AI Tools Blocklist
Home AI Tools Database Taxonomy Pricing
Solutions
Enterprise IT & CISO Education Firewall Admins Shadow AI Prevention
Integrations
Palo Alto Networks FortiGate Cisco Umbrella pfSense REST API
Download Free Sample
DNS Blocking

Block AI Tools at the DNS Layer —
Network-Wide, Zero Client Config

Configure your resolver once and 16,024+ AI-tool domains are sinkholed for every client — desktops, laptops, phones, and IoT devices. No proxy certificates, no browser extensions, no per-machine hosts files.

16,024+AI Domains
5DNS Platforms
DailyUpdates
0msClient Setup
Get DNS Blocklist View Pricing
Why DNS

Why DNS Is the Right Layer for AI Tool Blocking

Every connection to an AI tool starts with a DNS query. If that resolution returns a sinkhole address instead of the real IP, the connection never happens — no data leaves the network.

DNS Query
Sinkhole (0.0.0.0)
Connection Blocked

No TLS handshake occurs. The block is invisible, instant, and comprehensive.

DNS vs. Other Enforcement Points

DNS Sinkhole

Covers every device that resolves DNS through your network — desktops, phones, IoT, guest networks, VPN split tunnels. Zero per-device setup.

Firewall URL Filter

Requires traffic to pass through the firewall. Misses devices on guest networks, IoT segments, or VPN split tunnels that bypass the inspection path.

Browser Extension

Only covers the browser, only on managed machines. Doesn't block IDE plugins, mobile apps, or CLI tools that reach AI services directly.

Hosts File

Requires per-endpoint deployment and ongoing maintenance. Doesn't scale beyond a handful of managed devices.

Available DNS Formats

Our feed publishes 16,024+ classified AI-tool domains at stable HTTPS URLs your resolver can poll on a schedule. New AI tools are classified within 24 hours and picked up on the next refresh automatically.

Pi-hole — Plain-text adlist format
AdGuard Home — Filtering rules and hosts format
Unbound — local-zone / local-data directives
BIND — Response Policy Zone (RPZ) files
dnsmasq — address= directive records

The sections below walk through configuration for each platform. If you run a resolver not listed here, the plain-text domain list (one domain per line) works with any DNS software that supports blocklist imports.

DNS Blocking vs. Other Enforcement Points

100%
Network device coverage
0
Client agents required
<1ms
Blocking latency
18
AI categories covered
Pi-hole

Pi-hole: Add the AI Blocklist as a Custom Adlist

Pi-hole is the most widely deployed DNS sinkhole for home and small-business networks. Adding our AI Tools Blocklist takes two commands — one to register the list URL, one to update gravity.

Pi-hole expects adlists in plain-text format: one domain per line, no protocol prefix. Our feed publishes this exact format at a stable URL, and every subsequent gravity update pulls the latest version automatically.

Adding the Blocklist via CLI

# Step 1: Add the AI Tools Blocklist URL as a new adlist
sqlite3 /etc/pihole/gravity.db \
  "INSERT INTO adlist (address, enabled, comment) VALUES \
  ('https://feeds.aitoolsblocklist.com/v1/domains?format=plain&key=YOUR_API_KEY', 1, 'AI Tools Blocklist - 16,024+ domains');"

# Step 2: Update gravity to download and compile the new list
pihole -g

# Step 3: Verify the domains were loaded
pihole -g -l   # Shows number of domains per list

# Alternative: Add via the Pi-hole web admin
# Navigate to: Group Management → Adlists → Paste URL → Add → Tools → Update Gravity

Once gravity finishes rebuilding, every DNS query matching an AI-tool domain is blocked. Verify by running nslookup openai.com your-pihole-ip — the response should return 0.0.0.0.

Group-Based Blocking

Pi-hole v5+ supports group management, letting you block AI tools for some users while allowing others. Assign adlists to specific groups and assign clients by IP or MAC address.

