blacklist.txt

Question

blacklist.txt

Closed this issue 2 years ago · 3 comments

bcookatpcsd commented 3 years ago

Hello sir,

Do I need to mount the blacklist.txt or can I just drop it into /etc/dnsdist/ if I already mounted that?

volumes:
- '/etc/dnsdist:/etc/dnsdist'

(I mount it locally to get it caught in etckeeper..)

hblock -H none -F none --output /etc/dnsdist/blacklist.txt -T '%D'

and reloading dnsdist (using the current latest) seems to still resolve the domain.

I just re-read your docker hub page and not sure how I missed all the great features you have in this image..

Thanks in advance.

Answer 1 · 2022-03-25T09:46:05.000Z

Hello,

it depends. If you provide your own dnsdist.conf, which I suppose you do, since you mount the /etc/dnsdist directory, the described configuration options won't work since you are not using the packaged configuration. In order to make the blocklist work with your configuration you would have to add the load blocklist config manually, see: blacklist.conf.

If your scenario is using a blocklist and defining a set of downstream servers with the packaged configuration, you could do the following:

docker-compose.yml

version: '2.1'

services:

  dnsdist:
    image: chrisss404/powerdns:latest-dnsdist
    environment:
      - DNSDIST_PLAIN=yes
    volumes:
      - "./blacklist.txt:/etc/dnsdist/blacklist.txt:ro"
      - "./servers.conf:/etc/dnsdist/conf.d/servers.conf:ro"
    ports:
      - "1053:53/tcp"
      - "1053:53/udp"

blacklist.txt

googleadservices.com

servers.conf

infolog("Loading DNS server")

newServer({address="9.9.9.9:853", tls="openssl", subjectName="dns.quad9.net", validateCertificates=true, name="dot-quad9"})
newServer({address="9.9.9.9:443", tls="openssl", subjectName="dns.quad9.net", validateCertificates=true, dohPath="/dns-query", name="doh-quad9"})

When you start you should see:

dnsdist_1  | Loading domain blacklist
dnsdist_1  | Loading DNS server
dnsdist_1  | Added downstream server 9.9.9.9:853
dnsdist_1  | Added downstream server 9.9.9.9:443
dnsdist_1  | Listening on 0.0.0.0:53

And then you should be able to query DNS records:

$ dig @127.0.0.1 -p1053 example.com

; <<>> DiG 9.16.27-RH <<>> @127.0.0.1 -p1053 example.com
; (1 server found)

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62636

;; ANSWER SECTION:
example.com.		42652	IN	A	93.184.216.34

$ dig @127.0.0.1 -p1053 googleadservices.com

; <<>> DiG 9.16.27-RH <<>> @127.0.0.1 -p1053 googleadservices.com
; (1 server found)

;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 50344

BR
Christian

Answer 2 · 2022-03-25T11:39:14.000Z

Thank you for this.

Will try and let you know..

This is a great docker image you have, thank you for putting in the time..

I find dnsdist to be what I want to use, but have the worst time finding working examples or anything complete to try and dissect..

I recently found another users github (enilfodne/dnsdist-adblock) ; which is how I found your blacklist.txt section..

I was going to share this with you and was looking for some contact information..

Thank you in advance.

Answer 3 · 2022-08-26T08:51:41.000Z

I'm closing this now. Feel free to share your findings if you reached any conclusions.