blacklist.txt
Closed this issue · 3 comments
Hello sir,
Do I need to mount the blacklist.txt or can I just drop it into /etc/dnsdist/ if I already mounted that?
volumes:
- '/etc/dnsdist:/etc/dnsdist'
(I mount it locally to get it caught in etckeeper..)
hblock -H none -F none --output /etc/dnsdist/blacklist.txt -T '%D'
and reloading dnsdist (using the current latest) seems to still resolve the domain.
I just re-read your docker hub page and not sure how I missed all the great features you have in this image..
Thanks in advance.
Hello,
it depends. If you provide your own dnsdist.conf, which I suppose you do, since you mount the /etc/dnsdist
directory, the described configuration options won't work since you are not using the packaged configuration. In order to make the blocklist work with your configuration you would have to add the load blocklist config manually, see: blacklist.conf.
If your scenario is using a blocklist and defining a set of downstream servers with the packaged configuration, you could do the following:
docker-compose.yml
version: '2.1'
services:
dnsdist:
image: chrisss404/powerdns:latest-dnsdist
environment:
- DNSDIST_PLAIN=yes
volumes:
- "./blacklist.txt:/etc/dnsdist/blacklist.txt:ro"
- "./servers.conf:/etc/dnsdist/conf.d/servers.conf:ro"
ports:
- "1053:53/tcp"
- "1053:53/udp"
blacklist.txt
googleadservices.com
servers.conf
infolog("Loading DNS server")
newServer({address="9.9.9.9:853", tls="openssl", subjectName="dns.quad9.net", validateCertificates=true, name="dot-quad9"})
newServer({address="9.9.9.9:443", tls="openssl", subjectName="dns.quad9.net", validateCertificates=true, dohPath="/dns-query", name="doh-quad9"})
When you start you should see:
dnsdist_1 | Loading domain blacklist
dnsdist_1 | Loading DNS server
dnsdist_1 | Added downstream server 9.9.9.9:853
dnsdist_1 | Added downstream server 9.9.9.9:443
dnsdist_1 | Listening on 0.0.0.0:53
And then you should be able to query DNS records:
$ dig @127.0.0.1 -p1053 example.com
; <<>> DiG 9.16.27-RH <<>> @127.0.0.1 -p1053 example.com
; (1 server found)
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62636
;; ANSWER SECTION:
example.com. 42652 IN A 93.184.216.34
$ dig @127.0.0.1 -p1053 googleadservices.com
; <<>> DiG 9.16.27-RH <<>> @127.0.0.1 -p1053 googleadservices.com
; (1 server found)
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 50344
BR
Christian
Thank you for this.
Will try and let you know..
This is a great docker image you have, thank you for putting in the time..
I find dnsdist to be what I want to use, but have the worst time finding working examples or anything complete to try and dissect..
I recently found another users github (enilfodne/dnsdist-adblock) ; which is how I found your blacklist.txt section..
I was going to share this with you and was looking for some contact information..
Thank you in advance.
I'm closing this now. Feel free to share your findings if you reached any conclusions.