This project provides a simple bash script, a systemd service, and a timer to fetch a blocklist for ad and malware domains and configure DNSMasq to block them.
dnsmasq-blocklist.sh: Bash script that fetches a blocklist and converts it into a format usable by DNSMasq.dnsmasq-blocklist.service: A systemd service unit file to run the script once.dnsmasq-blocklist.timer: A systemd timer unit file to run the blocklist update script on a daily schedule.
This bash script does the following:
- Downloads a host file containing a blocklist from a specified URL. Currently, it uses a list maintained by StevenBlack.
- Converts the host file into a format usable by DNSMasq with
awk. - Saves the converted list in a dnsmasq configuration file.
- Restarts the DNSMasq service to apply the changes.
This systemd service unit file executes the script once when started. It can also be used to test the script and to update the blocklist without waiting for the next scheduled run.
This systemd timer unit file schedules the above service to run daily, ensuring that your blocklist is always up to date.
Ensure you have DNSMasq and curl installed and configured on your system.
-
Clone this repository and navigate to the project folder.
git clone https://github.com/wadetb/dnsmasq-blocklist.git cd dnsmasq-blocklist -
Make the script executable.
chmod +x dnsmasq-blocklist.sh
-
Move the script to where the service file expects it.
sudo mv dnsmasq-blocklist.sh /usr/local/bin/
-
Copy the systemd service and timer files to the systemd folder.
sudo cp dnsmasq-blocklist.service dnsmasq-blocklist.timer /etc/systemd/system/
-
Reload the systemd daemon to recognize the new service and timer.
sudo systemctl daemon-reload
-
Start and enable the timer to run the service daily.
sudo systemctl start dnsmasq-blocklist.timer sudo systemctl enable dnsmasq-blocklist.timer
To manually update the blocklist, you can start the service with:
sudo systemctl start dnsmasq-blocklist.serviceMIT