Block Ads With the Hosts File (2026)

Ads and trackers are ubiquitous on the modern web. While browser extensions like uBlock Origin do an excellent job, the hosts file offers a more radical solution: blocking unwanted domains at the system level, before they even reach your browser.

How to block ads with the hosts file

To block ads with the hosts file, add a curated blocklist that points ad and tracker domains to 0.0.0.0:

1. Open the hosts file as administrator (sudo nano /etc/hosts on Mac/Linux, Notepad as admin on Windows). 2. Add entries like 0.0.0.0 ads.example.com, or paste a maintained blocklist (e.g. StevenBlack hosts). 3. Save the file. 4. Flush DNS so the changes take effect immediately. 5. Reload a page to confirm ad domains no longer load.

Recommended blocklists, maintenance tips, and limits are covered below.

Why use the hosts file to block?

System-level blocking

Unlike browser extensions that only protect the browser, hosts file blocking works for all applications on your Mac:

• Browsers (Chrome, Safari, Firefox)
• Native applications
• Electron apps
• Games with built-in ads

Advantages over extensions

Performance Extensions analyze each request in real-time. The hosts file blocks before the request is even made.

Privacy No third-party extension has access to your browsing. Blocking is 100% local.

Reliability No extension updates to manage, no conflicts with blocker detectors.

What you can block

• Ads: banners, popups, pre-roll videos
• Trackers: Google Analytics, Facebook Pixel
• Malware: known malicious domains
• Telemetry: data collection by applications
• Crypto-miners: mining scripts

If you're not yet familiar with the hosts file, check out our complete guide to the hosts file first.

How blocking works

When you add an entry like:

0.0.0.0    ads.example.com

You're telling your system: "When someone requests ads.example.com, return address 0.0.0.0 instead of the real IP".

The address 0.0.0.0 is non-routable. The connection fails instantly.

0.0.0.0 vs 127.0.0.1

0.0.0.0 (recommended)

• Fails immediately
• No connection attempt
• Faster

127.0.0.1 (localhost)

• Attempts a local connection
• Can create a delay

The best blocklists

Steven Black's Hosts (Recommended)

The reference for consolidated hosts lists.

URL: github.com/StevenBlack/hosts

Contents:

• Base version: ~60,000 domains (ads + malware)
• Extended versions available
• Regularly updated

Other popular lists

Dan Pollock's hosts

• URL: someonewhocares.org/hosts/
• About 14,000 domains
• Maintained for 20+ years

Energized Protection

• URL: github.com/EnergizedProtection/block
• Ultra-complete versions (up to 1M+ domains)

Setting up a blocklist

Manual method

1. Download the list

curl -o ~/Downloads/hosts https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts

2. Back up your current hosts file

sudo cp /etc/hosts /etc/hosts.backup

3. Merge the files

cat /etc/hosts.backup ~/Downloads/hosts | sudo tee /etc/hosts > /dev/null

4. Flush DNS cache

sudo dscacheutil -flushcache && sudo killall -HUP mDNSResponder

For more details on DNS flushing, check our complete guide to flushing DNS on Mac.

With Locahl

1. Download the list 2. Use the import function 3. Enable/disable individually 4. Automatic DNS flush

Safe setup workflow

Do not replace your entire hosts file blindly. A safe setup keeps system entries, your project mappings and blocklist entries separated.

Recommended file structure

# System defaults
127.0.0.1 localhost
::1       localhost

# Local development
127.0.0.1 myproject.test
127.0.0.1 api.myproject.test

# Ad/tracker blocking
0.0.0.0 ads.example.com
0.0.0.0 tracker.example.com

This makes rollback easier. If a blocklist breaks a site, you can inspect only the blocking section instead of scanning your local development mappings too.

Before importing a list

• Back up /etc/hosts.
• Keep your custom entries in a separate file.
• Start with one conservative list.
• Avoid importing several huge lists on day one.
• Flush DNS and restart affected apps after the import.

Backup command:

sudo cp /etc/hosts /etc/hosts.backup.$(date +%Y%m%d)

Choosing the right blocklist size

Blocklists come in different levels of aggressiveness.

Small lists

Best for people who want low maintenance. They block common ad and malware domains but rarely break websites.

Use a small list if:

• You work with many client dashboards.
• You use payment, analytics or marketing tools daily.
• You do not want to troubleshoot false positives often.

