nhyatt/bind-response-policy-zone-creator
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Adds configuration from config file.

Browse Source
This commit is contained in:
Hyatt 2022-02-07 15:02:06 -06:00
parent b7ed5a30c2
commit ba892ce475
Signed by: nhyatt
GPG Key ID: C50D0BBB5BC40BEA
9 changed files with 331 additions and 231 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
cmd/bind/build-bind.go
View File

@ -16,11 +16,11 @@ func buildBindResponsePolicyFile() {
outputTemplate := `{{- $domain := .Domain -}} outputTemplate := `{{- $domain := .Domain -}}
$TTL {{ or .TTL "1h" }} $TTL {{ or .TTL "1h" }}
@ IN SOA {{ $domain }}. {{ or .Email "domain-admin" }}. ( @ IN SOA {{ $domain }}. {{ or .Email "domain-admin" }}. (
{{ or .Timestamp "0000000000" }} ; Serial {{ or .Serial "0000000000" }} ; Serial
{{ or .Refresh "1h" }} ; Refresh {{ or .Refresh "1h" }} ; Refresh
{{ or .Retry "30m" }} ; Retry {{ or .Retry "30m" }} ; Retry
{{ or .Expire "1w" }} ; Expire {{ or .Expire "1w" }} ; Expire
{{ or .Minimum "1h" }} ; Minimum {{ or .Minimum "1h" }} ; Minimum
) )
; ;
@ -33,7 +33,7 @@ $TTL {{ or .TTL "1h" }}
; ;
; Addresses ; Addresses
; ;
{{- range .BadDomains }} {{- range .BlockedDomains }}
{{ . }} IN CNAME blocked.{{ $domain }}. {{ . }} IN CNAME blocked.{{ $domain }}.
{{- end }}` {{- end }}`
@ -42,7 +42,7 @@ $TTL {{ or .TTL "1h" }}
log.Fatalf("[FATAL] Unable to parse template (%s): %v\n", "response-policy-zone", err) log.Fatalf("[FATAL] Unable to parse template (%s): %v\n", "response-policy-zone", err)
} }
if err := t.Execute(&output, config.NamedConfig); err != nil { if err := t.Execute(&output, config.Config.ZoneConfig); err != nil {
log.Fatalf("[FATAL] Unable to generate template output: %v\n", err) log.Fatalf("[FATAL] Unable to generate template output: %v\n", err)
} }

62
cmd/bind/cleanup.go Normal file
View File

@ -0,0 +1,62 @@
package main
import (
"log"
"regexp"
"sort"
)
func cleanBadDomains(domains []string) []string {
// remove duplicates
total := len(domains)
all := make(map[string]bool)
list := []string{}
for _, item := range domains {
if _, value := all[item]; !value {
all[item] = true
list = append(list, item)
}
}
domains = list
log.Printf("[INFO] Duplicate items removed: %d\n", total-len(domains))
// remove hosts that are too long
total = len(domains)
list = []string{}
for _, blocklistItem := range domains {
if len([]rune(blocklistItem)) > 255 {
continue
}
list = append(list, blocklistItem)
}
domains = list
log.Printf("[INFO] Hosts with too many characters removed: %d\n", total-len(domains))
// remove allow-listed matches
total = len(domains)
list = []string{}
for _, blocklistItem := range domains {
var match bool
for _, allowlistItem := range config.Config.AllowLists {
r, err := regexp.Compile(allowlistItem)
if err != nil {
log.Printf("[ERROR] Allow list item (%s) is not valid regex: %v\n", allowlistItem, err)
break
}
if r.MatchString(blocklistItem) {
match = true
break
}
}
if !match {
list = append(list, blocklistItem)
}
}
domains = list
log.Printf("[INFO] Allowed hosts removed: %d\n", total-len(domains))
log.Printf("[INFO] Total domains in list at end: %d.\n", len(domains))
sort.Strings(domains)
return domains
}

