don't know why rules are broken

.gitlab-ci.yml

@@ -0,0 +1,59 @@
+stages:
+  - build
+
+"Build Release":
+  stage: build
+  image:
+    name: registry.c.test-chamber-13.lan/dockerhub/library/golang:alpine
+  allow_failure: false
+  variables:
+    GOPROXY: "https://nexus.c.test-chamber-13.lan/repository/go-proxy"
+    GOSUMDB: "sum.golang.org https://nexus.c.test-chamber-13.lan/repository/go-sumdb"
+  before_script:
+    - printf '%s\n' "${C_ROOT_CAS}" >> /etc/ssl/certs/ca-certificates.crt
+  script:
+    - GOOS=linux GOARCH=arm CGO_ENABLED=0 go build -ldflags="-s -w" -o bind-response-policy-zone-creator-linux-arm ./cmd/bind
+    - GOOS=linux GOARCH=arm64 CGO_ENABLED=0 go build -ldflags="-s -w" -o bind-response-policy-zone-creator-linux-arm64 ./cmd/bind
+    - GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -ldflags="-s -w" -o bind-response-policy-zone-creator-linux-amd64 ./cmd/bind
+    - GOOS=windows GOARCH=amd64 CGO_ENABLED=0 go build -ldflags="-s -w" -o bind-response-policy-zone-creator-windows-amd64.exe ./cmd/bind
+    - GOOS=darwin GOARCH=amd64 CGO_ENABLED=0 go build -ldflags="-s -w" -o bind-response-policy-zone-creator-darwin-amd64 ./cmd/bind
+    - GOOS=darwin GOARCH=arm64 CGO_ENABLED=0 go build -ldflags="-s -w" -o bind-response-policy-zone-creator-darwin-arm64 ./cmd/bind
+    - printf 'BUILD_JOB_ID=%s\n' "$CI_JOB_ID" >> build_environment_vars.env
+  artifacts:
+    paths:
+      - bind-response-policy-zone-creator-linux-arm
+      - bind-response-policy-zone-creator-linux-arm64
+      - bind-response-policy-zone-creator-linux-amd64
+      - bind-response-policy-zone-creator-windows-amd64.exe
+      - bind-response-policy-zone-creator-darwin-amd64
+      - bind-response-policy-zone-creator-darwin-arm64
+    reports:
+      dotenv: build_environment_vars.env
+
+"Create Release":
+  stage: build
+  image:
+    name: registry.gitlab.com/gitlab-org/release-cli:latest
+  needs:
+    - job: "Build Release"
+      artifacts: true
+  script:
+    - printf '%s\n' "Creating Release"
+  release:
+    name: Version $CI_COMMIT_SHORT_SHA
+    tag_name: $CI_COMMIT_SHORT_SHA
+    description: Release created using the release-cli. Release $CI_COMMIT_SHORT_SHA
+    assets:
+      links:
+        - name: bind-response-policy-zone-creator-linux-arm
+          url: $CI_SERVER_URL/$CI_PROJECT_PATH/-/jobs/$BUILD_JOB_ID/artifacts/raw/bind-response-policy-zone-creator-linux-arm
+        - name: bind-response-policy-zone-creator-linux-arm64
+          url: $CI_SERVER_URL/$CI_PROJECT_PATH/-/jobs/$BUILD_JOB_ID/artifacts/raw/bind-response-policy-zone-creator-linux-arm64
+        - name: bind-response-policy-zone-creator-linux-amd64
+          url: $CI_SERVER_URL/$CI_PROJECT_PATH/-/jobs/$BUILD_JOB_ID/artifacts/raw/bind-response-policy-zone-creator-linux-amd64
+        - name: bind-response-policy-zone-creator-windows-amd64.exe
+          url: $CI_SERVER_URL/$CI_PROJECT_PATH/-/jobs/$BUILD_JOB_ID/artifacts/raw/bind-response-policy-zone-creator-windows-amd64.exe
+        - name: bind-response-policy-zone-creator-darwin-amd64
+          url: $CI_SERVER_URL/$CI_PROJECT_PATH/-/jobs/$BUILD_JOB_ID/artifacts/raw/bind-response-policy-zone-creator-darwin-amd64
+        - name: bind-response-policy-zone-creator-darwin-arm64
+          url: $CI_SERVER_URL/$CI_PROJECT_PATH/-/jobs/$BUILD_JOB_ID/artifacts/raw/bind-response-policy-zone-creator-darwin-arm64

assets/config/config.yaml

@@ -57,8 +57,8 @@ sources:
   - "https://raw.githubusercontent.com/dibdot/DoH-IP-blocklists/master/doh-domains.txt"
   - "https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt"
   - "https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-malware.txt"
-  - "https://big.oisd.nl/"
   adBlockURLs:
+  - "https://big.oisd.nl"
   - "https://raw.githubusercontent.com/hagezi/dns-blocklists/main/adblock/pro.txt"
   - "https://raw.githubusercontent.com/hagezi/dns-blocklists/main/adblock/tif.txt"
   - "https://github.com/KnightmareVIIVIIXC/AIO-Firebog-Blocklists/raw/main/lists/firebogadmal.txt"
@@ -77,18 +77,22 @@ allowList:
 - (^|\.)apiservices\.krxd\.net$
 - (^|\.)app-measurement\.com$
 - (^|\.)assets\.adobedtm\.com$
+- (^|\.)bato\.to$
 - (^|\.)brandify\.com$
 - (^|\.)clients.\.google\.com$
 - (^|\.)cpng\.lol$
 - (^|\.)doubleclick\.net$
 - (^|\.)duckduckgo\.com$
+- (^|\.)events\.data\.microsoft\.com$
 - (^|\.)ghostery\.net$
 - (^|\.)googleadservices\.com$
 - (^|\.)kochava\.com$
+- (^|\.)launchdarkly\.com$
 - (^|\.)logfiles-va\.zoom\.us$
 - (^|\.)logfiles\.zoom\.us$
 - (^|\.)login\.live\.com$
 - (^|\.)magiskmanager\.com$
+- (^|\.)mimojp\.store$
 - (^|\.)msn\.com$
 - (^|\.)nest\.com$
 - (^|\.)nexusrules\.officeapps\.live\.com$
@@ -100,8 +104,6 @@ allowList:
 - (^|\.)unagi-na\.amazon\.com$
 - (^|\.)unagi\.amazon\.com$
 - (^|\.)vercel-dns\.com$
-- (^|\.)launchdarkly\.com$
-- (^|\.)mimojp\.store$
 - ^\w+-\d{4}\.\w+-msedge\.net$
 - ^ctldl\.windowsupdate\.com$
 - ^settings-win\.data\.microsoft\.com$

cmd/bind/cleanup.go

@@ -38,11 +38,17 @@ func cleanBadDomains(domains []string) []string {
 		}
 
 		// skip domains that are allowed
+		var skip bool
 		for _, allowRegex := range cfg.ConfigFile.AllowLists {
 			if regexp.MustCompile(allowRegex).MatchString(domain) {
+				skip = true
 				continue
 			}
 		}
+		if skip {
+			log.Trace("Skipping Domain", "domain", domain)
+			continue
+		}
 
 		// add domain
 		cleanDomains = append(cleanDomains, domain)