Question about zone override

[MarkDarwin]

I have a quick question regarding zone sinkholes and allow lists.

I’m trying to override a zone-wide sinkhole so that I can allow a single domain within the .ru TLD.
From my testing, it seems this might not be possible without manually maintaining my own record for that domain — is that correct?

What I’ve done so far

I’ve configured a zone that redirects all .ru domains to 0.0.0.0 — this part works as expected.

I’ve created an allow list file hosted on GitHub:
!https://raw.githubusercontent.com/MarkDarwin/dns-blocking/refs/heads/main/lists/allow-list.txt
(Note the ! indicating an allow entry.)

The file includes a line for acstuff.ru, but it still doesn’t resolve.

I also tried adding an explicit allow record for acstuff.ru, but that didn’t work either.

What did work

The only setup that worked was creating an explicit A record pointing acstuff.ru to 104.26.8.2

Question

Is this the only viable approach for allowing a single domain inside a sinkholed TLD zone? Or is there a way to make the allow list take precedence?

[ShreyasZare]

Thanks for asking. Its not working since you create a zone for .ru. A primary zone is authoritative and has high priority so when it says a subdomain name does not exists, its taken as the final answer.

If you wish to block all .ru domain names then simply block the ru domain name using block lists or just by adding it in the Blocked section on the admin panel. You can then add acstuff.ru in the Allowed section or using an allow list and only that specific domain name will resolve while the rest of the TLD is blocked.