Create an "ai-blocked" group and assign the AI Tools adlist to it
Assign clients (by IP or MAC) that should be blocked to the group
Clients not in the group are unaffected — engineering keeps code-completion access
All management available through the web UI or the sqlite3 CLI
# Create a group and assign the AI blocklist to it
sqlite3 /etc/pihole/gravity.db "INSERT INTO 'group' (name, enabled, description) \
  VALUES ('ai-blocked', 1, 'Users blocked from AI tools');"

# Get the group ID (e.g., 2) and the adlist ID for the AI blocklist
sqlite3 /etc/pihole/gravity.db "SELECT id FROM 'group' WHERE name='ai-blocked';"
sqlite3 /etc/pihole/gravity.db "SELECT id FROM adlist WHERE comment LIKE '%AI Tools%';"

# Link the adlist to the group (replace IDs as needed)
sqlite3 /etc/pihole/gravity.db \
  "INSERT INTO adlist_by_group (adlist_id, group_id) VALUES (3, 2);"

# Assign a client to the group (by IP address)
sqlite3 /etc/pihole/gravity.db \
  "INSERT INTO client (ip, comment) VALUES ('192.168.1.100', 'Marketing workstation');"

pihole restartdns
AdGuard Home

AdGuard Home: Filtering Rules and DNS Rewrites

AdGuard Home is the go-to alternative to Pi-hole for administrators who want a modern UI with built-in encrypted DNS support. Adding our AI Tools Blocklist is straightforward — add the URL as a custom filter list and AdGuard Home handles the rest.

DoH / DoT

Built-in DNS-over-HTTPS and DNS-over-TLS support out of the box.

Filtering Rules

Fine-grained control with wildcard patterns and rule syntax for individual AI domains.

DNS Rewrites

Redirect AI-tool domains to a custom internal block page instead of returning NXDOMAIN.

AdGuard Home supports both hosts-file format and plain domain list format. We recommend the plain domain format — it parses faster and produces cleaner dashboard statistics.

Adding via the Web Interface

Navigate to Filters → DNS Blocklists → Add blocklist → Add a custom list. Set the update interval to 24 hours under Settings → General → Filters update interval.

YAML Configuration (AdGuardHome.yaml)

# /opt/AdGuardHome/AdGuardHome.yaml (relevant section)
filters:
  - enabled: true
    url: https://feeds.aitoolsblocklist.com/v1/domains?format=adguard&key=YOUR_API_KEY
    name: AI Tools Blocklist
    id: 1694200001

# Filter update interval in hours
filtering:
  filtering_enabled: true
  parental_enabled: false
  safesearch_enabled: false
  safe_browsing_enabled: false
  filters_update_interval: 24

# Optional: custom filtering rules for individual AI domains
user_rules:
  - '||openai.com^'
  - '||claude.ai^'
  - '||anthropic.com^'
  - '||midjourney.com^'
  - '||*.replika.com^'

DNS rewrites let you redirect blocked AI-tool domains to an internal block page. Set up a web server on your network serving the branded notification, then configure DNS rewrites to point AI-tool domains to that server's IP.

Multi-Instance Tip

AdGuard Home does not natively support configuration replication. Use Ansible or a similar tool to keep YAML files synchronized across primary and secondary instances. The blocklist URL is the same on both — each instance downloads and applies the list independently.

Unbound

Unbound: Local-Zone Directives for AI Domain Sinkholing

Unbound is a validating, recursive, caching DNS resolver used extensively in enterprise and ISP environments. It achieves blocklist behavior through local-zone and local-data directives that answer queries locally without forwarding them upstream.

Recommended: Include-File Approach

Use Unbound's include: directive to load local-zone entries from a separate file. This keeps your main unbound.conf clean and makes automated updates trivial — overwrite the include file and reload.

# /etc/unbound/unbound.conf — add include directive for AI blocklist
server:
    # ... your existing server configuration ...
    verbosity: 1
    interface: 0.0.0.0
    access-control: 10.0.0.0/8 allow
    access-control: 192.168.0.0/16 allow

    # Include the AI tools blocklist
    include: "/etc/unbound/ai-blocklist.conf"

# /etc/unbound/ai-blocklist.conf — generated from AI Tools Blocklist feed
# Each domain gets two directives: a local-zone and a local-data record
local-zone: "openai.com." redirect
local-data: "openai.com. A 0.0.0.0"

local-zone: "chat.openai.com." redirect
local-data: "chat.openai.com. A 0.0.0.0"

local-zone: "claude.ai." redirect
local-data: "claude.ai. A 0.0.0.0"

local-zone: "anthropic.com." redirect
local-data: "anthropic.com. A 0.0.0.0"

local-zone: "midjourney.com." redirect
local-data: "midjourney.com. A 0.0.0.0"

# ... 16,024+ domains total

Redirect vs. NXDOMAIN

redirect

Returns the sinkhole address from local-data. Useful for redirecting users to an internal block page. Produces a clear log pattern — all sinkholed queries resolve to the same address.

always_nxdomain

Returns NXDOMAIN, causing browsers to show a generic DNS error. Simpler configuration — no local-data line needed. Less useful for monitoring and user notification.