137
cmd/bind/config.go
View File

@ -2,7 +2,6 @@ package main
import ( import (
"os" "os"
"regexp"
"time" "time"
"github.com/hashicorp/logutils" "github.com/hashicorp/logutils"
@ -23,31 +22,32 @@ type configStructure struct {
HTTPClientTLSHandshakeTimeout int HTTPClientTLSHandshakeTimeout int
HTTPClientIdleTimeout int HTTPClientIdleTimeout int
// Download Sources
URLBlocklistHostFiles []string
URLBlocklistsSimple []string
// Allowlist (regex)
DomainAllowlist []*regexp.Regexp
// Named Config Generator
NamedConfig namedConfigStruct
// Output Filename // Output Filename
BindOutputFileName string BindOutputFileName string
// Config
ConfigFileLocation string
Config configFileStruct
} }
type namedConfigStruct struct { type configFileStruct struct {
TTL string ZoneConfig struct {
Domain string TTL string `yaml:"timeToLive"`
Email string Domain string `yaml:"baseDomain"`
Timestamp string Email string `yaml:"emailAddress"`
Refresh string Serial string `yaml:"zoneSerialNumber"`
Retry string Refresh string `yaml:"zoneRefresh"`
Expire string Retry string `yaml:"zoneRetry"`
Minimum string Expire string `yaml:"zoneExpire"`
NameServers []string Minimum string `yaml:"zoneMinimum"`
BadDomains []string NameServers []string `yaml:"nameServers"`
BlockedDomains []string `yaml:"blockedDomains"`
} `yaml:"zoneConfig"`
Sources struct {
HostFileURLs []string `yaml:"hostFileURLs"`
DomainListURLs []string `yaml:"domainListURLs"`
} `yaml:"sources"`
AllowLists []string `yaml:"allowList"`
} }
var config = configStructure{ var config = configStructure{
@ -59,59 +59,44 @@ var config = configStructure{
// Nice blocklist location: https://firebog.net/ // Nice blocklist location: https://firebog.net/
// Default Blocklist // Default Blocklist
URLBlocklistHostFiles: []string{ Config: configFileStruct{
"https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts", Sources: struct {
"http://sysctl.org/cameleon/hosts", HostFileURLs []string `yaml:"hostFileURLs"`
"https://raw.githubusercontent.com/DandelionSprout/adfilt/master/Alternate%20versions%20Anti-Malware%20List/AntiMalwareHosts.txt", DomainListURLs []string `yaml:"domainListURLs"`
"https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.Risk/hosts", }{
}, HostFileURLs: []string{
URLBlocklistsSimple: []string{ //"https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts",
"https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt", //"http://sysctl.org/cameleon/hosts",
"https://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt", //"https://raw.githubusercontent.com/DandelionSprout/adfilt/master/Alternate%20versions%20Anti-Malware%20List/AntiMalwareHosts.txt",
"https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt", //"https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.Risk/hosts",
"https://v.firebog.net/hosts/Prigent-Crypto.txt", },
"https://phishing.army/download/phishing_army_blocklist_extended.txt", DomainListURLs: []string{
"https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-malware.txt", //"https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt",
"https://raw.githubusercontent.com/Spam404/lists/master/main-blacklist.txt", //"https://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt",
"https://dbl.oisd.nl/", //"https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt",
"https://osint.digitalside.it/Threat-Intel/lists/latestdomains.txt", //"https://v.firebog.net/hosts/Prigent-Crypto.txt",
}, //"https://phishing.army/download/phishing_army_blocklist_extended.txt",
//"https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-malware.txt",
// default URL Allow hosts //"https://raw.githubusercontent.com/Spam404/lists/master/main-blacklist.txt",
DomainAllowlist: []*regexp.Regexp{ //"https://dbl.oisd.nl/",
// localhosts included in blocklists for some reason //"https://osint.digitalside.it/Threat-Intel/lists/latestdomains.txt",
regexp.MustCompile(`localhost`), },
regexp.MustCompile(`localhost.localdomain`), },
regexp.MustCompile(`local`), AllowLists: []string{
regexp.MustCompile(`broadcasthost`), // localhosts included in blocklists for some reason
regexp.MustCompile(`localhost`), `localhost`,
regexp.MustCompile(`ip6-localhost`), `localhost.localdomain`,
regexp.MustCompile(`ip6-loopback`), `local`,
regexp.MustCompile(`localhost`), `broadcasthost`,
regexp.MustCompile(`ip6-localnet`), `localhost`,
regexp.MustCompile(`ip6-mcastprefix`), `ip6-localhost`,
regexp.MustCompile(`ip6-allnodes`), `ip6-loopback`,
regexp.MustCompile(`ip6-allrouters`), `localhost`,
regexp.MustCompile(`ip6-allhosts`), `ip6-localnet`,
// default allow hosts `ip6-mcastprefix`,
regexp.MustCompile(`(^|\.)` + `thepiratebay\.org`), `ip6-allnodes`,
regexp.MustCompile(`(^|\.)` + `sendgrid\.net`), `ip6-allrouters`,
regexp.MustCompile(`(^|\.)` + `googleadservices\.com`), `ip6-allhosts`,
regexp.MustCompile(`(^|\.)` + `doubleclick\.net`), },
regexp.MustCompile(`(^|\.)` + `sailthru\.com`),
regexp.MustCompile(`(^|\.)` + `magiskmanager\.com`),
regexp.MustCompile(`(^|\.)` + `apiservices\.krxd\.net`),
regexp.MustCompile(`(^|\.)` + `logfiles\.zoom\.us`),
regexp.MustCompile(`(^|\.)` + `logfiles-va\.zoom\.us`),
regexp.MustCompile(`(^|\.)` + `nest\.com`),
regexp.MustCompile(`(^|\.)` + `clients.\.google\.com`),
regexp.MustCompile(`(^|\.)` + `login\.live\.com`),
regexp.MustCompile(`(^|\.)` + `unagi\.amazon\.com`),
regexp.MustCompile(`(^|\.)` + `unagi-na\.amazon\.com`),
regexp.MustCompile(`(^|\.)` + `duckduckgo\.com`),
regexp.MustCompile(`(^|\.)` + `msn\.com`),
regexp.MustCompile(`(^|\.)` + `nexusrules\.officeapps\.live\.com`),
regexp.MustCompile(`(^|\.)` + `playfabapi\.com`),
regexp.MustCompile(`(^|\.)` + `vercel-dns\.com`),
}, },
} }

