Fetch various blocklists and generate a BIND zone from them.
Configure BIND to return NXDOMAIN for ad and tracking domains to stop clients from contacting them.
Requires BIND 9.8 or newer for RPZ support.
Uses the following sources:
- Peter Lowe’s Ad and tracking server list
- Malware domains
- MVPS HOSTS
- Adaway default blocklist
- Dan Pollock’s hosts file
- MalwareDomainList.com Hosts List
- StevenBlack Unified hosts file
- CAMELEON
- Disconnect.me Basic tracking list
- Disconnect.me Ad Filter list
- Polish CERT Phishing list
See requirements.txt
To install
pip install -r requirements.txt
Add the response-policy statement to the BIND options
// For AdBlock
response-policy {
zone "rpz.example.com";
};
Add your rpz zone. Replace example.com with a domain of your choice.
// AdBlock
zone "rpz.example.com" {
type master;
file "/etc/bind/db.rpz.example.com";
masterfile-format text;
allow-query { none; };
};
Create a zone file for your zone. Replace example.com with the domain you used before.
@ 3600 IN SOA @ admin.example.com. 0 86400 7200 2592000 86400
@ 3600 IN NS ns.example.com.
usage: update-zonefile.py [-h] [--no-bind] [--raw] [--empty] zonefile origin
Update zone file from public DNS ad blocking lists
positional arguments:
zonefile path to zone file
origin zone origin
optional arguments:
-h, --help show this help message and exit
--no-bind Don't try to check/reload bind zone
--raw Save the zone file in raw format. Requires named-compilezone
--empty Create header-only (empty) rpz zone file
Example: update-zonefile.py /etc/bind/db.rpz.example.com rpz.example.com
update-zonefile.py will update the zone file with the fetched adserver lists and issue a rndc reload origin afterwards.
You can either use an additional zone to whitelist domains (Or add them to config.yml)
See Whitelist for adding a whitelist zone.