On Sun, 30 Mar 2025 08:14:19 -0400
Steve Litt <slitt@???> wrote:
> tito via Dng said on Sat, 22 Mar 2025 17:07:12 +0100
>
>
> >It is possible to run a private dns server that queries the root
> >servers directly e.g. unbound that caches the results and refreshs
> >them. This allows also to filter adservers and malware servers at the
> >dns level.
>
> What is an adserver, and how do I use my unbound to filter it?
Hi,
it is an advertising server, a well known domain from which ads
are injected to the websites you look at.
If you redirect this domains to 0.0.0.0 or 127.0.0.1
you will see less ads (and less risk of downloading
malware from them).
127.0.0.1 is faster if you keep a little web server
running on your box just to give a 404 error
for the request otherwise it seems to me
that the browser waits for some timeout
and website loading is a little slower.
There a few sites the keep this server lists up to date
to filter adserver, porn, gambling, malware, warez etc.
You can download multiple of them and create your own.
I use:
cat /etc/adaway/adaway.serverlist
https://adaway.org/hosts.txt
#
https://hosts-file.net/ad_servers.txt
#
https://winhelp2002.mvps.org/hosts.txt
https://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&showintro=0&mimetype=plaintext
#
http://hostsfile.mine.nu/Hosts
https://someonewhocares.org/hosts/hosts
#
https://mirror.cedia.org.ec/malwaredomains/immortal_domains.txt
#
https://www.malwaredomainlist.com/hostslist/hosts.txt
https://raw.githubusercontent.com/anudeepND/blacklist/master/adservers.txt
https://raw.githubusercontent.com/Sinfonietta/hostfiles/master/pornography-hosts
plus a adway.whitelist adn adaway.blacklist file to inconditionally ad or remove
a domain from the filtering.
I also add the same domains to /etc/hosts but adding them to unbound
gave me better results, you need to add this line to unbound.conf:
include: "/var/lib/unbound/local-blocking-data.conf"
and to /etc/crontab to run it every friday
# Update adaway hosts list every Friday
25 5 * * FRI root /usr/local/sbin/adaway.sh
Here the script I use to achieve that if somebody is interested, I even have some debs of it somewhere.
PS: I know it is a ugly script, no need to say.
cat /usr/local/sbin/adaway.sh
#!/bin/sh
# adaway script v1.6 (C) <farmatito@???>
#set -x
DEBUG=1
# Config
ADAWAY_DIR="/etc/adaway"
ADAWAY_URL="
https://adaway.org/hosts.txt"
BLACKLIST="$ADAWAY_DIR/adaway.blacklist"
WHITELIST="$ADAWAY_DIR/adaway.whitelist"
SERVERLIST="$ADAWAY_DIR/adaway.serverlist"
UNBOUND_DATA="/var/lib/unbound/local-blocking-data.conf"
HOSTSFILE="/etc/hosts"
PRG=`basename $0`
if [ $DEBUG -eq 0 ] ; then
STDERR=""
else
STDERR="--stderr"
fi
RET=$(dpkg -s curl 2>/dev/null | grep -c "install ok installed")
if [ "x$RET" = "x0" ] ; then
apt-get install curl
fi
RET=$(dpkg -s dos2unix 2>/dev/null | grep -c "install ok installed")
if [ "x$RET" = "x0" ] ; then
logger "$STDERR" -p local0.warning "$PRG: 'dos2unix' not found, trying to install..."