72
cmd/bind/get-remote-data.go Normal file
View File

@ -0,0 +1,72 @@
package main
import (
"log"
"pihole-blocklist/v2/internal/httpclient"
"time"
)
func getListData() []string {
var badDomains []string
listSimple := make(chan []string)
listComplex := make(chan []string)
log.Printf("[INFO] Downloading blocklists\n")
// Get Simple Blocklists
go func() {
data := getData(config.Config.Sources.DomainListURLs)
domains := parseSimple(data)
listSimple <- domains
}()
// Get Host File Blocklists
go func() {
data := getData(config.Config.Sources.HostFileURLs)
domains := parseComplex(data)
listComplex <- domains
}()
// Wait for all downloads to finish
var (
simple, complex []string
simpleFinished, complexFinished bool
)
for {
select {
case simple = <-listSimple:
simpleFinished = true
log.Printf("[INFO] All simple lists have been retrieved.\n")
case complex = <-listComplex:
log.Printf("[INFO] All complex lists have been retrieved.\n")
complexFinished = true
default:
time.Sleep(time.Millisecond * 100)
}
if simpleFinished && complexFinished {
badDomains = append(badDomains, simple...)
badDomains = append(badDomains, complex...)
log.Printf("[INFO] Number of domains detected: %d\n", len(badDomains))
break
}
}
return badDomains
}
func getData(urls []string) []byte {
var listData []byte
for _, u := range urls {
log.Printf("[TRACE] Downloading URL: %s\n", u)
c := httpclient.DefaultClient()
data, err := c.Get(u)
if err != nil {
log.Printf("[ERROR] Unable to get remote content from URL (%s): %v", u, err)
}
listData = append(listData, data...)
}
return listData
}

