-
-
Notifications
You must be signed in to change notification settings - Fork 112
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added script to convert adserver list to bind9 zone file #188
base: master
Are you sure you want to change the base?
Conversation
Created this script to convert and actualize a spam domain zone file for a bind9 instance to block spam.
bind9 zone file template to redirect spam domains to nowhere aka block them
I wrote this script for my own sakes, wanted to share. |
1D ) ; minimum | ||
|
||
# @ IN NS <YourNameServerIP> | ||
* IN A 0.0.0.0 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Change this to
* IN CNAME .
Next to this you should then keep a wildcard list to take full advantage of the RPZ
Record types https://mypdns.org/mypdns/support/-/wikis/RPZ-record-types
Zone example can be found here:
drill @ns1.mypdns.org AXFR adult.mypdns.cloud
Bind setup https://mypdns.org/rpz/dns-rpz-integration/-/tree/master/Bind_9
Why all this, well RPZ simply just rocks when you take the full advantage of all it capabilities.
Example of true power, https://mypdns.org/my-privacy-dns/matrix/-/issues?scope=all&state=closed&label_name[]=DNS%20Server&label_name[]=Pirated These DNS server are blacklisted and in combination these are blocking access to over 2 million pirated domains, and if you are into NSFW blacklisting you can always add these https://mypdns.org/my-privacy-dns/porn-records/-/issues?scope=all&state=all&label_name[]=TLD%20(Top%20Level%20Domain)
Have fun experiencing "new" stuff 👋
@lfechne Thanks for your contribution and thanks to @spirillen for reviewing the changes |
@spirillen Let mw know if the script needs any changes as I have never used bind9 before xD |
The answer is, it depends... would you have full blown supper and actually optimize for integrating the RPZ (Response policy zone) then yes, the script need a lot of changes. Until I know this, I suggest you try to compare the zone file between this one and my pirated zone file (it is the one most most RPZ tricks) drill axfr pirated.mypdns.cloud @axfr.ipv4.mypdns.cloud -p 530 > pirated.mypdns.cloud Then there is the other question, what reply do the prefer? the RFC NXDOMAIN (Domain do not exist, stop asking) or a local ip like 127.0.0.1 which will generate a query to Here is a few issues on @ScriptTiger issue board that touches this topic and I suggest to read before deciding.
There is also another long thread at the unnamed issues marked something like good discussion in the closed issue section. (it is related to this https://mypdns.org/mypdns/support/-/wikis/dns/DnsHosts#hosts-file-vs-unbound-test) 😏 🐕 |
No description provided.