How to Use the Hosts File to Block Tracking Domains on Windows

What Causes This?

Windows uses the hosts file to map domain names to IP addresses before it asks DNS servers for an answer. By adding known telemetry, ad, or tracking domains to this file and pointing them to 127.0.0.1 or 0.0.0.0, you can block those connections locally on your PC. The problem is that the file is protected, easy to edit incorrectly, and some apps or updates may overwrite changes or ignore a few blocked domains if they use hardcoded IPs or encrypted DNS methods.

Common Symptoms

• Certain ads, telemetry endpoints, or tracking services stop loading
• Some apps or websites behave oddly after adding block entries
• You get an “Access denied” or “You don’t have permission” error when saving the file
• Changes do not seem to work until DNS cache is cleared
• The hosts file keeps getting reset or modified by another program

How to Fix It Manually

1. Open Notepad as administrator

   • Click Start, type Notepad
   • Right-click Notepad and choose Run as administrator
   • Click Yes if Windows asks for permission

2. Open the hosts file

   • In Notepad, click File > Open
   • Go to: C:\Windows\System32\drivers\etc
   • In the file type dropdown, change Text Documents (*.txt) to All Files
   • Select hosts and click Open

3. Add tracking domains you want to block

   • At the bottom of the file, add entries like these:

     0.0.0.0 example-tracker.com
     0.0.0.0 ads.example.com
     127.0.0.1 telemetry.example.net

   • Use one domain per line
   • Do not add http://, https://, slashes, or extra punctuation
   • If you want to keep notes, start the line with #

4. Save the file correctly

   • Click File > Save
   • If you get a permission error, confirm you opened Notepad as administrator
   • Make sure the file is still named hosts with no .txt extension

5. Clear the DNS cache

   • Press Win+S, type cmd
   • Right-click Command Prompt and choose Run as administrator
   • Run:

     ipconfig /flushdns

   • You should see a message saying the DNS Resolver Cache was flushed

6. Test whether the block is working

   • Open your browser and visit a site or app that normally contacts the blocked domain
   • If needed, restart the browser or the app
   • You can also test in Command Prompt with:

     ping example-tracker.com

     If the hosts entry is being used, it should resolve to 127.0.0.1 or fail locally

7. Undo or troubleshoot if something breaks

   • Reopen the hosts file and remove the line you added
   • Save the file and run ipconfig /flushdns again
   • If the file keeps changing, check whether a security tool, browser extension, VPN, or privacy app is managing it

Manual editing works, but be careful: blocking the wrong domain can break sign-in pages, app updates, sync features, or embedded content on websites. It is best to add entries gradually and test after each change instead of pasting a huge list all at once.

Fix It Automatically with Kudu

Kudu can help detect privacy-related Windows settings, unnecessary background connections, and system issues that make manual blocking harder to manage. Instead of editing protected files by hand and troubleshooting DNS problems yourself, Kudu gives you a simpler way to improve privacy and reduce unwanted system noise safely.

Download Kudu Free →