diff --git a/.travis.yml b/.travis.yml
index dda2f4d7..06b3ea2e 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -22,119 +22,119 @@ script:
   - env GOOS=windows GOARCH=386 go build
   - mkdir win32
   - ln dnscrypt-proxy.exe win32/
-  - ln dnscrypt-proxy.toml forwarding-rules.txt win32/
+  - ln dnscrypt-proxy.toml forwarding-rules.txt blacklist.txt win32/
   - zip -9 -r dnscrypt-proxy-win32-${TRAVIS_TAG:-dev}.zip win32
 
   - go clean
   - env GOOS=windows GOARCH=amd64 go build
   - mkdir win64
   - ln dnscrypt-proxy.exe win64/
-  - ln dnscrypt-proxy.toml forwarding-rules.txt win64/
+  - ln dnscrypt-proxy.toml forwarding-rules.txt blacklist.txt win64/
   - zip -9 -r dnscrypt-proxy-win64-${TRAVIS_TAG:-dev}.zip win64
 
   - go clean
   - env GOOS=openbsd GOARCH=386 go build
   - mkdir openbsd-i386
   - ln dnscrypt-proxy openbsd-i386/
-  - ln dnscrypt-proxy.toml forwarding-rules.txt openbsd-i386/
+  - ln dnscrypt-proxy.toml forwarding-rules.txt blacklist.txt openbsd-i386/
   - tar czpvf dnscrypt-proxy-openbsd_i386-${TRAVIS_TAG:-dev}.tar.gz openbsd-i386
 
   - go clean
   - env GOOS=openbsd GOARCH=amd64 go build
   - mkdir openbsd-amd64
   - ln dnscrypt-proxy openbsd-amd64/
-  - ln dnscrypt-proxy.toml forwarding-rules.txt openbsd-amd64/
+  - ln dnscrypt-proxy.toml forwarding-rules.txt blacklist.txt openbsd-amd64/
   - tar czpvf dnscrypt-proxy-openbsd_amd64-${TRAVIS_TAG:-dev}.tar.gz openbsd-amd64
 
   - go clean
   - env GOOS=freebsd GOARCH=386 go build
   - mkdir freebsd-i386
   - ln dnscrypt-proxy freebsd-i386/
-  - ln dnscrypt-proxy.toml forwarding-rules.txt freebsd-i386/
+  - ln dnscrypt-proxy.toml forwarding-rules.txt blacklist.txt freebsd-i386/
   - tar czpvf dnscrypt-proxy-freebsd_i386-${TRAVIS_TAG:-dev}.tar.gz freebsd-i386
 
   - go clean
   - env GOOS=freebsd GOARCH=amd64 go build
   - mkdir freebsd-amd64
   - ln dnscrypt-proxy freebsd-amd64/
-  - ln dnscrypt-proxy.toml forwarding-rules.txt freebsd-amd64/
+  - ln dnscrypt-proxy.toml forwarding-rules.txt blacklist.txt freebsd-amd64/
   - tar czpvf dnscrypt-proxy-freebsd_amd64-${TRAVIS_TAG:-dev}.tar.gz freebsd-amd64
 
   - go clean
   - env GOOS=dragonfly GOARCH=amd64 go build
   - mkdir dragonflybsd-amd64
   - ln dnscrypt-proxy dragonflybsd-amd64/
-  - ln dnscrypt-proxy.toml forwarding-rules.txt dragonflybsd-amd64/
+  - ln dnscrypt-proxy.toml forwarding-rules.txt blacklist.txt dragonflybsd-amd64/
   - tar czpvf dnscrypt-proxy-dragonflybsd_amd64-${TRAVIS_TAG:-dev}.tar.gz dragonflybsd-amd64
 
