Fetch various blocklists and generate a BIND zone from them.
Configure BIND to return NXDOMAIN
for ad and tracking domains to stop clients from contacting them.
Requires BIND 9.8 or newer for RPZ support.
Uses the following sources:
- Peter Lowe’s Ad and tracking server list
- MVPS HOSTS
- Adaway default blocklist
- Dan Pollock’s hosts file
- MalwareDomainList.com Hosts List
- StevenBlack Unified hosts file
- CAMELEON
- Disconnect.me Basic tracking list
- Disconnect.me Ad Filter list
- Polish CERT Phishing list
See requirements.txt
To install
python3 -m venv venv
source venv/bin/activate
pip install --upgrade pip
pip install -r requirements.txt
Add the response-policy
statement to the BIND options
// For AdBlock
response-policy {
zone "rpz.example.com";
};
Add your rpz zone. Replace example.com with a domain of your choice.
// AdBlock
zone "rpz.example.com" {
type master;
file "/etc/bind/db.rpz.example.com";
masterfile-format text;
allow-query { none; };
};
Create a zone file for your zone. Replace example.com with the domain you used before.
@ 3600 IN SOA @ admin.example.com. 0 86400 7200 2592000 86400
@ 3600 IN NS ns.example.com.
usage: update-zonefile.py [-h] [--no-bind] [--raw] [--empty] zonefile origin
Update zone file from public DNS ad blocking lists
positional arguments:
zonefile path to zone file
origin zone origin
optional arguments:
-h, --help show this help message and exit
--no-bind Don't try to check/reload bind zone
--raw Save the zone file in raw format. Requires named-compilezone
--empty Create header-only (empty) rpz zone file
--views If using multiple BIND views, list where each zone is defined
Example: update-zonefile.py /etc/bind/db.rpz.example.com rpz.example.com
update-zonefile.py
will update the zone file with the fetched adserver lists and issue a rndc reload origin
afterwards.
If you defined the adblock rpz across multiple BIND views, then you will need to pass --views a space separated list of which views the zone is defined.
Doing so will issue 'rndc reload origin IN view' for each view provided for the origin zone.
--views "internal dmz test"
This argument can be omitted if the origin zone only occurs once in your configuration. The following error is an indication you are using the rpz zone multiple views.
zone 'rpz.adblocker' was found in multiple views
You can either use an additional zone to whitelist domains (Or add them to config.yml
)
See Whitelist for adding a whitelist zone.