A coredns plugin to block domains/query.
.:1053 {
errors
bind 127.0.0.1
forward . 223.5.5.5:53
log . {
class all
}
blocked {
bootstrap_resolvers 223.5.5.5:53 114.114.114.114:53
intercept/check A AAAA HTTPS CNAME
# to reload cache_data/black_list/white_list, default: 5days.
# Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h".
interval/reload 86400s
# bloom filter capacity & rate. default: 250_000 0.001
size_rate 250_000 0.001
# enable log, remove is disable
log
# hostname query, default: refused. Options: ignore / refused
hostname_query refused
# blocked_query_response, default: soa. Options: soa / zero / hinfo / no-ans / refused
# can config some special for qtypes
resp_type zero {
refused ANY AAAA HTTPS MX PTR SRV CNAME
zero AAAA
}
# covert domain in wildcard, and compare all to filter
# if use it black_list must used `local+` prefix to skip domain valid
wildcard
# (the last cache-data will be ues) load cache file from local or remote
cache_data https://example.com/rules.data
cache_data <AbsolutePath>/rules.data
# black list to block query, load rules from local or remote.
# use `local+` will skip the domain verify means allow any line exclude comment
black_list <AbsolutePath>/list.txt
black_list local+<AbsolutePath>/list.txt
black_list https://example.com/reject-list.txt
# white list to disable block
white_list <AbsolutePath>/white-list.txt
white_list https://example.com/white-list.txt
}
}
- 大规则小内存匹配快,Thanks: bits-and-blooms
- 支持从远端/本地加载缓存
- 支持黑/白名单的规则,并可从远端/本地加载规则
- 默认远端加载会检查域名合法性;本地使用
local+
前缀,跳过合法性检查
- 默认远端加载会检查域名合法性;本地使用
- 支持多种屏蔽的返回报文
SOA
HINFO
ZERO
No-Ans
NX
-NXDOMAIN
REFUSED
- 支持屏蔽指定查询类型
- 支持多种格式的规则文件
hosts
-HostParser
surge
-SurgeParser
dnsmasq
-DnsmasqParser
domain
-DomainParser
abnf
-ABNFParser
, 需要使用abnf+
前缀指定解析器
- 支持
bootstrap_resolvers
, 默认查询1.0.0.1:53
8.8.4.4:53
223.5.5.5:53
119.29.29.29:53
- Github Action 创建缓存文件
- Github Action 创建bin文件
- 使用缓存文件
- 增加response的报文类型
- expose过滤器的参数
- 增加white_list
- 屏蔽指定类型的dns查询
- 支持泛域名屏蔽规则(需要考虑n级域名的问题)
- 引入AdGuard的过滤器
- ...