   - go clean
   - env GOOS=netbsd GOARCH=386 go build
   - mkdir netbsd-i386
   - ln dnscrypt-proxy netbsd-i386/
-  - ln dnscrypt-proxy.toml forwarding-rules.txt netbsd-i386/
+  - ln dnscrypt-proxy.toml forwarding-rules.txt blacklist.txt netbsd-i386/
   - tar czpvf dnscrypt-proxy-netbsd_i386-${TRAVIS_TAG:-dev}.tar.gz netbsd-i386
 
   - go clean
   - env GOOS=netbsd GOARCH=amd64 go build
   - mkdir netbsd-amd64
   - ln dnscrypt-proxy netbsd-amd64/
-  - ln dnscrypt-proxy.toml forwarding-rules.txt netbsd-amd64/
+  - ln dnscrypt-proxy.toml forwarding-rules.txt blacklist.txt netbsd-amd64/
   - tar czpvf dnscrypt-proxy-netbsd_amd64-${TRAVIS_TAG:-dev}.tar.gz netbsd-amd64
 
   - go clean
   - env GOOS=linux GOARCH=386 go build
   - mkdir linux-i386
   - ln dnscrypt-proxy linux-i386/
-  - ln dnscrypt-proxy.toml forwarding-rules.txt linux-i386/
+  - ln dnscrypt-proxy.toml forwarding-rules.txt blacklist.txt linux-i386/
   - tar czpvf dnscrypt-proxy-linux_i386-${TRAVIS_TAG:-dev}.tar.gz linux-i386
 
   - go clean
   - env GOOS=linux GOARCH=amd64 go build
   - mkdir linux-x86_64
   - ln dnscrypt-proxy linux-x86_64/
-  - ln dnscrypt-proxy.toml forwarding-rules.txt linux-x86_64/
+  - ln dnscrypt-proxy.toml forwarding-rules.txt blacklist.txt linux-x86_64/
   - tar czpvf dnscrypt-proxy-linux_x86_64-${TRAVIS_TAG:-dev}.tar.gz linux-x86_64
 
   - go clean
   - env GOOS=linux GOARCH=arm go build
   - mkdir linux-arm
   - ln dnscrypt-proxy linux-arm/
-  - ln dnscrypt-proxy.toml forwarding-rules.txt linux-arm/
+  - ln dnscrypt-proxy.toml forwarding-rules.txt blacklist.txt linux-arm/
   - tar czpvf dnscrypt-proxy-linux_arm-${TRAVIS_TAG:-dev}.tar.gz linux-arm
 
   - go clean
   - env GOOS=linux GOARCH=arm64 go build
   - mkdir linux-arm64
   - ln dnscrypt-proxy linux-arm64/
-  - ln dnscrypt-proxy.toml forwarding-rules.txt linux-arm64/
+  - ln dnscrypt-proxy.toml forwarding-rules.txt blacklist.txt linux-arm64/
   - tar czpvf dnscrypt-proxy-linux_arm64-${TRAVIS_TAG:-dev}.tar.gz linux-arm64
 
   - go clean
   - env GOOS=linux GOARCH=mips go build
   - mkdir linux-mips
   - ln dnscrypt-proxy linux-mips/
-  - ln dnscrypt-proxy.toml forwarding-rules.txt linux-mips/
+  - ln dnscrypt-proxy.toml forwarding-rules.txt blacklist.txt linux-mips/
   - tar czpvf dnscrypt-proxy-linux_mips-${TRAVIS_TAG:-dev}.tar.gz linux-mips
 
   - go clean
   - env GOOS=linux GOARCH=mips64 go build
   - mkdir linux-mips64
   - ln dnscrypt-proxy linux-mips64/
-  - ln dnscrypt-proxy.toml forwarding-rules.txt linux-mips64/
+  - ln dnscrypt-proxy.toml forwarding-rules.txt blacklist.txt linux-mips64/
   - tar czpvf dnscrypt-proxy-linux_mips64-${TRAVIS_TAG:-dev}.tar.gz linux-mips64
 
   - go clean
   - env GOOS=linux GOARCH=mips64le go build
   - mkdir linux-mips64le
   - ln dnscrypt-proxy linux-mips64le/
-  - ln dnscrypt-proxy.toml forwarding-rules.txt linux-mips64le/
+  - ln dnscrypt-proxy.toml forwarding-rules.txt blacklist.txt linux-mips64le/
   - tar czpvf dnscrypt-proxy-linux_mips64le-${TRAVIS_TAG:-dev}.tar.gz linux-mips64le
 
   - go clean
   - env GOOS=darwin GOARCH=amd64 go build
   - mkdir macos
   - ln dnscrypt-proxy macos/
-  - ln dnscrypt-proxy.toml forwarding-rules.txt macos/
+  - ln dnscrypt-proxy.toml forwarding-rules.txt blacklist.txt macos/
   - tar czpvf dnscrypt-proxy-macos-${TRAVIS_TAG:-dev}.tar.gz macos
 
   - ls -l dnscrypt-proxy-*.tar.gz dnscrypt-proxy-*.zip
diff --git a/dnscrypt-proxy/blacklist.txt b/dnscrypt-proxy/blacklist.txt
new file mode 100644
index 00000000..bcf7e7f6
--- /dev/null
+++ b/dnscrypt-proxy/blacklist.txt
@@ -0,0 +1,30 @@
+
+###########################
+#        Blacklist        #
+###########################
+
+## Rules for name-based query blocking, one per line
+##
+## Example of valid patterns:
+##
+## ads.*         | matches anything with an "ads." prefix
+## *.example.com | matches example.com and all names within that zone such as www.example.com
+## example.com   | identical to the above
+## *sex*         | matches any name containing that substring
+## ads[0-9]*     | matches "ads" followed by one or more digits
+## ads*.example* | *, ? and [] can be used anywhere, but prefixes/suffixes are faster
+
+ad.*
+ads.*
+banner.*
+banners.*
+creatives.*
+oas.*
+oascentral.*
+stats.*
+tag.*
+telemetry.*
+tracker.*
+*.local
+eth0.me
+*.workgroup
diff --git a/dnscrypt-proxy/common.go b/dnscrypt-proxy/common.go
index f67a3e6e..214651c2 100644
--- a/dnscrypt-proxy/common.go
+++ b/dnscrypt-proxy/common.go
@@ -4,6 +4,8 @@ import (
 	"encoding/binary"
 	"errors"
 	"net"
+	"strings"
+	"unicode"
 )
 
 type CryptoConstruction uint16
@@ -80,3 +82,18 @@ func StringReverse(s string) string {
 	}
 	return string(r)
 }
+
+func StringTwoFields(str string) (string, string, bool) {
+	if len(str) < 3 {
+		return "", "", false
+	}
+	pos := strings.IndexFunc(str, unicode.IsSpace)
+	if pos == -1 {
+		return "", "", false
+	}
+	a, b := strings.TrimFunc(str[:pos], unicode.IsSpace), strings.TrimFunc(str[pos+1:], unicode.IsSpace)
+	if len(a) == 0 || len(b) == 0 {
+		return a, b, false
+	}
+	return a, b, true
+}
diff --git a/dnscrypt-proxy/dnscrypt-proxy.toml b/dnscrypt-proxy/dnscrypt-proxy.toml
index 117d168d..2704413b 100644
--- a/dnscrypt-proxy/dnscrypt-proxy.toml
+++ b/dnscrypt-proxy/dnscrypt-proxy.toml
@@ -60,8 +60,8 @@ block_ipv6 = false
 ##################################################################################
 
 ## Example map entries (one entry per line):
-## example.com: 9.9.9.9
-## example.net: 9.9.9.9,8.8.8.8
+## example.com 9.9.9.9
+## example.net 9.9.9.9,8.8.8.8
 
 # forwarding_rules = "forwarding-rules.txt"
 
@@ -120,6 +120,7 @@ format = "tsv"
 ######################################################
 
 ## Blacklists are made of one pattern per line. Example of valid patterns:
+##
 ##   example.com
 ##   *sex*
 ##   ads.*
diff --git a/dnscrypt-proxy/forwarding-rules.txt b/dnscrypt-proxy/forwarding-rules.txt
index 3c04e9aa..5bbfc056 100644
--- a/dnscrypt-proxy/forwarding-rules.txt
+++ b/dnscrypt-proxy/forwarding-rules.txt
@@ -3,11 +3,11 @@
 ##################################
 
 ## This is used to route specific domain names to specific servers.
-## The general format is: <domain>: <server address> [, <server address>...]
+## The general format is: <domain> <server address> [, <server address>...]
 ## Adresses can be IPv4 and IPv6, and include a non-standard port number.
 
 ## In order to enable this feature, the "forwarding_rules" property needs to
 ## be set to that file name in the main configuration file.
 
-example.com: 9.9.9.9,8.8.8.8
+example.com     9.9.9.9,8.8.8.8
 
diff --git a/dnscrypt-proxy/plugin_block_name.go b/dnscrypt-proxy/plugin_block_name.go
index 1bfa1dca..55bd4f08 100644
--- a/dnscrypt-proxy/plugin_block_name.go
+++ b/dnscrypt-proxy/plugin_block_name.go
@@ -4,6 +4,7 @@ import (
 	"io/ioutil"
 	"path/filepath"
 	"strings"
+	"unicode"
 
 	"github.com/hashicorp/go-immutable-radix"
 	"github.com/jedisct1/dlog"
@@ -44,7 +45,7 @@ func (plugin *PluginBlockName) Init(proxy *Proxy) error {
 	plugin.blockedPrefixes = iradix.New()
 	plugin.blockedSuffixes = iradix.New()
 	for lineNo, line := range strings.Split(string(bin), "\n") {
-		line = strings.Trim(line, " \t\r\n")
+		line = strings.TrimFunc(line, unicode.IsSpace)
 		if len(line) == 0 || strings.HasPrefix(line, "#") {
 			continue
 		}
diff --git a/dnscrypt-proxy/plugin_forward.go b/dnscrypt-proxy/plugin_forward.go
index 074c4020..5d393c75 100644
--- a/dnscrypt-proxy/plugin_forward.go
+++ b/dnscrypt-proxy/plugin_forward.go
@@ -6,6 +6,7 @@ import (
 	"math/rand"
 	"net"
 	"strings"
+	"unicode"
 
 	"github.com/jedisct1/dlog"
 	"github.com/miekg/dns"
@@ -35,25 +36,18 @@ func (plugin *PluginForward) Init(proxy *Proxy) error {
 		return err
 	}
 	for lineNo, line := range strings.Split(string(bin), "\n") {
-		line = strings.Trim(line, " \t\r")
+		line = strings.TrimFunc(line, unicode.IsSpace)
 		if len(line) == 0 || strings.HasPrefix(line, "#") {
 			continue
 		}
-		parts := strings.SplitN(line, ":", 2)
-		if len(parts) == 0 {
-			continue
-		}
-		if len(parts) != 2 {
+		domain, serversStr, ok := StringTwoFields(line)
+		if !ok {
 			return fmt.Errorf("Syntax error for a forwarding rule at line %d. Expected syntax: example.com: 9.9.9.9,8.8.8.8", 1+lineNo)
 		}
-		domain := strings.ToLower(strings.Trim(parts[0], " \t\r"))
-		serversStr := strings.Trim(parts[1], " \t\r")
-		if len(domain) == 0 || len(serversStr) == 0 {
-			continue
-		}
+		domain = strings.ToLower(domain)
 		var servers []string
 		for _, server := range strings.Split(serversStr, ",") {
-			server = strings.Trim(server, " \t\r")
+			server = strings.TrimFunc(server, unicode.IsSpace)
 			if net.ParseIP(server) != nil {
 				server = fmt.Sprintf("%s:%d", server, 53)
 			}