Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added script to convert adserver list to bind9 zone file #188

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Added script to convert adserver list to bind9 zone file #188

wants to merge 3 commits into from

Conversation

lfechne
Copy link

@lfechne lfechne commented Feb 21, 2022

No description provided.

@lfechne
Create adserver_bind9_block.sh
0350836 
Created this script to convert and actualize a spam domain zone file for a bind9 instance to block spam.
@lfechne
Create redirect.nowhere
b3c55bc 
bind9 zone file template to redirect spam domains to nowhere aka block them
@lfechne
Performance enhancements and bug fix
51e7955
@lfechne
Copy link
Author

lfechne commented Feb 21, 2022

I wrote this script for my own sakes, wanted to share.

spirillen
spirillen reviewed Feb 22, 2022
View reviewed changes
miscellaneous/redirect.nowhere
1D ) ; minimum

# @ IN NS <YourNameServerIP>
* IN A 0.0.0.0
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Change this to

*	IN	CNAME	.

Next to this you should then keep a wildcard list to take full advantage of the RPZ

Record types https://mypdns.org/mypdns/support/-/wikis/RPZ-record-types

Zone example can be found here:

drill @ns1.mypdns.org AXFR adult.mypdns.cloud

Bind setup https://mypdns.org/rpz/dns-rpz-integration/-/tree/master/Bind_9

Why all this, well RPZ simply just rocks when you take the full advantage of all it capabilities.

Example of true power, https://mypdns.org/my-privacy-dns/matrix/-/issues?scope=all&state=closed&label_name[]=DNS%20Server&label_name[]=Pirated These DNS server are blacklisted and in combination these are blocking access to over 2 million pirated domains, and if you are into NSFW blacklisting you can always add these https://mypdns.org/my-privacy-dns/porn-records/-/issues?scope=all&state=all&label_name[]=TLD%20(Top%20Level%20Domain)

Have fun experiencing "new" stuff 👋

@anudeepND
Copy link
Owner

@lfechne Thanks for your contribution and thanks to @spirillen for reviewing the changes

@anudeepND
Copy link
Owner

@spirillen Let mw know if the script needs any changes as I have never used bind9 before xD

@spirillen
Copy link

@spirillen Let mw know if the script needs any changes as I have never used bind9 before xD

The answer is, it depends... would you have full blown supper and actually optimize for integrating the RPZ (Response policy zone) then yes, the script need a lot of changes.

Until I know this, I suggest you try to compare the zone file between this one and my pirated zone file (it is the one most most RPZ tricks)

drill axfr pirated.mypdns.cloud @axfr.ipv4.mypdns.cloud -p 530 > pirated.mypdns.cloud

Then there is the other question, what reply do the prefer? the RFC NXDOMAIN (Domain do not exist, stop asking) or a local ip like 127.0.0.1 which will generate a query to localhost:$port and wait for a timeout (usually 60 to 120 sec)

Here is a few issues on @ScriptTiger issue board that touches this topic and I suggest to read before deciding.

There is also another long thread at the unnamed issues marked something like good discussion in the closed issue section. (it is related to this https://mypdns.org/mypdns/support/-/wikis/dns/DnsHosts#hosts-file-vs-unbound-test) 😏 🐕

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@spirillen spirillen spirillen left review comments

@anudeepND anudeepND anudeepND approved these changes

Assignees
No one assigned
Labels
Awesome Help wanted
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@lfechne @anudeepND @spirillen