Performance Impact

~80K
local-zone entries (2 lines/domain)
1–3s
Added startup time
~50 MB
Additional memory

For memory-constrained environments, use category-filtered lists — block "Text & Language" and "Image & Visual" while allowing "Code & Development" through.

BIND

BIND: Response Policy Zones (RPZ) for AI Blocking

BIND is the most widely deployed authoritative and recursive DNS server in the world. Its Response Policy Zone (RPZ) feature is purpose-built for DNS-level blocking — the enterprise-grade approach used for malware, phishing, and now AI-tool domain enforcement.

RPZ Advantages over Hosts-File Blocking

Wildcard entries*.openai.com catches all subdomains automatically
CNAME redirects — Point blocked domains to a custom block page
Policy match logging — Granular logging of every blocked query
Zone transfers — Replicate across multiple BIND instances via AXFR

If you already use RPZ feeds for threat intelligence (Spamhaus, SURBL, or commercial feeds), adding our AI-tool RPZ zone is operationally identical — just another RPZ source.

named.conf Configuration

// /etc/bind/named.conf.options — enable RPZ
options {
    // ... existing options ...
    response-policy {
        zone "ai-tools.rpz"
            policy given
            min-update-interval 60;
    };
};

// /etc/bind/named.conf.local — define the RPZ zone
zone "ai-tools.rpz" {
    type master;
    file "/etc/bind/zones/ai-tools.rpz.db";
    allow-query { none; };
    allow-transfer { 10.0.0.0/8; };  // Allow transfer to secondary DNS
};

RPZ Zone File

; /etc/bind/zones/ai-tools.rpz.db
; AI Tools Blocklist — Response Policy Zone
; Generated from feeds.aitoolsblocklist.com

$TTL 300
@  IN  SOA  localhost. admin.localhost. (
        2026070901  ; Serial (YYYYMMDDNN)
        3600        ; Refresh
        600         ; Retry
        86400       ; Expire
        60          ; Minimum TTL
)
@  IN  NS   localhost.

; Block AI tool domains — CNAME . returns NXDOMAIN
; Use CNAME to a block-page host for user-facing notification

openai.com              IN CNAME .
*.openai.com            IN CNAME .
claude.ai               IN CNAME .
*.claude.ai             IN CNAME .
anthropic.com           IN CNAME .
*.anthropic.com         IN CNAME .
midjourney.com          IN CNAME .
*.midjourney.com        IN CNAME .
gemini.google.com      IN CNAME .
jasper.ai               IN CNAME .
*.jasper.ai             IN CNAME .
writesonic.com          IN CNAME .
copy.ai                 IN CNAME .
; ... 16,024+ domains total

Each blocked domain gets a CNAME pointing to "." (dot), which tells BIND to return NXDOMAIN. To redirect to an internal block page instead, replace "." with your block-page FQDN (e.g., block.internal.example.com.).

Wildcard Defense in Depth

Wildcard entries (*.openai.com) catch subdomains like chat.openai.com, api.openai.com, and platform.openai.com. Our feed includes apex domains and common subdomains, but wildcards defend against subdomains we have not yet cataloged.

After updating the zone file, reload BIND with rndc reload ai-tools.rpz. Remember to increment the serial number in the SOA record — our automation script handles this automatically.

dnsmasq

dnsmasq: Lightweight DNS Blocking with Address Directives

dnsmasq is the DNS forwarder and DHCP server found in most consumer routers, OpenWrt installations, and lightweight Linux gateways. Its address= directive maps a domain and all subdomains to a sinkhole IP, blocking them for every client.

Performance Note

Loading 16,024+ address directives increases dnsmasq's startup time and memory usage. Use the conf-dir directive to load entries from a separate file, keeping the main configuration clean.

