Olivier Mauras 2c1fd02039 Document -u 1 year ago
README.md Document -u 1 year ago
host_lists_as_forward_zones.py Support creating unbound local zone with -u argument 1 year ago
lua_blocking_from_disconnect.py lua_blocking_from_disconnect.py: Cosmetics 1 year ago

README.md

PowerDNS recursor ads blocking

The idea comes from last year's powerdns blog post where they explain how to use the Disconnect list used by the Mozilla Focus project to efficiently block ads/tracking domains.

While the process is quite easy, while reading some of the project readme it seemed even more simple to just get the domains from the original list.

I then decided that it needed improvement and that it would be interesting to include content from other well known black hole lists.
I ended up with more than 690000 domains and this proved the lua method to be unable to cope with that many entries - recursor crashes at startup with a constant overflow - so I searched how to make recursor behave correctly while still be able to block all those bad domains.

I found this old blog post on how to use a well known host list to block ads in recursor.
This solution can work for around 5000 domains, but for 690000 it will be super slow and leave the recursor.conf unreadable.

I then decided to try the forward-zones-file option that let's you forward domains to an unreachable IP of your choice. It works very well, takes only ~15s to build the list and ~4s for recursor to process the zone.

Both methods can be cumulated and both will let you whitelist domains if needed.

lua_blocking_from_disconnect.py

This script uses the official blog post method and will build the lua blacklist file from Disconnect list.

host_lists_as_forward_zones.py

Will build a recursor's compatible forward zone file, containing the domains agregated from 5 different well know host lists + Easylist.
Passing -d as an argument will also process Disconnect list - If you don't wanna use the lua method.
Passing -u as an argument will generate an unbound compatible local zone file.

Whitelist is built from a file - /etc/pdns/bh_whitelist by default - containing one domain per line.

Add forward-zones-file=/etc/pdns/null.forward.zone in your recursor.conf and restart the service.

Both codes have been tested on python 3.5 and 2.7.