?”
🚫 Why DNS Can’t Block IP Addresses
When you try to block something using DNS, you’re relying on domain names. But IP-based traffic doesn’t need DNS to work.
For example:
- If a user types
http://93.184.216.34directly into their browser, no DNS request is made - If an app connects to
203.0.113.77in the background, it bypasses DNS resolution altogether
In both cases, the DNS resolver is completely unaware and has no ability to stop it.
🔒 How to Block IP Addresses Instead
If you need to block access to specific IP addresses, you’ll need to use tools that operate at the network or system level. Here are your options:
1. Router-Level Firewall Rules
Most modern routers support firewall configurations. You can block:
- Incoming or outgoing connections to specific IPs
- Entire IP ranges or subnets (CIDR blocks)
Tip: Look for “Access Control”, “Firewall”, or “Advanced Filtering” in your router’s admin panel.
2. Local Device Firewalls
On Windows, macOS, or Linux, you can use built-in or third-party firewall tools to:
- Block specific outbound connections
- Prevent apps from reaching known IPs
3. Network Firewalls or UTM Appliances
In business or school environments, dedicated firewalls (e.g., pfSense, Fortinet, Sophos) offer deep packet inspection and advanced IP-based filtering.
🔄 What CleanBrowsing Can Do
Our DNS service allows you to:
- Block domains by category (e.g., adult content, streaming, gaming)
- Block access to specific domains
- Enforce SafeSearch, YouTube restrictions, and more
But we don’t see or control IP-level traffic that’s not associated with a DNS lookup.