# /etc/dnsmasq.conf — include AI blocklist directory
# Add this line to your main dnsmasq configuration
conf-dir=/etc/dnsmasq.d/,*.conf

# /etc/dnsmasq.d/ai-blocklist.conf — generated from AI Tools Blocklist
# Each address= directive blocks the domain and all subdomains
address=/openai.com/0.0.0.0
address=/claude.ai/0.0.0.0
address=/anthropic.com/0.0.0.0
address=/midjourney.com/0.0.0.0
address=/gemini.google.com/0.0.0.0
address=/jasper.ai/0.0.0.0
address=/copy.ai/0.0.0.0
address=/writesonic.com/0.0.0.0
address=/replika.com/0.0.0.0
address=/character.ai/0.0.0.0
# ... 16,024+ domains total

# Optional: log blocked queries for monitoring
log-queries
log-facility=/var/log/dnsmasq-blocked.log

Key Advantages

Automatic subdomain blockingaddress=/openai.com/0.0.0.0 blocks openai.com and all subdomains
Compact configuration — No explicit wildcard entries needed (unlike Unbound or BIND)
OpenWrt compatible — Place blocklist in /tmp/dnsmasq.d/ and add conf-dir=/tmp/dnsmasq.d/
Simple reload/etc/init.d/dnsmasq restart or service dnsmasq restart
Comparison

Choosing the Right DNS Platform

Every platform blocks AI domains effectively. The differences are in management interface, scalability, and advanced features.

Pi-hole

Best for: Home labs, small offices, teams that want a visual dashboard. Web-based adlist management. Gravity-based blocklist compilation. Group management for per-client policies. Most community documentation and examples available.

AdGuard Home

Best for: Modern deployments needing DoH/DoT, built-in HTTPS filtering, and a polished UI. Supports filtering rule syntax for fine-grained control. DNS rewrites for custom block-page redirects. Single-binary deployment.

Unbound

Best for: Organizations already running Unbound as their recursive resolver. No additional software required. Include-file approach keeps configuration modular. DNSSEC validation out of the box. Low memory overhead.

BIND (RPZ)

Best for: Enterprise environments with existing BIND infrastructure. RPZ is the industry standard for DNS policy. Supports zone transfers for multi-server replication. Wildcard entries, CNAME redirects, and granular logging built in.

dnsmasq

Best for: Routers, embedded devices, OpenWrt, and lightweight gateway deployments. Simplest configuration syntax. Automatic subdomain blocking with address= directives. Ideal when you cannot install additional software on the network gateway.

Other Resolvers

Our plain-text domain list (one domain per line) works with any DNS resolver or filtering proxy that supports blocklist imports. PowerDNS Recursor, Knot Resolver, CoreDNS, Technitium DNS Server — all can consume a flat domain list.

Automation

Automated Updates: Keep Your DNS Blocklist Current

A static blocklist decays fast. Our pipeline classifies approximately 300,000 newly registered domains every day, adding identified AI tools to the feed within the same 24-hour cycle.

Stale Lists = Policy Gaps

If your resolver is still using last month's list, hundreds of new AI-tool domains are resolving normally and your users can reach them without restriction.

Pi-hole and AdGuard Home handle updates natively via their built-in filter refresh interval. For Unbound, BIND, and dnsmasq, use a cron job that downloads the latest list, writes it to the resolver's config directory, and reloads.

#!/bin/bash
# /usr/local/bin/update-ai-blocklist.sh
# Daily update script for DNS-based AI domain blocking
# Supports Unbound, BIND RPZ, and dnsmasq

API_KEY="YOUR_API_KEY"
BASE_URL="https://feeds.aitoolsblocklist.com/v1/domains"
LOG="/var/log/ai-blocklist-update.log"
DATE=$(date +"%Y-%m-%d %H:%M:%S")

echo "[$DATE] Starting AI blocklist update" >> "$LOG"

# Detect which resolver is running
if systemctl is-active --quiet unbound; then
    FORMAT="unbound"
    DEST="/etc/unbound/ai-blocklist.conf"
    RELOAD="systemctl reload unbound"
elif systemctl is-active --quiet named; then
    FORMAT="rpz"
    DEST="/etc/bind/zones/ai-tools.rpz.db"
    RELOAD="rndc reload ai-tools.rpz"
elif systemctl is-active --quiet dnsmasq; then
    FORMAT="dnsmasq"
    DEST="/etc/dnsmasq.d/ai-blocklist.conf"
    RELOAD="systemctl restart dnsmasq"
else
    echo "[$DATE] ERROR: No supported resolver detected" >> "$LOG"
    exit 1
fi

# Download the latest blocklist in the correct format
TEMP=$(mktemp)
HTTP_CODE=$(curl -s -w "%{http_code}" -o "$TEMP" \
  "${BASE_URL}?format=${FORMAT}&key=${API_KEY}")

if [ "$HTTP_CODE" -eq 200 ]; then
    COUNT=$(wc -l < "$TEMP")
    mv "$TEMP" "$DEST"
    chmod 644 "$DEST"
    eval "$RELOAD"
    echo "[$DATE] SUCCESS: Updated $DEST with $COUNT entries, reloaded $FORMAT" >> "$LOG"
else
    rm -f "$TEMP"
    echo "[$DATE] ERROR: Download failed with HTTP $HTTP_CODE" >> "$LOG"
    exit 1
fi
# Add to crontab: run daily at 3:00 AM
0 3 * * * /usr/local/bin/update-ai-blocklist.sh

