# Blocking .zip domains with DNS proxy

## Background

[https://www.youtube.com/watch?v=V82lHNsSPww](https://www.youtube.com/watch?v=V82lHNsSPww)

## Use Mikrotik DNS proxy for blocking

The code snippet below will cause a Mikrotik DNS proxy to return 127.255.255.127 for all .zip domains, including all subdomains.

```shell
/ip dns static
add address=127.255.255.127 comment="block access to all .zip domains" regexp=".+\\.zip\$" ttl=10s
```

The requirement for this to work of course is that all of the hosts on the network only source their DNS through the Mikrotik DNS proxy.

\#end