More

dominis · 2025-08-23T16:42:47 1755967367

I had the same problem, browser extensions weren't enough, and I wanted something system-wide. So I built Sinkzone [1], a DNS tool that blocks everything unless allowlisted. It’s open-source and works across OSs. Thought it might be helpful if you're looking beyond NextDNS.

[1] https://github.com/berbyte/sinkzone

dominis · 2025-08-06T18:53:22 1754506402

Thank you for the idea, I've created an issue: https://github.com/berbyte/sinkzone/issues/1

dominis · 2025-08-06T17:36:50 1754501810

dominis · 2025-08-06T17:35:57 1754501757

I'm not familiar with this project, just checked their GitHub Readme and if I understand correctly they block what you want them to block. Sinkzone does the opposite, it allows what you want to allow, and blocks everything else.

q2dg · 2025-08-06T17:55:08 1754502908

Well, you can block everything using a wildcard blocking rule (for that, go to "Filters → DNS blocklists" and add this custom rule: ||*^ ) and then you can allow the domain (and subdomains, if needed, for instance "everything.ycombinator.com"; for that, go to "Filters → Allowlist" and add this: @@||ycombinator.com^ )

ameshkov · 2025-08-06T18:46:40 1754506000

Alternatively, you can do something like this: *$denyallow=example.org|example.com

Blocks everything except example.org and example.com.

Works in AdGuard Home, AdGuard DNS or any other AG product with DNS filtering capabilities: https://adguard-dns.io/kb/general/dns-filtering-syntax/

dominis · 2025-08-06T17:30:56 1754501456

I'm planning to address the issue for phones as well in the future.

mlhpdx · 2025-08-06T18:49:52 1754506192

I built a DNS resolver on Proxylity[1] as a demo but it didn’t occur to me that block by default was a use case. I might have to add that.

My suggestion: Allow by ASN would be a clean (simple) way to get all of Google, etc., allowed at once.

[1] https://github.com/proxylity/examples/tree/main/dns-filter

dominis · 2025-08-06T17:29:54 1754501394

I've used https://github.com/StevenBlack/hosts myself for a few years, I think this is a fantastic collection for hosts based blocking.

dominis · 2025-08-06T17:01:48 1754499708

You can configure your upstream resolvers in the config, so I think Sinkzone can be placed in front of your VPN's resolver. I never tested this to be honest.

dominis · 2025-08-06T16:42:52 1754498572

It's on my list :)

dominis · 2025-08-06T16:35:09 1754498109

Hey Eszpee, Thanks for checking Sinkzone out. I'm thinking about building custom schedules in the next iteration, that would support some basic pomodoro style scheduling for sure.

dominis · 2025-08-06T16:32:16 1754497936

I wanted to build my tool because eventually I want to support multi-tenancy. Custom allowlists and schedules for all family members.