Medium lists

Best default for technical users. Steven Black's standard list is a good example: broad enough to matter, conservative enough for daily use.

Use a medium list if:

• You want noticeable blocking.
• You can troubleshoot occasional false positives.
• You want a good balance between privacy and usability.

Aggressive lists

Useful for locked-down environments, kiosks or strict focus setups. They can block telemetry, social domains, tracking, adult content or gambling.

Use with care. Aggressive lists can break login flows, embedded media, comment systems, checkout pages and corporate SaaS apps.

How to test whether blocking works

After installing a blocklist, test at three levels.

System resolution

dscacheutil -q host -a name ads.example.com
ping ads.example.com

Blocked domains should resolve to 0.0.0.0, 127.0.0.1 or fail immediately depending on the list.

Browser cache

Browsers may cache the old result. In Chrome:

• Open chrome://net-internals/#dns.
• Click "Clear host cache".
• Open chrome://net-internals/#sockets.
• Flush socket pools.

Application behavior

Test apps that showed ads before. Hosts blocking works outside the browser too, but some apps use first-party domains that cannot be blocked without breaking the service.

Updating blocklists

A stale blocklist loses value over time. New tracker domains appear constantly, and old false positives get fixed upstream.

For most users, updating weekly or monthly is enough. Daily updates are usually unnecessary unless you manage a security-focused environment.

A safer update script should:

• Keep custom entries.
• Download the new list.
• Validate that the file is not empty.
• Create a backup.
• Replace the hosts file.
• Flush DNS.

If you use Locahl, keep imported lists separate from custom project entries so you can update one without touching the other.

Handling false positives

Aggressive blocking can sometimes break legitimate sites.

Common symptoms

• Images not loading
• Login buttons not working
• Videos not playing
• Payment errors

Identifying the problematic domain

1. Open DevTools (F12 or Cmd+Option+I) 2. "Network" tab 3. Filter by "blocked" or look for errors

Unblocking a domain

In the hosts file, comment out the line:

# 0.0.0.0    necessary-domain.com

Optimization for large lists

Automatic update script

#!/bin/bash
BACKUP=/etc/hosts.custom
BLOCKLIST=https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts

# Save custom entries
sudo head -50 /etc/hosts > $BACKUP

# Download and merge
curl -s $BLOCKLIST | cat $BACKUP - | sudo tee /etc/hosts > /dev/null

# Flush DNS
sudo dscacheutil -flushcache && sudo killall -HUP mDNSResponder

echo "Hosts file updated!"

Blocking limitations

What it doesn't block

First-party ads Ads served from the same domain as content (e.g., YouTube) can't be blocked without blocking the entire service.

Dynamic content Constantly changing domains can escape blocking.

Recommended complements

• Pi-hole: Filtering DNS for your entire network
• Little Snitch: Application firewall for Mac
• NextDNS: Cloud filtering DNS

Hosts file vs Pi-hole vs extensions

Use the hosts file when you want system-wide blocking on one Mac. Use Pi-hole when you want network-wide filtering for many devices. Use uBlock Origin when you need cosmetic filtering inside the browser.

They work well together:

• Hosts file for local machine rules.
• Pi-hole for home or office devices.
• Browser extension for page-level cleanup.

For a detailed comparison, read Pi-hole vs hosts file.

Rollback plan

If something goes wrong, restore your backup:

sudo cp /etc/hosts.backup /etc/hosts
sudo dscacheutil -flushcache && sudo killall -HUP mDNSResponder

Then clear browser DNS cache if the site remains broken.

Specific use cases

Basic parental control

0.0.0.0    facebook.com
0.0.0.0    www.facebook.com
0.0.0.0    instagram.com
0.0.0.0    tiktok.com

Focused work environment

0.0.0.0    twitter.com
0.0.0.0    reddit.com
0.0.0.0    youtube.com

Block telemetry

0.0.0.0    telemetry.microsoft.com
0.0.0.0    ic.adobe.io

Conclusion

The hosts file is a powerful tool for blocking ads, trackers, and malicious domains at system level. While more modern solutions exist (Pi-hole, NextDNS), the simplicity of the hosts file makes it an effective first line of defense.

For comfortable management of these thousands of entries, a tool like Locahl lets you import lists and enable/disable individual blocks.