# Make the script executable
chmod +x /usr/local/bin/update-ai-blocklist.sh

# Test the script manually before enabling the cron job
sudo /usr/local/bin/update-ai-blocklist.sh
tail -5 /var/log/ai-blocklist-update.log

High-Availability Best Practices

Run the update script on the primary server only
Replicate to secondaries via BIND AXFR zone transfers or Ansible/Puppet
Always download to a temp file first, then validate (HTTP 200, non-empty)
Only overwrite the live config after validation — prevents a failed download from blanking your blocklist
Monitoring

Monitoring and Reporting: Track What Gets Blocked

Blocking AI tools is only half the job. You also need to prove to your CISO and compliance team that the blocks are working — and identify which users generate the most blocked queries.

Pi-hole

Built-in dashboard with query log, long-term statistics, and per-client breakdowns. Filter by sinkholed address (0.0.0.0) to isolate AI blocks.

AdGuard Home

Similar dashboard with query log and statistics. Clean visualization of blocked vs. allowed queries over time.

Unbound / BIND / dnsmasq

Forward DNS logs to a SIEM (Splunk, Elastic, Graylog) for centralized analysis, dashboards, and alerting.

1

Enable Query Logging

Turn on query logging on your resolver. Pi-hole and AdGuard Home log by default. For Unbound, set log-queries: yes. For BIND, configure a query log channel. For dnsmasq, add log-queries to the configuration file.

2

Filter for Blocked Queries

Identify blocked queries by their response: 0.0.0.0, NXDOMAIN, or the sinkhole IP. In BIND RPZ, look for "QNAME policy" entries in the log. In dnsmasq, filter for lines containing your blocked addresses. Aggregate by client IP and domain for reporting.

3

Forward to SIEM

Ship DNS logs to your SIEM for centralized analysis. Build dashboards showing top blocked AI domains, top users attempting AI access, and trend lines over time. Most SIEMs have pre-built parsers for BIND, Unbound, and dnsmasq log formats.

4

Generate Compliance Reports

Create weekly or monthly reports showing total AI-tool queries blocked, unique domains encountered, unique clients attempting access, and any new AI domains discovered. These reports satisfy audit requirements and demonstrate control effectiveness to management.

Our REST API lets you enrich DNS log entries with category, subcategory, and confidence score — turning a raw "blocked openai.com" log line into a structured event with risk tier and classification data.

Bypass Prevention

Preventing DNS Bypass: DoH, DoT, and Hardcoded Resolvers

DNS-level blocking only works if clients use your DNS resolver. A technically sophisticated user can configure a public resolver (8.8.8.8, 1.1.1.1) or enable DNS-over-HTTPS in their browser.

This Is Not Theoretical

Firefox and Chrome both support DoH, and some configurations enable it by default. Without mitigation, users can bypass your sinkhole entirely.

Mitigation Checklist

Block outbound DNS — Firewall rule blocking TCP/UDP port 53 to any destination except your internal resolver
Block DoH/DoT endpoints — Block outbound traffic to known public DoH/DoT servers or inspect at your HTTPS proxy
Enforce corporate DNS — Use Group Policy (Windows) or configuration profiles (macOS) to set the resolver
Disable browser DoH — Chrome: DnsOverHttpsMode: off. Firefox: return NXDOMAIN for use-application-dns.net

Windows (Group Policy)

Enforce the corporate DNS server via GPO and disable DoH in Chrome using the DnsOverHttpsMode enterprise policy.

macOS (Configuration Profile)

Deploy a configuration profile via MDM to lock DNS settings. Firefox respects the use-application-dns.net canary domain to auto-disable DoH.

Our Firewall Admin Guide covers these bypass-prevention firewall rules in detail.

Ready to Block AI Tools at the DNS Layer?

Tell us which DNS platform you run. We will send the blocklist in the exact format your resolver expects — ready to deploy in under five minutes.

Download Free Sample View Plans

Request DNS Blocklist Access

Specify your DNS platform (Pi-hole, AdGuard Home, Unbound, BIND, dnsmasq) and network size. We will provide the feed URL and format guide within 24 hours.