Skip to content
/ coredns-zone-blocker Public

DNS server with integrated zone blocking feature

License

Unlicense license
2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

curipha/coredns-zone-blocker

BranchesTags

Repository files navigation

DNS server with integrated zone blocking feature

Based on CoreDNS. It runs on ARM architecture in addition to ubiquitous AMD64!!

Concepts

  • Run on Docker container for better portability
  • Simple and easy to use
  • Use official docker image for security and reliability
  • No third party dependencies
  • Introduce zone-based blocking instead of host-based to block all sub-domains
  • No access control feature (it should be handled by firewall)

Motivation

  • Provide ad blocking and tracking protection feature for mobile devices

Quick start

$ docker run -d -p53:53/tcp -p53:53/udp --restart unless-stopped ghcr.io/curipha/coredns-zone-blocker:latest

Avoid conflicts with systemd-resolved

systemd-resolved provides DNS stub listener on port 53 by default. It will cause conflicts with this DNS server.

It requires 2 steps to disable DNS stub listener.

1. Update /etc/resolv.conf

$ sudo ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf

/etc/resolv.conf lists 127.0.0.53 as the only DNS server by default. It is systemd-resolved's DNS stub resolver and it have to be shutdown.

systemd-resolved also maintains /run/systemd/resolve/resolv.conf and it contains all known upstream DNS servers. Thus it is good to create a symlink to this file.

For more details, have a look at the manual of systemd-resolved.

2. Stop DNS stub listener provided by systemd-resolved

$ sudo -e /etc/systemd/resolved.conf
$ sudo systemctl restart systemd-resolved.service

Edit /etc/systemd/resolved.conf and add this line. Manual may help.

DNSStubListener=no

Remember to restart systemd-resolved to take the setting in effect.

For developers to run just docker

Build a image

$ DOCKER_BUILDKIT=1 docker build -t coredns-zone-blocker .

Run the server

$ docker run -p53:53/tcp -p53:53/udp --restart unless-stopped coredns-zone-blocker

For developers to run docker-compose

Run the server

Prepare Docker (for the first time only)

$ sudo apt install docker.io docker-compose
$ sudo usermod -aG docker ${USER}

It must be logoff in order for the settings to take effect.

Run DNS server

$ docker-compose up -d

Stop DNS server

$ docker-compose down

Update blocklist

Simply edit Corefile and restart the DNS Server.

For example, add this line to block domain.to.block.example.com and its all subdomains like sub.domain.to.block.example.com.

template ANY ANY domain.to.block.example.com { rcode NXDOMAIN }

Get the list of known Ad and tracking hosts

This script is fine to me.

I really appreciate the great efforts of the block list authors.

Convert host list into Corefile format

$ while read -r l; do echo "template ANY ANY ${l} { rcode NXDOMAIN }"; done < adhosts.txt > hosts_for_Corefile.txt

License

The Unlicense except block lists.

Authors' efforts to provide up-to-date Ad blocking filter list is greatly appreciated. Currently Corefile in this repository includes the hosts based on these lists:

About

DNS server with integrated zone blocking feature

Topics

dns docker docker-compose coredns

Resources

Readme

License

Unlicense license
Activity

Stars

2 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Languages