Blocky

Blocky is an open-source DNS proxy and ad-blocker designed for local networks. It intercepts and filters DNS queries using external blocklists and per-client rules while offering modern DNS protocol support and metrics for observability.

Key Features

• DNS blocking using external allow/deny lists (ad, malware) with periodic reloads and regex support
• Per-client-group allow/deny lists and upstream resolver configuration (e.g., groups for kids or IoT devices)
• Deep CNAME inspection and response-IP blocking against IP lists
• Supports DNS over UDP/TCP, DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT); DNSSEC validation supported
• Configurable caching, prefetching and multi-upstream resolution for improved performance and low memory footprint
• Stateless single-binary architecture with multi-architecture Docker images and community Helm chart for Kubernetes
• Prometheus metrics exposure and prepared Grafana dashboards; logging to CSV or SQL backends (MySQL/MariaDB/PostgreSQL/Timescale)
• REST API endpoints and CLI tooling for operational tasks

Use Cases

• Network-wide ad and tracker blocking for home or small office networks with per-device rules
• Parental control and device grouping to apply different filtering policies (e.g., kids vs. smart devices)
• Deploy as a lightweight cluster or edge DNS resolver (Docker or Kubernetes) with observability via Prometheus/Grafana

Limitations and Considerations

• No official built-in web administration UI; management is primarily via YAML configuration, CLI and REST API, and third-party UIs exist separately
• Stateless design means dynamic persistent storage of runtime changes (e.g., centrally editable blocklists) requires external tooling or orchestration to synchronize across instances

Blocky focuses on simplicity, performance and transparency for DNS filtering and observability. It is designed to be integrated into existing tooling and monitoring stacks for operational management.