87
cmd/bind/init.go
View File

@ -2,6 +2,7 @@ package main
import ( import (
"flag" "flag"
"io/ioutil"
"log" "log"
"os" "os"
"strconv" "strconv"
@ -9,6 +10,7 @@ import (
"time" "time"
"github.com/hashicorp/logutils" "github.com/hashicorp/logutils"
"gopkg.in/yaml.v2"
) )
// getEnvString returns string from environment variable // getEnvString returns string from environment variable
@ -71,35 +73,35 @@ func initialize() {
getEnvInt("HTTP_CLIENT_IDLE_TIMEOUT", 5), getEnvInt("HTTP_CLIENT_IDLE_TIMEOUT", 5),
"(HTTP_CLIENT_IDLE_TIMEOUT)\ntime in seconds that the internal http client will keep a connection open when idle") "(HTTP_CLIENT_IDLE_TIMEOUT)\ntime in seconds that the internal http client will keep a connection open when idle")
// Bind Config // Bind Config
flag.StringVar(&config.NamedConfig.TTL, flag.StringVar(&config.Config.ZoneConfig.TTL,
"bind-ttl", "bind-ttl",
getEnvString("TTL", "1h"), getEnvString("TTL", "1h"),
"(TTL)\nBind zone time to live") "(TTL)\nBind zone time to live")
flag.StringVar(&config.NamedConfig.Domain, flag.StringVar(&config.Config.ZoneConfig.Domain,
"bind-domain", "bind-domain",
getEnvString("DOMAIN", "example.com"), getEnvString("DOMAIN", "example.com"),
"(DOMAIN)\nBind zone base domain") "(DOMAIN)\nBind zone base domain")
flag.StringVar(&config.NamedConfig.Email, flag.StringVar(&config.Config.ZoneConfig.Email,
"bind-email", "bind-email",
getEnvString("EMAIL", "domain-admin@example.com"), getEnvString("EMAIL", "domain-admin@example.com"),
"(EMAIL)\nBind zone authority e-mail address") "(EMAIL)\nBind zone authority e-mail address")
flag.StringVar(&config.NamedConfig.Timestamp, flag.StringVar(&config.Config.ZoneConfig.Serial,
"bind-timestamp", "bind-timestamp",
getEnvString("TIMESTAMP", time.Now().In(config.TimeZone).Format("0601021504")), getEnvString("TIMESTAMP", time.Now().In(config.TimeZone).Format("0601021504")),
"(TIMESTAMP)\nBind zone serial number") "(TIMESTAMP)\nBind zone serial number")
flag.StringVar(&config.NamedConfig.Refresh, flag.StringVar(&config.Config.ZoneConfig.Refresh,
"bind-refresh", "bind-refresh",
getEnvString("REFRESH", "1h"), getEnvString("REFRESH", "1h"),
"(REFRESH)\nBind zone refresh time") "(REFRESH)\nBind zone refresh time")
flag.StringVar(&config.NamedConfig.Retry, flag.StringVar(&config.Config.ZoneConfig.Retry,
"bind-retry", "bind-retry",
getEnvString("RETRY", "30m"), getEnvString("RETRY", "30m"),
"(RETRY)\nBind zone retry time") "(RETRY)\nBind zone retry time")
flag.StringVar(&config.NamedConfig.Expire, flag.StringVar(&config.Config.ZoneConfig.Expire,
"bind-expire", "bind-expire",
getEnvString("EXPIRE", "1w"), getEnvString("EXPIRE", "1w"),
"(EXPIRE)\nBind zone expire time") "(EXPIRE)\nBind zone expire time")
flag.StringVar(&config.NamedConfig.Minimum, flag.StringVar(&config.Config.ZoneConfig.Minimum,
"bind-minimum", "bind-minimum",
getEnvString("MINIMUM", "1h"), getEnvString("MINIMUM", "1h"),
"(MINIMUM)\nBind zone minimum time") "(MINIMUM)\nBind zone minimum time")
@ -113,9 +115,13 @@ func initialize() {
"(NS2)\nBind zone secondary name-server") "(NS2)\nBind zone secondary name-server")
// output file // output file
flag.StringVar(&config.BindOutputFileName, flag.StringVar(&config.BindOutputFileName,
"filename", "output",
getEnvString("FILENAME", "./response-policy.bind"), getEnvString("OUTPUT", "./response-policy.bind"),
"(FILENAME)\nWrite local file to filename") "(FILENAME)\nWrite local file to filename")
flag.StringVar(&config.ConfigFileLocation,
"config-file",
getEnvString("CONFIG_FILE", ""),
"(CONFIG_FILE)\nRead configuration from file")
flag.Parse() flag.Parse()
// set logging level // set logging level
@ -139,29 +145,60 @@ func initialize() {
log.Printf("[DEBUG] configuration value set: HTTP_CLIENT_CONNECT_TIMEOUT = %v\n", strconv.Itoa(config.HTTPClientConnectTimeout)) log.Printf("[DEBUG] configuration value set: HTTP_CLIENT_CONNECT_TIMEOUT = %v\n", strconv.Itoa(config.HTTPClientConnectTimeout))
log.Printf("[DEBUG] configuration value set: HTTP_CLIENT_TLS_TIMEOUT = %v\n", strconv.Itoa(config.HTTPClientTLSHandshakeTimeout)) log.Printf("[DEBUG] configuration value set: HTTP_CLIENT_TLS_TIMEOUT = %v\n", strconv.Itoa(config.HTTPClientTLSHandshakeTimeout))
log.Printf("[DEBUG] configuration value set: HTTP_CLIENT_IDLE_TIMEOUT = %v\n", strconv.Itoa(config.HTTPClientIdleTimeout)) log.Printf("[DEBUG] configuration value set: HTTP_CLIENT_IDLE_TIMEOUT = %v\n", strconv.Itoa(config.HTTPClientIdleTimeout))
log.Printf("[DEBUG] configuration value set: TTL = %v\n", config.NamedConfig.TTL) log.Printf("[DEBUG] configuration value set: TTL = %v\n", config.Config.ZoneConfig.TTL)
log.Printf("[DEBUG] configuration value set: DOMAIN = %v\n", config.NamedConfig.Domain) log.Printf("[DEBUG] configuration value set: DOMAIN = %v\n", config.Config.ZoneConfig.Domain)
log.Printf("[DEBUG] configuration value set: EMAIL = %v\n", config.NamedConfig.Email) log.Printf("[DEBUG] configuration value set: EMAIL = %v\n", config.Config.ZoneConfig.Email)
log.Printf("[DEBUG] configuration value set: TIMESTAMP = %v\n", config.NamedConfig.Timestamp) log.Printf("[DEBUG] configuration value set: TIMESTAMP = %v\n", config.Config.ZoneConfig.Serial)
log.Printf("[DEBUG] configuration value set: REFRESH = %v\n", config.NamedConfig.Refresh) log.Printf("[DEBUG] configuration value set: REFRESH = %v\n", config.Config.ZoneConfig.Refresh)
log.Printf("[DEBUG] configuration value set: RETRY = %v\n", config.NamedConfig.Retry) log.Printf("[DEBUG] configuration value set: RETRY = %v\n", config.Config.ZoneConfig.Retry)
log.Printf("[DEBUG] configuration value set: EXPIRE = %v\n", config.NamedConfig.Expire) log.Printf("[DEBUG] configuration value set: EXPIRE = %v\n", config.Config.ZoneConfig.Expire)
log.Printf("[DEBUG] configuration value set: MINIMUM = %v\n", config.NamedConfig.Minimum) log.Printf("[DEBUG] configuration value set: MINIMUM = %v\n", config.Config.ZoneConfig.Minimum)
log.Printf("[DEBUG] configuration value set: NS1 = %v\n", ns1) log.Printf("[DEBUG] configuration value set: NS1 = %v\n", ns1)
log.Printf("[DEBUG] configuration value set: NS1 = %v\n", ns2) log.Printf("[DEBUG] configuration value set: NS1 = %v\n", ns2)
log.Printf("[DEBUG] configuration value set: CONFIG_FILE = %v\n", config.ConfigFileLocation)
// read config file
var err error
if config.ConfigFileLocation != "" {
if config.Config, err = readConfigFile(config.ConfigFileLocation); err != nil {
log.Fatalf("[FATAL] Invalid config file: %v\n", err)
}
if config.Config.ZoneConfig.Serial == "" {
config.Config.ZoneConfig.Serial = time.Now().In(config.TimeZone).Format("0601021504")
}
}
// set bind-config nameservers // set bind-config nameservers
if ns1 == "" { if ns1 != "" {
config.Config.ZoneConfig.NameServers = append(config.Config.ZoneConfig.NameServers, ns1)
}
if ns2 != "" {
config.Config.ZoneConfig.NameServers = append(config.Config.ZoneConfig.NameServers, ns2)
}
if len(config.Config.ZoneConfig.NameServers) == 0 {
log.Printf("[ERROR] A primary name-server must be identified.") log.Printf("[ERROR] A primary name-server must be identified.")
flag.PrintDefaults() flag.PrintDefaults()
os.Exit(1) os.Exit(1)
} else {
config.NamedConfig.NameServers = append(config.NamedConfig.NameServers, ns1)
} }
if ns2 != "" {
config.NamedConfig.NameServers = append(config.NamedConfig.NameServers, ns2) // bind does not use "@", so we convert it to a "."
} config.Config.ZoneConfig.Email = strings.Replace(config.Config.ZoneConfig.Email, "@", ".", -1)
config.NamedConfig.Email = strings.Replace(config.NamedConfig.Email, "@", ".", -1)
log.Printf("[DEBUG] Initialization Complete\n") log.Printf("[DEBUG] Initialization Complete\n")
} }
func readConfigFile(configFileLocation string) (configFileStruct, error) {
var output configFileStruct
rd, err := ioutil.ReadFile(configFileLocation)
if err != nil {
return output, err
}
if err := yaml.Unmarshal(rd, &output); err != nil {
return output, err
}
return output, nil
}

124
cmd/bind/main.go
View File

@ -1,13 +1,5 @@
package main package main
import (
"log"
"sort"
"time"
"pihole-blocklist/v2/internal/httpclient"
)
func main() { func main() {
initialize() initialize()
@ -15,121 +7,7 @@ func main() {
badDomains := getListData() badDomains := getListData()
// clean-up // clean-up
config.NamedConfig.BadDomains = cleanBadDomains(badDomains) config.Config.ZoneConfig.BlockedDomains = cleanBadDomains(badDomains)
buildBindResponsePolicyFile() buildBindResponsePolicyFile()
} }
func getListData() []string {
var badDomains []string
listSimple := make(chan []string)
listComplex := make(chan []string)
log.Printf("[INFO] Downloading blocklists\n")
// Get Simple Blocklists
go func() {
data := getData(config.URLBlocklistsSimple)
domains := parseSimple(data)
listSimple <- domains
}()
// Get Host File Blocklists
go func() {
data := getData(config.URLBlocklistHostFiles)
domains := parseComplex(data)
listComplex <- domains
}()
// Wait for all downloads to finish
var (
simple, complex []string
simpleFinished, complexFinished bool
)
for {
select {
case simple = <-listSimple:
simpleFinished = true
log.Printf("[INFO] All simple lists have been retrieved.\n")
case complex = <-listComplex:
log.Printf("[INFO] All complex lists have been retrieved.\n")
complexFinished = true
default:
time.Sleep(time.Millisecond * 100)
}
if simpleFinished && complexFinished {
badDomains = append(badDomains, simple...)
badDomains = append(badDomains, complex...)
log.Printf("[INFO] Number of domains detected: %d\n", len(badDomains))
break
}
}
return badDomains
}
func getData(urls []string) []byte {
var listData []byte
for _, u := range urls {
log.Printf("[TRACE] Downloading URL: %s\n", u)
c := httpclient.DefaultClient()
data, err := c.Get(u)
if err != nil {
log.Printf("[ERROR] Unable to get remote content from URL (%s): %v", u, err)
}
listData = append(listData, data...)
}
return listData
}
func cleanBadDomains(domains []string) []string {
// remove duplicates
total := len(domains)
all := make(map[string]bool)
list := []string{}
for _, item := range domains {
if _, value := all[item]; !value {
all[item] = true
list = append(list, item)
}
}
domains = list
log.Printf("[INFO] Duplicate items removed: %d\n", total-len(domains))
// remove hosts that are too long
total = len(domains)
list = []string{}
for _, blocklistItem := range domains {
if len([]rune(blocklistItem)) > 255 {
continue
}
list = append(list, blocklistItem)
}
domains = list
log.Printf("[INFO] Hosts with too many characters removed: %d\n", total-len(domains))
// remove allow-listed matches
total = len(domains)
list = []string{}
for _, blocklistItem := range domains {
var match bool
for _, allowlistItem := range config.DomainAllowlist {
if allowlistItem.MatchString(blocklistItem) {
match = true
break
}
}
if !match {
list = append(list, blocklistItem)
}
}
domains = list
log.Printf("[INFO] Allowed hosts removed: %d\n", total-len(domains))
log.Printf("[INFO] Total domains in list at end: %d.\n", len(domains))
sort.Strings(domains)
return domains
}

61
config/config.yaml Normal file
View File

@ -0,0 +1,61 @@
zoneConfig:
timeToLive: 1h
baseDomain: example.com
emailAddress: domain-admin@example.com
zoneRefresh: 1h
zoneRetry: 30m
zoneExpire: 1w
zoneMinimum: 1h
nameServers:
- ns1.example.com
- ns2.example.com
blockedDomains: []
sources:
hostFileURLs:
- "https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts"
- "http://sysctl.org/cameleon/hosts"
- "https://raw.githubusercontent.com/DandelionSprout/adfilt/master/Alternate%20versions%20Anti-Malware%20List/AntiMalwareHosts.txt"
- "https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.Risk/hosts"
domainListURLs:
- "https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt"
- "https://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt"
- "https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt"
- "https://v.firebog.net/hosts/Prigent-Crypto.txt"
- "https://phishing.army/download/phishing_army_blocklist_extended.txt"
- "https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-malware.txt"
- "https://raw.githubusercontent.com/Spam404/lists/master/main-blacklist.txt"
- "https://dbl.oisd.nl/"
- "https://osint.digitalside.it/Threat-Intel/lists/latestdomains.txt"
allowList:
- localhost
- localhost.localdomain
- local
- broadcasthost
- localhost
- ip6-localhost
- ip6-loopback
- localhost
- ip6-localnet
- ip6-mcastprefix
- ip6-allnodes
- ip6-allrouters
- ip6-allhosts
- (^|\.)thepiratebay\.org
- (^|\.)sendgrid\.net
- (^|\.)googleadservices\.com
- (^|\.)doubleclick\.net
- (^|\.)sailthru\.com
- (^|\.)magiskmanager\.com
- (^|\.)apiservices\.krxd\.net
- (^|\.)logfiles\.zoom\.us
- (^|\.)logfiles-va\.zoom\.us
- (^|\.)nest\.com
- (^|\.)clients.\.google\.com
- (^|\.)login\.live\.com
- (^|\.)unagi\.amazon\.com
- (^|\.)unagi-na\.amazon\.com
- (^|\.)duckduckgo\.com
- (^|\.)msn\.com
- (^|\.)nexusrules\.officeapps\.live\.com
- (^|\.)playfabapi\.com
- (^|\.)vercel-dns\.com

1
go.mod
View File

@ -5,4 +5,5 @@ go 1.17
require ( require (
github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d
github.com/hashicorp/logutils v1.0.0 github.com/hashicorp/logutils v1.0.0
gopkg.in/yaml.v2 v2.4.0
) )

4
go.sum
View File

@ -2,3 +2,7 @@ github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl
github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
github.com/hashicorp/logutils v1.0.0 h1:dLEQVugN8vlakKOUE3ihGLTZJRB4j+M2cdTm/ORI65Y= github.com/hashicorp/logutils v1.0.0 h1:dLEQVugN8vlakKOUE3ihGLTZJRB4j+M2cdTm/ORI65Y=
github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64= github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=