DNS Proxywall blocking does not take effect right away

Problem Description

After adding a blocking rule to DNS Proxywall, the blocked website can still be accessed with a web browser.

Analysis of the Issue

DNS Proxywall operates on the DNS traffic that flows between the DNS client and the DNS server.

1. Windows has the following features that affect filtering by DNS Proxywall:
   • Files that directly specify the DNS-name-to-IP-address mapping: c:\Windows\system32\drivers\etc\hosts and c:\Windows\system32\drivers\etc\lmhosts
   • A global DNS cache that resolves domain and website names to IP addresses without sending requests to remote DNS servers for previously resolved DNS names.
2. Many web browsers use their own DNS caches.
3. Some web browsers use DNS over HTTPS, which prevents the inspection and blocking of DNS traffic.

Solution

1. Instead of using c:\Windows\system32\drivers\etc\hosts for direct DNS-name-to-IP-address mapping, use the Permanent Host Address Table of DNS Proxywall.

2. All DNS caches in Windows and web browsers should be cleared.

• To clear the Windows DNS cache, run the following command from the command line: "ipconfig.exe /flushdns"

• To clear DNS cache within Chrome: Navigate to "chrome://net-internals/#dns"

• To clear DNS cache within Firefox: Navigate to "about:networking#dns"

• To clear the DNS cache in Safari:
  a) Enable the hidden Develop menu by navigating to the menu Safari->Preferences, then select the Advanced tab, and check Show Develop menu in menu bar.
  b) Click the menu item Develop->Empty Caches.

For more details on clearing DNS caches, see: https://geekflare.com/clear-dns-cache-on-windows-chrome-firefox-and-safari/

3. Instead of using the DNS over HTTPS protocol, consider other solutions that would allow DNS traffic to be inspected and filtered by DNS Proxywall.

Last updated: Oct 16, 2025.