How do I block .zip and .mov top-level domains

Since this would require a DNS lookup each time, just would one go about doing this? How would you do it without blocking every .zip, or .mov file extension?

You can setup your own openDNS (as example on your router) and apply filtering.

It’s highly possible I’m misunderstanding the goal.

A .mov file is a video format type file, made popular by the fruit company :+1:

A .zip type contains one or more files in a compressed format.

Two completely different file types with an uncommon focus.

Are you trying to avoid some sort of automagic download of these two file types (maybe you’ve clicked on a URL that results in a download)??

My first thought was, “add the domain with the IP of “” to the “/etc/hosts” file”, but you obviously need to know the domain beforehand … plus, everything on that domain will be blocked.

I have thousands of domain entries in my hosts file to block ads, and nefarious and unwanted sites.

ICANN just released new top-level domains. Two in particular are already being used for nefarious reasons by hackers. .zip and .mov being the two that are being discussed.

Yes, I am aware that they conflict with file types and that is the cause of the uproar about this.

My Ubiquity router does not give me the option to do this. I really cannot afford to setup another PC just to run as a DNS server in my home.

The main problem comes with doing something such as blocking


And then any url with a .zip at the end of a file name would also be blocked.

1 Like

Sorry, I had to figure out a way to get it to stop removing the asterisk from the url.

Say I am doing in the /etc/hosts file, would putting a / at the end work? Such as… http://*.zip/ https://*.zip/

Any thoughts?

I would guess that is mainly a risk for Windows users, due to the way that Windows uses file types. I would not expect it to help with hacking linux systems.

OK. Never mind the question.

Unfortunately, no way to block *.xxx file type using the hosts file (unless you know the sub-domain).

So I did some quick research to aquaint myself with the zip and mov thing.

Not sure if these links are helpful … the last one would be for Edge browsers. The first was basically for me to understand the situation.


I do appreciate the help here. :grinning:

So the asterisk wildcard doesn’t work in the hosts file?

I don’t have a windows machine sitting here at the moment to worry about. I do realize that it not that big a deal for Linux and not that big a deal for techie types on Windows, but most folks I know have zero technical knowledge.

I was really hoping for a way to do it in the firewall, and be able to do that on other people’s PCs for them. None of them run Linux by the way.

1 Like

You can use pi hole in a docker - that does not require a separate PC.

It is used to block spy ware and ad sites.

1 Like

Thank you. I was really hoping for a simpler way that could also be done on other PCs when I work on them. That’s why I was hoping for a way in the firewall or the hosts file.

Did you read the man page?

Yes, I have and it shows nothing about wildcards.

Well, that then answers your question.

And not only that, it told you that entries like http://*.zip/

are also not allowed because

Host names may contain only alphanumeric characters, minus signs (“-”), and periods (“.”). They must begin with an alphabetic character and end with an alphanumeric character.

which means that : , / and * are forbidden in the syntax.

And the semantics require a hostname, where you try to put something that looks like an URL.

Well, thank you. That helps.

Since there is no solution to my problem and it would only serve as a distraction to anyone who might stumble upon it, feel free to remove the thread, or mark it as such.

I only replied to your usage and question about /etc/hosts.

About your original problem I have no idea. I do not understand what it is about. Some in the thread talk about top-level-domains, others talk about file name suffixes. Rather confusing.

The name of the thread is about blocking top level domains. There are now two new top level domains named .mov and .zip and these are already being used to hack people. The reason they are being used as such, is due to the fact that they match file extensions and confuse non-tech users.

I am not sure why the people that created these domain names thought it would be a good idea, but maybe we can come up with a way to combat the insanity.

1 Like

I think you must specify more precise what you mean with “block” and what to block where. Then that may hint on where and how to do this “blocking”.

Block seems pretty self descriptive.

Block as in block an entire section of the web that uses the .mov or .zip top level domain, so that it is not accessible by the computer user. That was why I was curious as to using a wildcard. I brought up the topic here, because we have some very intelligent people who are good at problem solving.

Not sure if this software will let me post a link.