Initial commit
commit
08c4d3ed63
|
|
@ -0,0 +1 @@
|
||||||
|
*.zone
|
||||||
|
|
@ -0,0 +1,36 @@
|
||||||
|
===================================
|
||||||
|
BIND Response Policy Zone Generator
|
||||||
|
===================================
|
||||||
|
|
||||||
|
The :file:`rpzgen.py` script will generate a BIND response policy zone (RPZ)
|
||||||
|
definition from a list of "hosts files." These files contain a list of DNS
|
||||||
|
domains to be "blocked" by the resolver, preventing clients from reaching the
|
||||||
|
servers at those names.
|
||||||
|
|
||||||
|
Currently, the following hosts lists are used:
|
||||||
|
|
||||||
|
* `StevenBlack's Consolidated Hosts list`_
|
||||||
|
* Custom list
|
||||||
|
|
||||||
|
Host lists must be in the standard "hosts file" format (i.e. an IP address,
|
||||||
|
followed by whitespace, followed by a DNS name. Only the first name on each
|
||||||
|
line is used. Wildcard names are permitted.
|
||||||
|
|
||||||
|
|
||||||
|
Requirements
|
||||||
|
============
|
||||||
|
|
||||||
|
Only Python 3 is required; no external dependencies are used.
|
||||||
|
|
||||||
|
|
||||||
|
Usage
|
||||||
|
=====
|
||||||
|
|
||||||
|
The generated RPZ file is written to standard output. To save it to a file,
|
||||||
|
use shell redirection:
|
||||||
|
|
||||||
|
.. code:: sh
|
||||||
|
|
||||||
|
./rpzgen.py > blackhole.rpz.zone
|
||||||
|
|
||||||
|
.. _StevenBlack's Consolidated Hosts list: https://github.com/StevenBlack/hosts
|
||||||
|
|
@ -0,0 +1,6 @@
|
||||||
|
# Block UniFi telementry
|
||||||
|
0.0.0.0 unifi-report.ubnt.com
|
||||||
|
0.0.0.0 ping.ui.com
|
||||||
|
|
||||||
|
# Block Roomba from accessing "the cloud"
|
||||||
|
0.0.0.0 *.irobotapi.com
|
||||||
|
|
@ -0,0 +1,41 @@
|
||||||
|
#!/usr/bin/env python
|
||||||
|
import datetime
|
||||||
|
import string
|
||||||
|
import sys
|
||||||
|
import urllib.request
|
||||||
|
|
||||||
|
HOST_LISTS = [
|
||||||
|
'hosts',
|
||||||
|
'https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews-gambling/hosts',
|
||||||
|
]
|
||||||
|
|
||||||
|
ZONE_HEADER = string.Template('''\
|
||||||
|
$$TTL 3H
|
||||||
|
@ IN SOA @ rname.invalid. (
|
||||||
|
${serial} ; serial
|
||||||
|
1D ; refresh
|
||||||
|
1H ; retry
|
||||||
|
1W ; expire
|
||||||
|
3H ) ; minimum
|
||||||
|
NS @
|
||||||
|
A 127.0.0.1
|
||||||
|
AAAA ::1
|
||||||
|
|
||||||
|
nextcloud.pyrocufflink.net CNAME cloud0.pyrocufflink.blue.
|
||||||
|
|
||||||
|
''')
|
||||||
|
|
||||||
|
serial = datetime.datetime.now().strftime('%Y%m%d%H%M%S')
|
||||||
|
|
||||||
|
sys.stdout.write(ZONE_HEADER.substitute(serial=serial))
|
||||||
|
|
||||||
|
for hostlist in HOST_LISTS:
|
||||||
|
if urllib.parse.urlsplit(hostlist).netloc:
|
||||||
|
f = urllib.request.urlopen(hostlist)
|
||||||
|
else:
|
||||||
|
f = open(hostlist, 'rb')
|
||||||
|
with f:
|
||||||
|
for line in f.readlines():
|
||||||
|
if line.startswith(b'0.0.0.0 '):
|
||||||
|
name = line.strip().split()[1].decode()
|
||||||
|
sys.stdout.write(f'{name} CNAME .\n')
|
||||||
Loading…
Reference in New Issue