The settings of uDomainFlag can be controlled by an organization administrator, allowing to force specific settings which are activated upon installation and cannot be changed by the user.

Install and configure using GPO

Import ADMX

To simplify the process of configuring browsers and allowing you to not only configure uDomainFlag, we can use ADMX templates provided by the browser vendors.
Attention: This will force the installation of uDomainFlag without the possibility for the user to disable the extension!

For Google Chrome, you can download the ADMX bundle at Google Chrome Enterprise Help > Set Chrome Browser policies on managed PCs.
For Microsoft Edge, you can download the ADMX bundle and Microsoft Edge for Business at Microsoft > Microsoft Edge for business.
For Mozilla Firefox, you can download the ADMX bundle from their GitHub repository at Mozilla > policy-templates.

To install the downloaded policies, place the extracted files (.admx files and the files within the locale-folder like en-US) into %systemroot%\PolicyDefinitions on your Domain Controller.

After that, open Group Policy Management and create a new Group Policy like Browsers - Microsoft Edge where you define your policies for the given browser.
For Google Chrome or Microsoft Edge navigate to Computer Configuration > Policies > Administrative Templates > Microsoft Edge > Extensions (or Google Chrome, depending on you policy) and select the option Control which extensions are installed silently.
Here, choose "Enabled" and within the "Show ..." dialog, enter the following line to force the installation of uDomainFlag:
Google Chrome:
Microsoft Edge:
Screenshot of GPO settings

Administrative policy settings

Navigate within the GPO to Computer Configuration > Preferences > Windows Settings > Registry and add registry keys according to your preferences.
For Google Chrome use SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\eklbfdpploakpkdakoielobggbhemlnm\policy as key path.
For Microsoft Edge use SOFTWARE\Policies\Microsoft\Edge\3rdparty\extensions\fbokifoifbpkgbonofeejgodpdafpkjb\policy as key path.

As Value use one of the possible settings mentioned below.
For example you can use as value "Secret" with the value data "75077cb5364d59e4b1c52f5cc6c1ade01745786fb58d0e99a61b847620c1a9b6". Every item uses the value type REG_SZ.

Administrative settings


The setting Server allows you to define the target backend server of uDomainFlag.
This way you can use your internal uDomainFlag backend server (relay, full server or your own custom server) to process requests.
Using an relay, you can use additional functions like data enrichment which is described below.
Default value: dfdata.bella.network | Possible values: any HTTPS enabled domain/IP with a valid certificate


This setting disables automatic fallback to alternative servers, if the configured destination server isn't reachable. With this option combined with Server you can prevent uDomainFlag connecting to the upstream servers.
Please note that a warning is shown to users that an administrator has set these settings.
Default value: false | Possible values: true | false


With Secret you can define an identifier which will be transmitted to the destination server to identify clients which are configured by you.
This allows you provide a public reachable server with enabled data enrichment, where only configured clients are able to request data.
Default value: empty | Possible values: any string - Prefer a random generated string, e.g. a SHA256 hash.


Using the option DisableCrashReports, crash reports and other errors within the application aren't sent to the error tracking server.
When crash reports are disabled, a user isn't able to activate it until the policy is removed. Please note that this setting limits my possibilities to improve the extension.
Default value: false | Possible values: true | false

On-Premises instance

The uDomainFlag extension can use a selfhosted instance instead of dfdata.bella.network which improves performance, adds privacy and allows you to enrich the data shown.
Please note that the following instances are currently in development. If you have interest in it, want to have a specific feature or want to test it, please contact me at thomas@bella.network.


This package provides a hybrid tool. If a new lookup is done by a user, dfrelay tries to answer the request using a local cache. If the domain/IP is new, the data will be looked up locally (data enrichment) and if no data was found, the upstream server dfdata.bella.network will be queued.
Using dfrelay, the following features can be used:
  • Internal server to serve uDomainFlag lookups
  • Cache requests of users for less data usage/faster responses
  • Only answer lookups from known clients (shared secret)
  • Enrich served data
    • Local DNS lookup against internal resolver
    • phpIPAM: Server description, contact person

You can find the configuration guide for dfrelay at ... (Coming Soon)