Fetch various blocklists and generate a BIND zone from them.
Configure BIND to return NXDOMAIN for ad and tracking domains to stop clients from contacting them.
Requires BIND 9.8 or newer for RPZ support.
Uses the following sources:
- Peter Lowe’s Ad and tracking server list
- Malware domains
- MVPS HOSTS
- Adaway default blocklist
- hpHosts Ad and Tracking servers only
- Dan Pollock’s hosts file
- MalwareDomainList.com Hosts List
- StevenBlack Unified hosts file
- CAMELEON
- ZeuS domain blocklist (Standard)
- Disconnect.me Basic tracking list
- Disconnect.me Ad Filter list
- SANS ISC - Suspicious Domains Low Sensitivity
Install on Ubuntu via apt-get install python3 python3-pip python3-requests python3-dnspython
These packages need to be installed to run the update script.
Add the response-policy statement to the BIND options
// For AdBlock
response-policy {
zone "rpz.example.com";
};
Add your rpz zone. Replace example.com with a domain of your choice.
// AdBlock
zone "rpz.example.com" {
type master;
file "/etc/bind/db.rpz.example.com";
allow-query { none; };
};
Create a zone file for your zone. Replace example.com with the domain you used before.
@ 3600 IN SOA @ admin.example.com. 0 86400 7200 2592000 86400
@ 3600 IN NS ns.example.com.
update-zonefile.py zonefile origin
- zonefile: Path to the zone file to update
- origin: Zone origin to use
Example: update-zonefile.py /etc/bind/db.rpz.example.com rpz.example.com
update-zonefile.py will update the zone file with the fetched adserver lists and issue a rndc reload origin afterwards.
An additional zone can be used to whitelist domains. See Whitelist