Skip to content

Latest commit

 

History

History
94 lines (73 loc) · 2.71 KB

README.md

File metadata and controls

94 lines (73 loc) · 2.71 KB

BIND unwanted domains blocker

Fetch various blocklists and generate a BIND zone from them.

Configure BIND to redirect to drop.sinkhole (walled garden) for ad, tracking and malicious domains to stop clients from contacting them.

Requires BIND 9.8 or newer for RPZ support.

Uses the following sources:

and more

Setup

Python packages

These packages need to be installed to run the update script.

Configure BIND

Create a local domain (.sinkhole) for the sinkhole. Replace 192.168.1.220 with the IP address of your sinkhole server.

@ 8600 IN SOA  .sinkhole root.sinkhole. (201702121 604800 86400 2419200 604800 )
@ 8600 IN NS   LOCALHOST.
@ IN A 192.168.1.220
* A 192.168.1.220

Add the newly created domain .sinkhole zone to the BIND configuration

zone "sinkhole." {
        type master;
        file "/var/named/db.sinkhole";
        allow-update { none; };
        allow-transfer { none; };
        allow-query { trusted-acl;};
};

Add the response-policy statement to the BIND options

// Blacklist RPZ
response-policy {
	zone "rpz.blacklist";
};

Add your RPZ zone.

// Blacklist zone
zone "rpz.blacklist" {
        type master;
        file "/var/named/db.rpz.blacklist";
        allow-update { none; };
        allow-transfer { none; };
        allow-query { none; };
};

Usage

update-zonefile.py zonefile origin
  • zonefile: Path to the zone file to update
  • origin: Zone origin to use

Example: python3 update-zonefile.py /var/named/db.rpz.blacklist rpz.blacklist

Verification of the zone file with named-checkzone:

[root@localhost]# named-checkzone admin /var/named/db.rpz.blacklist
/var/named/db.rpz.blacklist:3: using RFC1035 TTL semantics
zone admin/IN: loaded serial 201702126
OK