Skip to content
/ bound Public

generate unbound local-zones to refuse advertising and malware domains

License

Notifications You must be signed in to change notification settings

wryfi/bound

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

18 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

bound

bound pulls data from The Big Blocklist Collection and generates an unbound configuration file that refuses lookup of the selected domains.

This is useful for blocking ads and malware, in much the same way as pi-hole. You might prefer this method over pi-hole if:

  • you're already using unbound
  • you don't love dnsmasq (which pi-hole is based on)
  • you don't think a DNS resolver should require a web server
  • you distrust thousands of lines of bash to make major changes to your system

If the above don't apply to you, or you're looking for an opinionated, ad-blocking resolver with a pretty user interface and automated installer, pi-hole is probably what you want.

Requirements

  1. a gnu/linux or *bsd operating system
  2. a working unbound installation
  3. python3.6+ (for debian-like systems: sudo apt-get install python3)
  4. python3 requests library (for debian-like systems: sudo apt-get install python3-requests)

Installation

python setup.py install

Usage

bound is intended to be used with blocklists from The Big Blocklist Collection.

Run without any options, bound will:

  1. download the latest "ticked" list from the Big Blocklist Collection
  2. download all of the blocklists listed in the "ticked" list
  3. parse, deduplicate, and assemble a list of domains from the retrieved blocklists
  4. remove any safelisted domains from the list
  5. write /etc/unbound/unbound.conf.d/blocklist.conf to configure unbound for blocking the listed domains
  6. check the unbound configuration, and exit in case of any errors
  7. restart unbound

To accomplish the above, you will probably need to run bound as the root user.

There are options that support running as a non-root user, as well as specifying the blocklist URL, an optional safelist URL, and local blocklist and safelist files.

For a description of all the options, run bound -h.

Supported File Formats

bound supports blocklists and safelists in the following formats:

one domain per line

advanbusiness.com
aoldaily.com
aolon1ine.com
applesoftupdate.com
arrowservice.net

one domain per line, with inline comments

quantummetric.com # Cydia/Bigboss
cydia.saurik.com.cdngc.net # Cydia/Bigboss
production-ultimate-assets.ratecity.com.au # NewsCorp
saber.srvcs.tumblr.com # Tumblr
fd-fp3.wg1.b.yahoo.com # Tumblr

hosts file format

127.0.0.1  0koryu0.easter.ne.jp
127.0.0.1  109-204-26-16.netconnexion.managedbroadband.co.uk
127.0.0.1  1866809.securefastserver.com
127.0.0.1  2amsports.com
127.0.0.1  4dexports.com

single-digit hosts file format

0 1app.blob.core.windows.net
0 2912a.v.fwmrm.net
0 29773.v.fwmrm.net
0 5be16.v.fwmrm.net
0 888casino.com

About

generate unbound local-zones to refuse advertising and malware domains

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages