ADBLK-8: Create zone only Unbound file

Issue Information

Issue Type: Task
 
Priority: Major
Status: Closed

Reported By:
Ben Tasker
Assigned To:
Ben Tasker
Project: Adblock Lists (ADBLK)
Resolution: Done (2019-06-10 17:25:04)

Created: 2019-06-10 10:18:12
Time Spent Working


Description
Need to create a file that contains blocked zones only.

The reason for this is that Pi-Hole's gravity filters cannot block a zone (at least, not via lists - you can add regex's manually), only exact domain names.

That's fairly inflexible when ad-flingers can register foo.com and then just cycle through subdomains.

So, want to dump out a file of unbound format zone blocks - I have unbound upstream of Pi-hole, so zone blocks can happen there.

That way, we can do things like ensure 2o7.net is blocked so that anything CNAMEing to subdomains of it are automatically blocked


Issue Links

relates to ADBLK-12: Blocked Zones as list
Toggle State Changes

Activity


2019-06-10 10:20:46

Repo: adblocklists
Commit: 613e44c7721c0ff72f09ea6532d2ef618bea9d2d
Author: B <github@<Domain Hidden>>

Date: Mon Jun 10 10:19:49 2019 +0100
Commit Message: ADBLK-8 Create unbound format file containing only manually blocked zones



Modified (-)(+)
-------
bin/update_addomains.sh
index.html




Webhook User-Agent 

GitHub-Hookshot/d408d22


View Commit


2019-06-10 10:44:47

Repo: adblocklists
Commit: 997f6c9a77dd7523bb3e5130a2114ad0859902d6
Author: B <github@<Domain Hidden>>

Date: Mon Jun 10 10:38:16 2019 +0100
Commit Message: ADBLK-8 Adding example script for pulling zones (only) into unbound

My DNS server has a read-only root partition (with a writeable /var), so my deployment using this went as follows: 

mkdir /var/unbound_blocks
cd /etc/unbound/local.d
mount -o remount,rw /
ln -s /var/unbound_blocks/ adblocks

cd /var/unbound_blocks/
nano unbound_block_zones.sh # Following this commit, should just be able to wget it
chmod +x unbound_block_zones.sh
./unbound_block_zones.sh

cd /etc/unbound/
nano unbound.conf
service unbound reload

echo "15 * * * * root cd /var/unbound_blocks/; ./unbound_block_zones.sh" > /etc/cron.d/update_adblock_zones

mount -o remount,ro /



Added (+)
-------
bin/unbound_block_zones.sh




Webhook User-Agent 

GitHub-Hookshot/d408d22


View Commit


2019-06-10 10:50:01
This is the process I've used to drop it onto a DNS server that has a writeable root partition: 
root@debian-9-doh-newbuild:~# cd /etc/unbound/local.d/
root@debian-9-doh-newbuild:/etc/unbound/local.d# mkdir adblocks
root@debian-9-doh-newbuild:/etc/unbound/local.d# cd adblocks/
root@debian-9-doh-newbuild:/etc/unbound/local.d/adblocks# wget https://github.com/bentasker/adblocklists/raw/master/bin/unbound_block_zones.sh
root@debian-9-doh-newbuild:/etc/unbound/local.d/adblocks# ls
ad-zones.conf  unbound_block_zones.sh

root@debian-9-doh-newbuild:/etc/unbound/local.d/adblocks# cd ../..
root@debian-9-doh-newbuild:/etc/unbound# nano unbound.conf
root@debian-9-doh-newbuild:/etc/unbound# grep "ad-zones" unbound.conf
    include: local.d/adblocks/ad-zones.conf

root@debian-9-doh-newbuild:/etc/unbound# echo "15 * * * * root cd /var/unbound_blocks/; ./unbound_block_zones.sh" > /etc/cron.d/update_adblock_zones

2019-06-10 17:25:04
btasker changed status from 'Open' to 'Resolved'

2019-06-10 17:25:04
btasker added 'Done' to resolution

2019-06-10 17:25:15
btasker changed status from 'Resolved' to 'Closed'