Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
#!/bin/sh
##
## For EdgeRouter Lite
## chmod 755 /etc/cron.weekly/dns-blacklist
##
BLACKLIST_URL=https://raw.githubusercontent.com/oznu/dns-zone-blacklist/master/dnsmasq/dnsmasq-server.blacklist
BLACKLIST_PATH=/etc/dnsmasq.d/blacklist.conf
WHITELIST_PATH=/config/dnsmasq-server.whitelist
# Download the checksum on the remote release
CHECKSUM=$(curl -sk "$BLACKLIST_URL.checksum")
# Compare the remote checksum to the existing local file
echo "${CHECKSUM} $BLACKLIST_PATH" | sha256sum -c -
if [[ $? != 0 ]] ; then
echo "Blacklist is missing or out of date, downloading update..."
# Get the blacklist of domains and fix the zone file path.
curl -sko /tmp/dnsmasq.blacklist "$BLACKLIST_URL"
# remove whitelisted domains
while read -r domain; do
sed -i "/$domain/d" /tmp/dnsmasq.blacklist
done < "$WHITELIST_PATH"
# Test the blacklist is valid
dnsmasq --test --conf-file=/tmp/dnsmasq.blacklist
if [[ $? == 0 ]]; then
# Downloaded blacklist is valid
mv /tmp/dnsmasq.blacklist $BLACKLIST_PATH
# Restart dnsmasq
/etc/init.d/dnsmasq restart
else
# Downloaded blacklist is not valid
rm -rf /tmp/dnsmasq.blacklist
echo >&2 "ERROR: Upstream blacklist did not pass dnsmasq config test."
fi
fi
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment