diff --git a/modules/dns_proxy/dns_proxy.go b/modules/dns_proxy/dns_proxy.go
index 76de6db9..482e3aeb 100644
--- a/modules/dns_proxy/dns_proxy.go
+++ b/modules/dns_proxy/dns_proxy.go
@@ -113,7 +113,7 @@ func NewDnsProxy(s *session.Session) *DnsProxy {
 		"Address to bind the DNS proxy to."))
 
 	mod.AddParam(session.NewStringParameter("dns.proxy.blacklist", "", "",
-		"Comma separated list of client IPs to skip while proxying."))
+		"Comma separated list of client IPs to skip while proxying (wildcard allowed)."))
 
 	mod.AddParam(session.NewStringParameter("dns.proxy.whitelist", "", "",
 		"Comma separated list of client IPs to proxy if the blacklist is used."))
diff --git a/modules/dns_proxy/dns_proxy_base.go b/modules/dns_proxy/dns_proxy_base.go
index ac637bf3..f8c17445 100644
--- a/modules/dns_proxy/dns_proxy_base.go
+++ b/modules/dns_proxy/dns_proxy_base.go
@@ -51,7 +51,7 @@ func (p *DNSProxy) shouldProxy(clientIP string) bool {
 
 	// check if this client is in the blacklist
 	for _, ip := range p.Blacklist {
-		if clientIP == ip {
+		if ip == "*" || clientIP == ip {
 			return false
 		}
 	}