Last active
June 25, 2023 15:45
-
-
Save lmas/f04efe1a96c1d6d388ac990655453ec5 to your computer and use it in GitHub Desktop.
Script to generate a blocklist zone file for unbound DNS server
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # Inspired by: | |
| # https://old.reddit.com/r/PFSENSE/comments/9mipe0/unboundbased_dnsblacklisting/ | |
| # https://news.ycombinator.com/item?id=22854209 | |
| # | |
| # With lotsa code stolen from: | |
| # https://www.tumfatig.net/20190405/blocking-ads-using-unbound8-on-openbsd/ | |
| # | |
| # Comment filter syntax from: | |
| # https://unix.stackexchange.com/questions/157328/how-can-i-remove-all-comments-from-a-file/157619#157619 | |
| # | |
| # Using redirect vs. static/always_nxdomain in unbound: | |
| # https://github.com/NLnetLabs/unbound/issues/55 | |
| stevenblacks="https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/gambling/hosts" | |
| frellwits="https://raw.githubusercontent.com/lassekongo83/Frellwits-filter-lists/master/Frellwits-Swedish-Hosts-File.txt" | |
| ################################################################################ | |
| # Test for internet connectivity before doing anything else | |
| if ! nc -zw1 google.com 80 >/dev/null 2>&1; then | |
| echo "No internet connection, quitting..." 1>&2 | |
| exit 1 | |
| fi | |
| tmpfile="$(mktemp)" | |
| trap 'rm -f $tmpfile' 0 HUP INT QUIT TERM # 0 = regular exit | |
| # Get and filter StevenBlack's hosts file | |
| curl -s "$stevenblacks" | \ | |
| sed -n '/Start StevenBlack/,$p' | \ | |
| sed -e '/^[[:blank:]]*#/d;s/#.*//' -e '/^[[:space:]]*$/d' | \ | |
| awk '/^0.0.0.0/ { print $2 }' >> "$tmpfile" | |
| # Get and filter Frellwit's swedish hosts file | |
| curl -s "$frellwits" | \ | |
| sed -e '/^[[:blank:]]*#/d;s/#.*//' -e '/^[[:space:]]*$/d' | \ | |
| awk '/^127.0.0.1/ { print $2 }' >> "$tmpfile" | |
| # Output header | |
| cat << EOF | |
| ################################################################################ | |
| # | |
| # Personal DNS blocklist for unbound | |
| # | |
| # Public entries: $(sort -fu "$tmpfile" | wc -l | tr -d ' ') | |
| # Timestamp: $(date "+%Y-%m-%d %H:%M") | |
| # Source: https://gist.github.com/lmas/f04efe1a96c1d6d388ac990655453ec5 | |
| # | |
| ################################################################################ | |
| # Custom domains | |
| # These two are mostly used for scams, see: https://fosstodon.org/@suprjami/110381691990708727 | |
| local-zone: "zip." always_nxdomain | |
| local-zone: "mov." always_nxdomain | |
| # Public lists | |
| EOF | |
| # Output entries | |
| sort -fu "$tmpfile" | awk '{print "local-zone: \"" $1 "\" always_nxdomain"}' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment