Adds configuration from config file.

2022-02-07 15:02:06 -06:00 · 2022-02-07 15:02:06 -06:00 · ba892ce475
commit ba892ce475
parent b7ed5a30c2
9 changed files with 331 additions and 231 deletions
--- a/cmd/bind/build-bind.go
+++ b/cmd/bind/build-bind.go
@ -16,7 +16,7 @@ func buildBindResponsePolicyFile() {
 	outputTemplate := `{{- $domain := .Domain -}}
 $TTL {{ or .TTL "1h" }}
@	IN	SOA	{{ $domain }}.	{{ or .Email "domain-admin" }}.	(
-			{{ or .Timestamp "0000000000" }}	; Serial
+			{{ or .Serial "0000000000" }}	; Serial
 			{{ or .Refresh "1h" }}			; Refresh
 			{{ or .Retry "30m" }}			; Retry
 			{{ or .Expire "1w" }}			; Expire
@ -33,7 +33,7 @@ $TTL {{ or .TTL "1h" }}
 ;
 ;	Addresses
 ;
-{{- range .BadDomains }}
+{{- range .BlockedDomains }}
 {{ . }}		IN	CNAME	blocked.{{ $domain }}.
 {{- end }}`

@ -42,7 +42,7 @@ $TTL {{ or .TTL "1h" }}
 		log.Fatalf("[FATAL] Unable to parse template (%s): %v\n", "response-policy-zone", err)
 	}

-	if err := t.Execute(&output, config.NamedConfig); err != nil {
+	if err := t.Execute(&output, config.Config.ZoneConfig); err != nil {
 		log.Fatalf("[FATAL] Unable to generate template output: %v\n", err)
 	}

--- a/cmd/bind/cleanup.go
+++ b/cmd/bind/cleanup.go
@ -0,0 +1,62 @@
+package main
+
+import (
+	"log"
+	"regexp"
+	"sort"
+)
+
+func cleanBadDomains(domains []string) []string {
+	// remove duplicates
+	total := len(domains)
+	all := make(map[string]bool)
+	list := []string{}
+	for _, item := range domains {
+		if _, value := all[item]; !value {
+			all[item] = true
+			list = append(list, item)
+		}
+	}
+	domains = list
+	log.Printf("[INFO] Duplicate items removed: %d\n", total-len(domains))
+
+	// remove hosts that are too long
+	total = len(domains)
+	list = []string{}
+	for _, blocklistItem := range domains {
+		if len([]rune(blocklistItem)) > 255 {
+			continue
+		}
+		list = append(list, blocklistItem)
+	}
+	domains = list
+	log.Printf("[INFO] Hosts with too many characters removed: %d\n", total-len(domains))
+
+	// remove allow-listed matches
+	total = len(domains)
+	list = []string{}
+	for _, blocklistItem := range domains {
+		var match bool
+
+		for _, allowlistItem := range config.Config.AllowLists {
+			r, err := regexp.Compile(allowlistItem)
+			if err != nil {
+				log.Printf("[ERROR] Allow list item (%s) is not valid regex: %v\n", allowlistItem, err)
+				break
+			}
+			if r.MatchString(blocklistItem) {
+				match = true
+				break
+			}
+		}
+		if !match {
+			list = append(list, blocklistItem)
+		}
+	}
+	domains = list
+	log.Printf("[INFO] Allowed hosts removed: %d\n", total-len(domains))
+
+	log.Printf("[INFO] Total domains in list at end: %d.\n", len(domains))
+	sort.Strings(domains)
+	return domains
+}
--- a/cmd/bind/config.go
+++ b/cmd/bind/config.go
@ -2,7 +2,6 @@ package main

 import (
 	"os"
-	"regexp"
 	"time"

 	"github.com/hashicorp/logutils"
@ -23,31 +22,32 @@ type configStructure struct {
 	HTTPClientTLSHandshakeTimeout int
 	HTTPClientIdleTimeout         int

-	// Download Sources
-	URLBlocklistHostFiles []string
-	URLBlocklistsSimple   []string
-
-	// Allowlist (regex)
-	DomainAllowlist []*regexp.Regexp
-
-	// Named Config Generator
-	NamedConfig namedConfigStruct
-
 	// Output Filename
 	BindOutputFileName string
+
+	// Config
+	ConfigFileLocation string
+	Config             configFileStruct
 }

-type namedConfigStruct struct {
-	TTL         string
-	Domain      string
-	Email       string
-	Timestamp   string
-	Refresh     string
-	Retry       string
-	Expire      string
-	Minimum     string
-	NameServers []string
-	BadDomains  []string
+type configFileStruct struct {
+	ZoneConfig struct {
+		TTL            string   `yaml:"timeToLive"`
+		Domain         string   `yaml:"baseDomain"`
+		Email          string   `yaml:"emailAddress"`
+		Serial         string   `yaml:"zoneSerialNumber"`
+		Refresh        string   `yaml:"zoneRefresh"`
+		Retry          string   `yaml:"zoneRetry"`
+		Expire         string   `yaml:"zoneExpire"`
+		Minimum        string   `yaml:"zoneMinimum"`
+		NameServers    []string `yaml:"nameServers"`
+		BlockedDomains []string `yaml:"blockedDomains"`
+	} `yaml:"zoneConfig"`
+	Sources struct {
+		HostFileURLs   []string `yaml:"hostFileURLs"`
+		DomainListURLs []string `yaml:"domainListURLs"`
+	} `yaml:"sources"`
+	AllowLists []string `yaml:"allowList"`
 }

 var config = configStructure{
@ -59,59 +59,44 @@ var config = configStructure{

 	// Nice blocklist location: https://firebog.net/
 	// Default Blocklist
-	URLBlocklistHostFiles: []string{
-		"https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts",
-		"http://sysctl.org/cameleon/hosts",
-		"https://raw.githubusercontent.com/DandelionSprout/adfilt/master/Alternate%20versions%20Anti-Malware%20List/AntiMalwareHosts.txt",
-		"https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.Risk/hosts",
+	Config: configFileStruct{
+		Sources: struct {
+			HostFileURLs   []string `yaml:"hostFileURLs"`
+			DomainListURLs []string `yaml:"domainListURLs"`
+		}{
+			HostFileURLs: []string{
+				//"https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts",
+				//"http://sysctl.org/cameleon/hosts",
+				//"https://raw.githubusercontent.com/DandelionSprout/adfilt/master/Alternate%20versions%20Anti-Malware%20List/AntiMalwareHosts.txt",
+				//"https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.Risk/hosts",
 			},
-	URLBlocklistsSimple: []string{
-		"https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt",
-		"https://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt",
-		"https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt",
-		"https://v.firebog.net/hosts/Prigent-Crypto.txt",
-		"https://phishing.army/download/phishing_army_blocklist_extended.txt",
-		"https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-malware.txt",
-		"https://raw.githubusercontent.com/Spam404/lists/master/main-blacklist.txt",
-		"https://dbl.oisd.nl/",
-		"https://osint.digitalside.it/Threat-Intel/lists/latestdomains.txt",
+			DomainListURLs: []string{
+				//"https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt",
+				//"https://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt",
+				//"https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt",
+				//"https://v.firebog.net/hosts/Prigent-Crypto.txt",
+				//"https://phishing.army/download/phishing_army_blocklist_extended.txt",
+				//"https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-malware.txt",
+				//"https://raw.githubusercontent.com/Spam404/lists/master/main-blacklist.txt",
+				//"https://dbl.oisd.nl/",
+				//"https://osint.digitalside.it/Threat-Intel/lists/latestdomains.txt",
 			},
-
-	// default URL Allow hosts
-	DomainAllowlist: []*regexp.Regexp{
+		},
+		AllowLists: []string{
 			// localhosts included in blocklists for some reason
-		regexp.MustCompile(`localhost`),
-		regexp.MustCompile(`localhost.localdomain`),
-		regexp.MustCompile(`local`),
-		regexp.MustCompile(`broadcasthost`),
-		regexp.MustCompile(`localhost`),
-		regexp.MustCompile(`ip6-localhost`),
-		regexp.MustCompile(`ip6-loopback`),
-		regexp.MustCompile(`localhost`),
-		regexp.MustCompile(`ip6-localnet`),
-		regexp.MustCompile(`ip6-mcastprefix`),
-		regexp.MustCompile(`ip6-allnodes`),
-		regexp.MustCompile(`ip6-allrouters`),
-		regexp.MustCompile(`ip6-allhosts`),
-		// default allow hosts
-		regexp.MustCompile(`(^|\.)` + `thepiratebay\.org`),
-		regexp.MustCompile(`(^|\.)` + `sendgrid\.net`),
-		regexp.MustCompile(`(^|\.)` + `googleadservices\.com`),
-		regexp.MustCompile(`(^|\.)` + `doubleclick\.net`),
-		regexp.MustCompile(`(^|\.)` + `sailthru\.com`),
-		regexp.MustCompile(`(^|\.)` + `magiskmanager\.com`),
-		regexp.MustCompile(`(^|\.)` + `apiservices\.krxd\.net`),
-		regexp.MustCompile(`(^|\.)` + `logfiles\.zoom\.us`),
-		regexp.MustCompile(`(^|\.)` + `logfiles-va\.zoom\.us`),
-		regexp.MustCompile(`(^|\.)` + `nest\.com`),
-		regexp.MustCompile(`(^|\.)` + `clients.\.google\.com`),
-		regexp.MustCompile(`(^|\.)` + `login\.live\.com`),
-		regexp.MustCompile(`(^|\.)` + `unagi\.amazon\.com`),
-		regexp.MustCompile(`(^|\.)` + `unagi-na\.amazon\.com`),
-		regexp.MustCompile(`(^|\.)` + `duckduckgo\.com`),
-		regexp.MustCompile(`(^|\.)` + `msn\.com`),
-		regexp.MustCompile(`(^|\.)` + `nexusrules\.officeapps\.live\.com`),
-		regexp.MustCompile(`(^|\.)` + `playfabapi\.com`),
-		regexp.MustCompile(`(^|\.)` + `vercel-dns\.com`),
+			`localhost`,
+			`localhost.localdomain`,
+			`local`,
+			`broadcasthost`,
+			`localhost`,
+			`ip6-localhost`,
+			`ip6-loopback`,
+			`localhost`,
+			`ip6-localnet`,
+			`ip6-mcastprefix`,
+			`ip6-allnodes`,
+			`ip6-allrouters`,
+			`ip6-allhosts`,
+		},
 	},
 }
--- a/cmd/bind/get-remote-data.go
+++ b/cmd/bind/get-remote-data.go
@ -0,0 +1,72 @@
+package main
+
+import (
+	"log"
+	"pihole-blocklist/v2/internal/httpclient"
+	"time"
+)
+
+func getListData() []string {
+	var badDomains []string
+	listSimple := make(chan []string)
+	listComplex := make(chan []string)
+
+	log.Printf("[INFO] Downloading blocklists\n")
+	// Get Simple Blocklists
+	go func() {
+		data := getData(config.Config.Sources.DomainListURLs)
+		domains := parseSimple(data)
+		listSimple <- domains
+	}()
+
+	// Get Host File Blocklists
+	go func() {
+		data := getData(config.Config.Sources.HostFileURLs)
+		domains := parseComplex(data)
+		listComplex <- domains
+	}()
+
+	// Wait for all downloads to finish
+	var (
+		simple, complex                 []string
+		simpleFinished, complexFinished bool
+	)
+
+	for {
+		select {
+		case simple = <-listSimple:
+			simpleFinished = true
+			log.Printf("[INFO] All simple lists have been retrieved.\n")
+		case complex = <-listComplex:
+			log.Printf("[INFO] All complex lists have been retrieved.\n")
+			complexFinished = true
+		default:
+			time.Sleep(time.Millisecond * 100)
+		}
+
+		if simpleFinished && complexFinished {
+			badDomains = append(badDomains, simple...)
+			badDomains = append(badDomains, complex...)
+			log.Printf("[INFO] Number of domains detected: %d\n", len(badDomains))
+			break
+		}
+	}
+
+	return badDomains
+}
+
+func getData(urls []string) []byte {
+	var listData []byte
+
+	for _, u := range urls {
+		log.Printf("[TRACE] Downloading URL: %s\n", u)
+		c := httpclient.DefaultClient()
+		data, err := c.Get(u)
+		if err != nil {
+			log.Printf("[ERROR] Unable to get remote content from URL (%s): %v", u, err)
+		}
+		listData = append(listData, data...)
+	}
+
+	return listData
+}
--- a/cmd/bind/init.go
+++ b/cmd/bind/init.go
@ -2,6 +2,7 @@ package main

 import (
 	"flag"
+	"io/ioutil"
 	"log"
 	"os"
 	"strconv"
@ -9,6 +10,7 @@ import (
 	"time"

 	"github.com/hashicorp/logutils"
+	"gopkg.in/yaml.v2"
 )

 // getEnvString returns string from environment variable
@ -71,35 +73,35 @@ func initialize() {
 		getEnvInt("HTTP_CLIENT_IDLE_TIMEOUT", 5),
 		"(HTTP_CLIENT_IDLE_TIMEOUT)\ntime in seconds that the internal http client will keep a connection open when idle")
 	// Bind Config
-	flag.StringVar(&config.NamedConfig.TTL,
+	flag.StringVar(&config.Config.ZoneConfig.TTL,
 		"bind-ttl",
 		getEnvString("TTL", "1h"),
 		"(TTL)\nBind zone time to live")
-	flag.StringVar(&config.NamedConfig.Domain,
+	flag.StringVar(&config.Config.ZoneConfig.Domain,
 		"bind-domain",
 		getEnvString("DOMAIN", "example.com"),
 		"(DOMAIN)\nBind zone base domain")
-	flag.StringVar(&config.NamedConfig.Email,
+	flag.StringVar(&config.Config.ZoneConfig.Email,
 		"bind-email",
 		getEnvString("EMAIL", "domain-admin@example.com"),
 		"(EMAIL)\nBind zone authority e-mail address")
-	flag.StringVar(&config.NamedConfig.Timestamp,
+	flag.StringVar(&config.Config.ZoneConfig.Serial,
 		"bind-timestamp",
 		getEnvString("TIMESTAMP", time.Now().In(config.TimeZone).Format("0601021504")),
 		"(TIMESTAMP)\nBind zone serial number")
-	flag.StringVar(&config.NamedConfig.Refresh,
+	flag.StringVar(&config.Config.ZoneConfig.Refresh,
 		"bind-refresh",
 		getEnvString("REFRESH", "1h"),
 		"(REFRESH)\nBind zone refresh time")
-	flag.StringVar(&config.NamedConfig.Retry,
+	flag.StringVar(&config.Config.ZoneConfig.Retry,
 		"bind-retry",
 		getEnvString("RETRY", "30m"),
 		"(RETRY)\nBind zone retry time")
-	flag.StringVar(&config.NamedConfig.Expire,
+	flag.StringVar(&config.Config.ZoneConfig.Expire,
 		"bind-expire",
 		getEnvString("EXPIRE", "1w"),
 		"(EXPIRE)\nBind zone expire time")
-	flag.StringVar(&config.NamedConfig.Minimum,
+	flag.StringVar(&config.Config.ZoneConfig.Minimum,
 		"bind-minimum",
 		getEnvString("MINIMUM", "1h"),
 		"(MINIMUM)\nBind zone minimum time")
@ -113,9 +115,13 @@ func initialize() {
 		"(NS2)\nBind zone secondary name-server")
 	// output file
 	flag.StringVar(&config.BindOutputFileName,
-		"filename",
-		getEnvString("FILENAME", "./response-policy.bind"),
+		"output",
+		getEnvString("OUTPUT", "./response-policy.bind"),
 		"(FILENAME)\nWrite local file to filename")
+	flag.StringVar(&config.ConfigFileLocation,
+		"config-file",
+		getEnvString("CONFIG_FILE", ""),
+		"(CONFIG_FILE)\nRead configuration from file")
 	flag.Parse()

 	// set logging level
@ -139,29 +145,60 @@ func initialize() {
 	log.Printf("[DEBUG] configuration value set: HTTP_CLIENT_CONNECT_TIMEOUT = %v\n", strconv.Itoa(config.HTTPClientConnectTimeout))
 	log.Printf("[DEBUG] configuration value set: HTTP_CLIENT_TLS_TIMEOUT     = %v\n", strconv.Itoa(config.HTTPClientTLSHandshakeTimeout))
 	log.Printf("[DEBUG] configuration value set: HTTP_CLIENT_IDLE_TIMEOUT    = %v\n", strconv.Itoa(config.HTTPClientIdleTimeout))
-	log.Printf("[DEBUG] configuration value set: TTL                         = %v\n", config.NamedConfig.TTL)
-	log.Printf("[DEBUG] configuration value set: DOMAIN                      = %v\n", config.NamedConfig.Domain)
-	log.Printf("[DEBUG] configuration value set: EMAIL                       = %v\n", config.NamedConfig.Email)
-	log.Printf("[DEBUG] configuration value set: TIMESTAMP                   = %v\n", config.NamedConfig.Timestamp)
-	log.Printf("[DEBUG] configuration value set: REFRESH                     = %v\n", config.NamedConfig.Refresh)
-	log.Printf("[DEBUG] configuration value set: RETRY                       = %v\n", config.NamedConfig.Retry)
-	log.Printf("[DEBUG] configuration value set: EXPIRE                      = %v\n", config.NamedConfig.Expire)
-	log.Printf("[DEBUG] configuration value set: MINIMUM                     = %v\n", config.NamedConfig.Minimum)
+	log.Printf("[DEBUG] configuration value set: TTL                         = %v\n", config.Config.ZoneConfig.TTL)
+	log.Printf("[DEBUG] configuration value set: DOMAIN                      = %v\n", config.Config.ZoneConfig.Domain)
+	log.Printf("[DEBUG] configuration value set: EMAIL                       = %v\n", config.Config.ZoneConfig.Email)
+	log.Printf("[DEBUG] configuration value set: TIMESTAMP                   = %v\n", config.Config.ZoneConfig.Serial)
+	log.Printf("[DEBUG] configuration value set: REFRESH                     = %v\n", config.Config.ZoneConfig.Refresh)
+	log.Printf("[DEBUG] configuration value set: RETRY                       = %v\n", config.Config.ZoneConfig.Retry)
+	log.Printf("[DEBUG] configuration value set: EXPIRE                      = %v\n", config.Config.ZoneConfig.Expire)
+	log.Printf("[DEBUG] configuration value set: MINIMUM                     = %v\n", config.Config.ZoneConfig.Minimum)
 	log.Printf("[DEBUG] configuration value set: NS1                         = %v\n", ns1)
 	log.Printf("[DEBUG] configuration value set: NS1                         = %v\n", ns2)
+	log.Printf("[DEBUG] configuration value set: CONFIG_FILE                 = %v\n", config.ConfigFileLocation)
+
+	// read config file
+	var err error
+	if config.ConfigFileLocation != "" {
+		if config.Config, err = readConfigFile(config.ConfigFileLocation); err != nil {
+			log.Fatalf("[FATAL] Invalid config file: %v\n", err)
+		}
+		if config.Config.ZoneConfig.Serial == "" {
+			config.Config.ZoneConfig.Serial = time.Now().In(config.TimeZone).Format("0601021504")
+		}
+	}

 	// set bind-config nameservers
-	if ns1 == "" {
+	if ns1 != "" {
+		config.Config.ZoneConfig.NameServers = append(config.Config.ZoneConfig.NameServers, ns1)
+	}
+	if ns2 != "" {
+		config.Config.ZoneConfig.NameServers = append(config.Config.ZoneConfig.NameServers, ns2)
+	}
+
+	if len(config.Config.ZoneConfig.NameServers) == 0 {
 		log.Printf("[ERROR] A primary name-server must be identified.")
 		flag.PrintDefaults()
 		os.Exit(1)
-	} else {
-		config.NamedConfig.NameServers = append(config.NamedConfig.NameServers, ns1)
 	}
-	if ns2 != "" {
-		config.NamedConfig.NameServers = append(config.NamedConfig.NameServers, ns2)
-	}
-	config.NamedConfig.Email = strings.Replace(config.NamedConfig.Email, "@", ".", -1)
+
+	// bind does not use "@", so we convert it to a "."
+	config.Config.ZoneConfig.Email = strings.Replace(config.Config.ZoneConfig.Email, "@", ".", -1)

 	log.Printf("[DEBUG] Initialization Complete\n")
 }
+
+func readConfigFile(configFileLocation string) (configFileStruct, error) {
+	var output configFileStruct
+
+	rd, err := ioutil.ReadFile(configFileLocation)
+	if err != nil {
+		return output, err
+	}
+
+	if err := yaml.Unmarshal(rd, &output); err != nil {
+		return output, err
+	}
+
+	return output, nil
+}
--- a/cmd/bind/main.go
+++ b/cmd/bind/main.go
@ -1,13 +1,5 @@
 package main

-import (
-	"log"
-	"sort"
-	"time"
-
-	"pihole-blocklist/v2/internal/httpclient"
-)
-
 func main() {
 	initialize()

@ -15,121 +7,7 @@ func main() {
 	badDomains := getListData()

 	// clean-up
-	config.NamedConfig.BadDomains = cleanBadDomains(badDomains)
+	config.Config.ZoneConfig.BlockedDomains = cleanBadDomains(badDomains)

 	buildBindResponsePolicyFile()
 }
-
-func getListData() []string {
-	var badDomains []string
-	listSimple := make(chan []string)
-	listComplex := make(chan []string)
-
-	log.Printf("[INFO] Downloading blocklists\n")
-	// Get Simple Blocklists
-	go func() {
-		data := getData(config.URLBlocklistsSimple)
-		domains := parseSimple(data)
-		listSimple <- domains
-	}()
-
-	// Get Host File Blocklists
-	go func() {
-		data := getData(config.URLBlocklistHostFiles)
-		domains := parseComplex(data)
-		listComplex <- domains
-	}()
-
-	// Wait for all downloads to finish
-	var (
-		simple, complex                 []string
-		simpleFinished, complexFinished bool
-	)
-
-	for {
-		select {
-		case simple = <-listSimple:
-			simpleFinished = true
-			log.Printf("[INFO] All simple lists have been retrieved.\n")
-		case complex = <-listComplex:
-			log.Printf("[INFO] All complex lists have been retrieved.\n")
-			complexFinished = true
-		default:
-			time.Sleep(time.Millisecond * 100)
-		}
-
-		if simpleFinished && complexFinished {
-			badDomains = append(badDomains, simple...)
-			badDomains = append(badDomains, complex...)
-			log.Printf("[INFO] Number of domains detected: %d\n", len(badDomains))
-			break
-		}
-	}
-
-	return badDomains
-}
-
-func getData(urls []string) []byte {
-	var listData []byte
-
-	for _, u := range urls {
-		log.Printf("[TRACE] Downloading URL: %s\n", u)
-		c := httpclient.DefaultClient()
-		data, err := c.Get(u)
-		if err != nil {
-			log.Printf("[ERROR] Unable to get remote content from URL (%s): %v", u, err)
-		}
-		listData = append(listData, data...)
-	}
-
-	return listData
-}
-
-func cleanBadDomains(domains []string) []string {
-	// remove duplicates
-	total := len(domains)
-	all := make(map[string]bool)
-	list := []string{}
-	for _, item := range domains {
-		if _, value := all[item]; !value {
-			all[item] = true
-			list = append(list, item)
-		}
-	}
-	domains = list
-	log.Printf("[INFO] Duplicate items removed: %d\n", total-len(domains))
-
-	// remove hosts that are too long
-	total = len(domains)
-	list = []string{}
-	for _, blocklistItem := range domains {
-		if len([]rune(blocklistItem)) > 255 {
-			continue
-		}
-		list = append(list, blocklistItem)
-	}
-	domains = list
-	log.Printf("[INFO] Hosts with too many characters removed: %d\n", total-len(domains))
-
-	// remove allow-listed matches
-	total = len(domains)
-	list = []string{}
-	for _, blocklistItem := range domains {
-		var match bool
-		for _, allowlistItem := range config.DomainAllowlist {
-			if allowlistItem.MatchString(blocklistItem) {
-				match = true
-				break
-			}
-		}
-		if !match {
-			list = append(list, blocklistItem)
-		}
-	}
-	domains = list
-	log.Printf("[INFO] Allowed hosts removed: %d\n", total-len(domains))
-
-	log.Printf("[INFO] Total domains in list at end: %d.\n", len(domains))
-	sort.Strings(domains)
-	return domains
-}
--- a/config/config.yaml
+++ b/config/config.yaml
@ -0,0 +1,61 @@
+zoneConfig:
+  timeToLive: 1h
+  baseDomain: example.com
+  emailAddress: domain-admin@example.com
+  zoneRefresh: 1h
+  zoneRetry: 30m
+  zoneExpire: 1w
+  zoneMinimum: 1h
+  nameServers:
+  - ns1.example.com
+  - ns2.example.com
+  blockedDomains: []
+sources:
+  hostFileURLs:
+  - "https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts"
+  - "http://sysctl.org/cameleon/hosts"
+  - "https://raw.githubusercontent.com/DandelionSprout/adfilt/master/Alternate%20versions%20Anti-Malware%20List/AntiMalwareHosts.txt"
+  - "https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.Risk/hosts"
+  domainListURLs:
+  - "https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt"
+  - "https://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt"
+  - "https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt"
+  - "https://v.firebog.net/hosts/Prigent-Crypto.txt"
+  - "https://phishing.army/download/phishing_army_blocklist_extended.txt"
+  - "https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-malware.txt"
+  - "https://raw.githubusercontent.com/Spam404/lists/master/main-blacklist.txt"
+  - "https://dbl.oisd.nl/"
+  - "https://osint.digitalside.it/Threat-Intel/lists/latestdomains.txt"
+allowList:
+- localhost
+- localhost.localdomain
+- local
+- broadcasthost
+- localhost
+- ip6-localhost
+- ip6-loopback
+- localhost
+- ip6-localnet
+- ip6-mcastprefix
+- ip6-allnodes
+- ip6-allrouters
+- ip6-allhosts
+- (^|\.)thepiratebay\.org
+- (^|\.)sendgrid\.net
+- (^|\.)googleadservices\.com
+- (^|\.)doubleclick\.net
+- (^|\.)sailthru\.com
+- (^|\.)magiskmanager\.com
+- (^|\.)apiservices\.krxd\.net
+- (^|\.)logfiles\.zoom\.us
+- (^|\.)logfiles-va\.zoom\.us
+- (^|\.)nest\.com
+- (^|\.)clients.\.google\.com
+- (^|\.)login\.live\.com
+- (^|\.)unagi\.amazon\.com
+- (^|\.)unagi-na\.amazon\.com
+- (^|\.)duckduckgo\.com
+- (^|\.)msn\.com
+- (^|\.)nexusrules\.officeapps\.live\.com
+- (^|\.)playfabapi\.com
+- (^|\.)vercel-dns\.com
--- a/go.mod
+++ b/go.mod
@ -5,4 +5,5 @@ go 1.17
 require (
 	github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d
 	github.com/hashicorp/logutils v1.0.0
+	gopkg.in/yaml.v2 v2.4.0
 )
--- a/go.sum
+++ b/go.sum
@ -2,3 +2,7 @@ github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
 github.com/hashicorp/logutils v1.0.0 h1:dLEQVugN8vlakKOUE3ihGLTZJRB4j+M2cdTm/ORI65Y=
 github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
+gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=