© 2021 www.richardwalz.com
Richard Walz
All rights reserved.

Block or Sinkhole a Wildcard Domain in Windows DNS

We are going to block the domain facebook.com via Windows DNS. A text tutorial and video guide have been posted for your viewing. You can sinkhole the domain to a null address like 127.0.0.1 however in our case we are going to send the DNS Requests to 192.168.1.58 for tracking.

  • Open up Windows DNS Manager
  • Right click on Forward Lookup Zones and select a “New Zone”.
  • Select “Primary Zone” then click next.
  • Select the option that best suits your environment, for me I just wanted to apply this to my end user domain “cloudrigs”.
  • We are going to block “facebook.com”
  • Click “Next”
  • Click “Finish”
  • Now, we are going to add 2 “A Host” entry records to cover the root domain and the subdomains for Facebook.com.
  • Start by right clicking on “facebook.com” and select “New Host”
  • Entry 1 – Wildcard for all subdomains of *.facebook.com
    • Name: *
    • IP Address: 192.168.1.58
    • Click “Add Host”
  • Entry 2 – Root Domain of facebook.com
    • Name:
    • IP Address: 192.168.1.58
    • Click “Add Host”
  • You will now have 2 “A Host” entries shown below
  • When your users try to access facebook.com or any of the subdomains under *.facebook.com your users will now be denied and will not be able to reach this page.