Blocky
A fast and lightweight DNS proxy and ad-blocker for the local network written in Go. Improves network performance with customizable blocking, caching, and modern DNS protocol support.
Verified Instrument
Key Features
Blocking with external lists (ad-block, malware) and allowlisting
Allow/denylists per client group (Kids, Smart home devices, etc.)
Periodical reload of external allow/denylists
Regex support for blocking request domains, CNAME, and IP addresses
Custom DNS resolution for certain domains
Conditional forwarding to external DNS servers
Upstream resolvers per client group
Customizable caching for improved resolution speed
Prefetching of often used queries
Multiple external resolvers simultaneously
Low memory footprint
DNS over UDP, TCP, HTTPS (DoH), and TLS (DoT)
DNSSEC validation
Free configurable blocking lists
DoH endpoint
Random upstream resolvers for privacy
Prometheus metrics integration
Prepared Grafana dashboards
Logging of DNS queries in CSV, MySQL, MariaDB, PostgreSQL, or Timescale
REST API endpoints
CLI tool
Simple YAML configuration
Stateless operation
Docker image with Multi-arch support
Single binary for x86-64 and ARM
Why I Recommend This
Blocky is an excellent choice if you want powerful, centralized DNS control for your home network. It acts as a DNS "Swiss Army knife" by combining several critical features into one tool:
- Network-wide ad and malware blocking: By filtering at the DNS level, Blocky stops many ads, trackers, and malicious domains before any device even connects to them. This reduces clutter, improves privacy, and adds a strong first layer of security for every device on your network.
- Flexible, regex-based filtering: Blocky supports advanced rules, including regular expressions, so you can fine-tune exactly what gets blocked or allowed. This is especially useful if you want to handle edge cases or custom domains that generic blocklists don’t cover well.
- Per-client and per-group rules: You can define different policies for different devices or groups of devices. For example, you can apply stricter filtering and safe-search rules to kids’ devices, while keeping more relaxed rules for your own laptop or media server. This per-client granularity makes it much easier to manage a mixed household.
- Modern DNS security (DoH, DoT, DNSSEC): With built-in support for DNS over HTTPS (DoH), DNS over TLS (DoT), and DNSSEC validation, Blocky helps protect DNS queries from tampering and eavesdropping. This is a big upgrade over plain DNS and aligns your home network with modern security best practices.
- Observability with Prometheus and Grafana: Blocky exposes detailed Prometheus metrics, which you can visualize with Grafana dashboards. This lets you monitor query volume, blocked domains, client activity, and performance over time. For anyone who likes to understand and tune their network, this level of visibility is extremely valuable.
Overall, Blocky is highly recommended for home network administrators who want:
- Centralized, network-wide ad and malware blocking
- Fine-grained control over DNS behavior per device or group
- Modern, encrypted, and validated DNS (DoH/DoT/DNSSEC)
- Clear monitoring and insights via Prometheus and Grafana
If you’re running a home lab, a small homelab server, or even just a capable router, Blocky is a must-have component to improve security, privacy, and manageability of your DNS infrastructure.
Comments
Share your thoughts and join the conversation