hosts-blocklists
hosts-blocklists copied to clipboard
BIND9 support
It would be nice if all these hosts could be blocked using BIND9 as the local caching resolver.
Can you provide a sample configuration? I will have a look at this at some point (could take some time, as adding new parsers requires quite some testing / updating of scripts).
E.g /etc/bind/db.adblock
.
$TTL 86400 ; one day
@ IN SOA intradns.mydomain. root.mydomain. (
2015082801 ; serial number YYMMDDNN
28800 ; refresh 8 hours
7200 ; retry 2 hours
864000 ; expire 10 days
86400 ) ; min ttl 1 day
NS intradns.mydomain.
@ IN A 192.168.2.60 # address for domain itself
* IN A 192.168.2.60 # address for all subdomains
In /etc/bind/zones/adblock
one can create lines like these:
zone "adnetwork1.com" IN { type master; notify no; file "/etc/bind/db.adblock"; };
zone "some.adnetwork2.com" IN { type master; notify no; file "/etc/bind/db.adblock"; };
There's a few examples here as well: https://tk-sls.de/wp/3827/3 https://github.com/Trellmor/bind-adblock https://medium.com/@d.robertson/dns-level-ad-blocking-on-lan-with-bind-rpz-32dbfdf2e4fe
This works for me. I have BSD, so if you are on linux, swap out fetch -o
with wget -O
#!/usr/local/bin/perl
# blockdomains2bind.pl - script to convert notracking domain list to ISC Bind config
# Mon Apr 11 16:07:41 PDT 2022, created, rudy
#
# Usage: perl blockdomains2bind.pl hostnames
# Usage: perl blockdomains2bind.pl domains
#
# Force regeneration of conf file:
# perl blockdomains2bind.pl hostnames 1
#
# I found the domains list did not work for me...
#
# add this to named.conf:
# include "/usr/local/etc/namedb/blockdomains.conf";
# or
# include "/usr/local/etc/namedb/blockhostnames.conf";
use strict;
my ($file, $conf, $url, $regex);
my $mode = shift || 'hostnames'; # or domains!
my $force = shift || undef;
if ($mode eq 'hostnames') {
$file = '/usr/local/etc/namedb/blockhostnames.txt';
$conf = '/usr/local/etc/namedb/blockhostnames.conf';
$url = 'https://github.com/notracking/hosts-blocklists/raw/master/hostnames.txt';
# example line: 0.0.0.0 0grex12.no-ip.org
$regex = '^0.0.0.0 (\S+)$';
} else {
$file = '/usr/local/etc/namedb/blockdomains.txt';
$conf = '/usr/local/etc/namedb/blockdomains.conf';
$url = 'https://github.com/notracking/hosts-blocklists/raw/master/domains.txt';
# example line: address=/2cyp.com/0.0.0.0
$regex = '^address=/([^/]+)/0.0.0.0$';
}
print "BIND9 integration... add this line to your named.conf\n";
print " include \"$conf\";\n";
print "view your logs (/var/log/messages ?) and check for errors!\n";
if (! $force && -f $conf && -f $file && -M $conf < -M $file) {
print "Exiting, config more recent than data\n";
exit;
} elsif (-f $conf && -f $file && -M $file > 1) {
print "Fetching $file\n";
`fetch -o $file '$url'`;
} else {
printf("Found $file %.2f days old\n", -M $file );
}
open BLOCKLIST, "<$file" or die;
open CONF, ">$conf" or die;
while (<BLOCKLIST>) {
/use-application-dns.net/ and next; # canary domain for dns over https
/hearstnp/ and next; # sfchron
if (m,$regex,) {
print CONF "zone \"$1\" in { type primary; file \"master/blocklist.db\"; };\n";
}
}
close BLOCKLIST;
close CONF;
exit;
print "Reloading Bind via rndc reload command\n";
`rndc reload`;
__END__
example blocklist.db ...
$TTL 3h
; Zone for bogus return... used for trackers to enable better privacy.
@ SOA @ nobody.localhost. 42 1d 12h 1w 3h
; Serial, Refresh, Retry, Expire, Neg. cache TTL
; resolve to localhost + 1
@ A 127.0.0.2
* A 127.0.0.2
@ AAAA ::2
* AAAA ::2
I had a shorter script that just did domains, but I found that it was blocking too much stuff. Reworked script to do either a 'hostnames' or 'domains' for bind9. I recommend hostnames -- this is based on my extensive 4 hours experience using this filter list. /s
Can you provide a sample configuration? I will have a look at this at some point (could take some time, as adding new parsers requires quite some testing / updating of scripts).
Hers is the output:
zone "zzxxc0939.noip.me" in { type primary; file "master/blocklist.db"; };
zone "zzxxccllkkjj99.zapto.org" in { type primary; file "master/blocklist.db"; };
zone "zzxz.no-ip.biz" in { type primary; file "master/blocklist.db"; };
zone "zzz.onion.pet" in { type primary; file "master/blocklist.db"; };
bump, plz make bind9 rpz support
any update?