apt-get install dos2unix
fi
if [ ! -d "$ADAWAY_DIR" ] ; then
mkdir -p "$ADAWAY_DIR"
touch "$BLACKLIST"
touch "$WHITELIST"
touch "$SERVERLIST"
echo "$ADAWAY_URL" >> "$SERVERLIST"
fi
create_secure_tmp_file () {
local FILE=$(/bin/mktemp)
if [ $? -ne 0 ] ; then
logger "$STDERR" -p local0.warning "$PRG: cannot create secure temporary file"
rm "$FILE"
exit 1
fi
echo "$FILE"
}
logger "$STDERR" -p local0.info "$PRG: starting to update '$HOSTSFILE'"
NEWFILE=`create_secure_tmp_file`
for SRV in `cat "$SERVERLIST" | grep -v '^#' | sed 's/ *[#].*$//g'`
do
CURLTMP=`create_secure_tmp_file`
curl --silent -L "$SRV" --output "$CURLTMP"
if [ $? -ne 0 ] ; then
logger "$STDERR" -p local0.warning "$PRG: cannot download update for '$HOSTSFILE' file from: $SRV"
rm "$CURLTMP"
rm "$NEWFILE"
exit 1
fi
cat "$CURLTMP" | dos2unix | \
# leading/trailing comments
grep -v "^#" | \
sed 's/ *[#].*$//g' | \
# empty lines
grep -v "^[[:space:]]*$" | \
# tabs to spaces
tr '\t' ' ' | \
# squeeze spaces
tr -s ' ' | \
grep -v '^::1' | \
grep -v '^fe0' | \
grep -v '^ff0' | \
grep -v "255.255.255.255" | \
grep -v "127.0.0.1 localhost" | \
sed 's/0.0.0.0/127.0.0.1/g' |\
grep -v "^127.0.0.1$" >> "$NEWFILE"
rm "$CURLTMP"
done
# Add local blacklisted sites
cat "$BLACKLIST" | grep -v '^#' | sed 's/ *[#].*$//g' >> "$NEWFILE"
NEWFILE2=`create_secure_tmp_file`
# Remove local whitelisted sites
for line in `cat "$WHITELIST" | grep -v "^#" | sed 's/ *[#].*$//g'`
do
grep -v "$line" "$NEWFILE" > "$NEWFILE2"
cat "$NEWFILE2" > "$NEWFILE"
done
# Remove Duplicate Entries
NUM1=$(cat "$NEWFILE" | wc -l)
cat "$NEWFILE" | sort| uniq > "$NEWFILE2"
NUM2=$(cat "$NEWFILE2" | wc -l)
NUM3=$(expr $NUM1 - $NUM2)
logger "$STDERR" -p local0.info "$PRG: removed '$NUM3' duplicate entries in '$HOSTSFILE' file"
if [ -d $(dirname "$UNBOUND_DATA") ] ; then
# Save old file
mv -f "$UNBOUND_DATA" "$UNBOUND_DATA".bak
# Create file for unbound DNS
cat "$NEWFILE2" | grep -v "^[[:space:]]*$" | awk '{print "local-data: \"" $2 " A 127.0.0.1\""}' > "$UNBOUND_DATA"
chmod 644 "$UNBOUND_DATA"
if [ $? -ne 0 ] ; then
logger "$STDERR" -p local0.warning "$PRG: cannot chmod '$UNBOUND_DATA' file"
fi
chown unbound:unbound "$UNBOUND_DATA"
if [ $? -ne 0 ] ; then
logger "$STDERR" -p local0.warning "$PRG: cannot chown '$UNBOUND_DATA' file"
fi
service unbound restart
if [ $? -ne 0 ] ; then
logger "$STDERR" -p local0.warning "$PRG: cannot restart unbound restoring old $UNBOUND_DATA"
mv -f "$UNBOUND_DATA".bak "$UNBOUND_DATA"
service unbound restart
if [ $? -ne 0 ] ; then
logger "$STDERR" -p local0.warning "$PRG: cannot restart unbound, abort"
# Something is wrong with the downloaded files, don't update /etc/hosts
exit 1
fi
fi
fi
if [ ! -f "$HOSTSFILE.orig" ] ; then
# First time backup hosts file
mv "$HOSTSFILE" "$HOSTSFILE.orig"
if [ $? -ne 0 ] ; then
logger "$STDERR" -p local0.warning "$PRG: cannot move '$HOSTSFILE' to '$HOSTSFILE.orig'"
fi
fi
# Add header and original hosts file content
echo "# Hosts file managed by adaway.sh script." > "$NEWFILE"
echo "# Don't edit, as your edits will be overwritten." >> "$NEWFILE"
echo "# Edit $HOSTSFILE.orig instead." >> "$NEWFILE"
cat "$HOSTSFILE.orig" >> "$NEWFILE"
cat "$NEWFILE2" >> "$NEWFILE"
rm "$NEWFILE2"
mv "$NEWFILE" "$HOSTSFILE"
if [ $? -ne 0 ] ; then
logger "$STDERR" -p local0.warning "$PRG: cannot move '$NEWFILE' to '$HOSTSFILE'"
fi
if [ $? -ne 0 ] ; then
logger "$STDERR" -p local0.warning "$PRG: cannot create write new '$HOSTSFILE' file"
rm "$NEWFILE"
exit 1
fi
chmod 644 "$HOSTSFILE"
if [ $? -ne 0 ] ; then
logger "$STDERR" -p local0.warning "$PRG: cannot set permissions on new '$HOSTSFILE' file"
fi
chown root:root "$HOSTSFILE"
if [ $? -ne 0 ] ; then
logger "$STDERR" -p local0.warning "$PRG: cannot set ownership on new '$HOSTSFILE' file"
fi
logger "$STDERR" -p local0.info "$PRG: $(wc -l $HOSTSFILE) lines updated successfully"
# restart postfix so it can update its private copy of the hosts file
service postfix restart
exit 0
> SteveT
>
> Steve Litt
>
> http://444domains.com
>
> _______________________________________________
> Dng mailing list
> Dng@???
> Manage your subscription: https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
> Archive: https://lists.dyne.org/lurker/list/dng.en.html
::
Re: [DNG] hijacking resolv.conf - p…
