Initial commit

2020-09-06 10:25:25 -05:00 · 2020-09-06 10:25:25 -05:00 · 08c4d3ed63
commit 08c4d3ed63
4 changed files with 84 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
+*.zone
--- a/README.rst
+++ b/README.rst
@ -0,0 +1,36 @@
+===================================
+BIND Response Policy Zone Generator
+===================================
+
+The :file:`rpzgen.py` script will generate a BIND response policy zone (RPZ)
+definition from a list of "hosts files."  These files contain a list of DNS
+domains to be "blocked" by the resolver, preventing clients from reaching the
+servers at those names.
+
+Currently, the following hosts lists are used:
+
+* `StevenBlack's Consolidated Hosts list`_
+* Custom list
+
+Host lists must be in the standard "hosts file" format (i.e. an IP address,
+followed by whitespace, followed by a DNS name.  Only the first name on each
+line is used.  Wildcard names are permitted.
+
+
+Requirements
+============
+
+Only Python 3 is required; no external dependencies are used.
+
+
+Usage
+=====
+
+The generated RPZ file is written to standard output.  To save it to a file,
+use shell redirection:
+
+.. code:: sh
+
+    ./rpzgen.py > blackhole.rpz.zone
+
+.. _StevenBlack's Consolidated Hosts list: https://github.com/StevenBlack/hosts
--- a/6
+++ b/6
@ -0,0 +1,6 @@
+# Block UniFi telementry
+0.0.0.0 unifi-report.ubnt.com
+0.0.0.0 ping.ui.com
+
+# Block Roomba from accessing "the cloud"
+0.0.0.0 *.irobotapi.com
--- a/rpzgen.py
+++ b/rpzgen.py
@ -0,0 +1,41 @@
+#!/usr/bin/env python
+import datetime
+import string
+import sys
+import urllib.request
+
+HOST_LISTS = [
+    'hosts',
+    'https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews-gambling/hosts',
+]
+
+ZONE_HEADER = string.Template('''\
+$$TTL 3H
+@	IN SOA	@ rname.invalid. (
+					${serial}	; serial
+					1D	; refresh
+					1H	; retry
+					1W	; expire
+					3H )	; minimum
+	NS	@
+	A	127.0.0.1
+	AAAA	::1
+
+nextcloud.pyrocufflink.net  CNAME   cloud0.pyrocufflink.blue.
+
+''')
+
+serial = datetime.datetime.now().strftime('%Y%m%d%H%M%S')
+
+sys.stdout.write(ZONE_HEADER.substitute(serial=serial))
+
+for hostlist in HOST_LISTS:
+    if urllib.parse.urlsplit(hostlist).netloc:
+        f = urllib.request.urlopen(hostlist)
+    else:
+        f = open(hostlist, 'rb')
+    with f:
+        for line in f.readlines():
+            if line.startswith(b'0.0.0.0 '):
+                name = line.strip().split()[1].decode()
+                sys.stdout.write(f'{name}		CNAME .\n')