If you manage a network at home, or an office, you might want to take control of what is happening on your network. There are different solutions available, but one of the most effective options is to leverage the Domain Name System (DNS).
Because of how DNS works, you don’t have to use a content filtering service like CleanBrowsing (we wouldn’t be mad if you did) to leverage this technology.
TLDR – get to the point with these quick links:
1 – 1-Click configuration with CleanBrowsing
Local DNS Resolvers
One option that is often overlooked is your ability to manage DNS locally on the device. Whether a Windows, Mac or Linux Operating System (OS) you have the option to build whatever rules you want on the machine by modifying the systems HOSTS file.
Windows
If you’re using Windows, the hosts file is located here: c:windowssystem32driversetchosts
Tech talk: Open this file using NotePad, but open NotePad as administrator for changes to take effect.
Mac / Linux:
If you’re using a Mac or Linux, the hosts file is located here: /etc/hosts
Tech talk: Open this file using sudo with your favorite terminal editor.
These simple files allow you to create your own mappings for the internet. This means if you own the device, you can do something like this: 0.0.0.0 badexample.com
This tells your machine to go to 127.0.0.1 to look for badexample.com. This configuration will route all requests from your localhost, which means it will fail and the user on the device will not be able to access the requested domain.
Illustration Shows how DNS works
The illustration above helps depict how, and why this works. That hosts file functions as a local resolver for your machine, and you have the ability to intercept the request before it goes to the internet.
How to Block Instagram on a Device using Local DNS Resolver
Option 1: One-Click Configuration
If you’re wondering if there is a better way to do this, the answer is a resounding yes. Using a DNS filtering service like CleanBrowsing, you can do what we have shown above with a simple toggle of an option.
Navigate to the Custom Domains page in your account, and toggle the configuration to Blocked (read more about Custom Domains and how it works):
Option 2: Configure Local DNS Resolver
With this new understanding of how DNS works, and how we can leverage our local DNS resolver. Let’s put this into practice.
Let’s say that your kids are spending way too much time on Instagram and you want to disable their access on their machine. Or maybe you have a partner that is a bit too addicted to social media platforms like Instagram.
No worries, you will add the following entries into your hosts file. These are the domains used by Instagram:
#Blocking Instagram Domains
0.0.0.0 instagram.c10r.facebook.com
0.0.0.0 api.instagram.com
0.0.0.0 black.ish.instagram.com
0.0.0.0 i.instagram.com
0.0.0.0 instagram-shv-01-ams2.fbcdn.net
0.0.0.0 instagram-shv-01-ams3.fbcdn.net
0.0.0.0 instagram-shv-01-ash5.fbcdn.net
0.0.0.0 instagram-shv-01-atl1.fbcdn.net
0.0.0.0 instagram-shv-01-bru2.fbcdn.net
0.0.0.0 instagram-shv-01-cai1.fbcdn.net
0.0.0.0 instagram-shv-01-cdg2.fbcdn.net
0.0.0.0 instagram-shv-01-dfw1.fbcdn.net
0.0.0.0 instagram-shv-01-fra3.fbcdn.net
0.0.0.0 instagram-shv-01-gru1.fbcdn.net
0.0.0.0 instagram-shv-01-hkg2.fbcdn.net
0.0.0.0 instagram-shv-01-iad3.fbcdn.net
0.0.0.0 instagram-shv-01-kul1.fbcdn.net
0.0.0.0 instagram-shv-01-lax1.fbcdn.net
0.0.0.0 instagram-shv-01-lga1.fbcdn.net
0.0.0.0 instagram-shv-01-lhr3.fbcdn.net
0.0.0.0 instagram-shv-01-mad1.fbcdn.net
0.0.0.0 instagram-shv-01-mia1.fbcdn.net
0.0.0.0 instagram-shv-01-mxp1.fbcdn.net
0.0.0.0 instagram-shv-01-nrt1.fbcdn.net
0.0.0.0 instagram-shv-01-ord1.fbcdn.net
0.0.0.0 instagram-shv-01-sea1.fbcdn.net
0.0.0.0 instagram-shv-01-sin1.fbcdn.net
0.0.0.0 instagram-shv-01-sjc2.fbcdn.net
0.0.0.0 instagram-shv-01-syd1.fbcdn.net
0.0.0.0 instagram-shv-01-tpe1.fbcdn.net
0.0.0.0 instagram-shv-01-vie1.fbcdn.net
0.0.0.0 instagram-shv-02-cai1.fbcdn.net
0.0.0.0 instagram-shv-02-hkg2.fbcdn.net
0.0.0.0 instagram-shv-03-ash5.fbcdn.net
0.0.0.0 instagram-shv-03-atn1.fbcdn.net
0.0.0.0 instagram-shv-03-hkg1.fbcdn.net
0.0.0.0 instagram-shv-03-lla1.fbcdn.net
0.0.0.0 instagram-shv-03-prn2.fbcdn.net
0.0.0.0 instagram-shv-03-xdc1.fbcdn.net
0.0.0.0 instagram-shv-04-hkg1.fbcdn.net
0.0.0.0 instagram-shv-06-atn1.fbcdn.net
0.0.0.0 instagram-shv-06-lla1.fbcdn.net
0.0.0.0 instagram-shv-07-ash4.fbcdn.net
0.0.0.0 instagram-shv-07-frc3.fbcdn.net
0.0.0.0 instagram-shv-09-frc1.fbcdn.net
0.0.0.0 instagram-shv-09-lla1.fbcdn.net
0.0.0.0 instagram-shv-12-frc1.fbcdn.net
0.0.0.0 instagram-shv-12-frc3.fbcdn.net
0.0.0.0 instagram-shv-12-lla1.fbcdn.net
0.0.0.0 instagram-shv-12-prn1.fbcdn.net
0.0.0.0 instagram-shv-13-frc1.fbcdn.net
0.0.0.0 instagram-shv-17-prn1.fbcdn.net
0.0.0.0 instagram-shv-18-prn1.fbcdn.net
0.0.0.0 instagram.com
0.0.0.0 instagramstatic-a.akamaihd.net
0.0.0.0 instagramstatic-a.akamaihd.net.edgesuite.net
0.0.0.0 logger.instagram.com
0.0.0.0 platform.instagram.com
0.0.0.0 scontent-iad3-1.cdninstagram.com
0.0.0.0 scontent.cdninstagram.com
0.0.0.0 telegraph-ash.instagram.com
0.0.0.0 white.ish.instagram.com
0.0.0.0 www.instagram.com
That’s it. With this, you will be able to easily control what is happening on the device.
Because this file requires administrator access, as long as you are accounting for least privileged principles (giving users standard privileges) it should be protected from user modifications.
The net outcome of this change, regardless of configuration you choose, should be something like this (i.e., DNS_PROBE_FINISHED_NXDOMAIN):