:: Re: [DNG] hijacking resolv.conf - p…
Top Page
Delete this message
Reply to this message
Author: tito
Date:  
To: dng
Subject: Re: [DNG] hijacking resolv.conf - possible fix?
On Sun, 30 Mar 2025 08:14:19 -0400
Steve Litt <slitt@???> wrote:

> tito via Dng said on Sat, 22 Mar 2025 17:07:12 +0100
>
>
> >It is possible to run a private dns server that queries the root
> >servers directly e.g. unbound that caches the results and refreshs
> >them. This allows also to filter adservers and malware servers at the
> >dns level.
>
> What is an adserver, and how do I use my unbound to filter it?


Hi,
it is an advertising server, a well known domain from which ads
are injected to the websites you look at.
If you redirect this domains to 0.0.0.0 or 127.0.0.1
you will see less ads (and less risk of downloading
malware from them).
127.0.0.1 is faster if you keep a little web server
running on your box just to give a 404 error
for the request otherwise it seems to me
that the browser waits for some timeout
and website loading is a little slower.
There a few sites the keep this server lists up to date
to filter adserver, porn, gambling, malware, warez etc.
You can download multiple of them and create your own.
I use:

cat /etc/adaway/adaway.serverlist
https://adaway.org/hosts.txt
#https://hosts-file.net/ad_servers.txt
#https://winhelp2002.mvps.org/hosts.txt
https://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&showintro=0&mimetype=plaintext
#http://hostsfile.mine.nu/Hosts
https://someonewhocares.org/hosts/hosts
#https://mirror.cedia.org.ec/malwaredomains/immortal_domains.txt
#https://www.malwaredomainlist.com/hostslist/hosts.txt
https://raw.githubusercontent.com/anudeepND/blacklist/master/adservers.txt
https://raw.githubusercontent.com/Sinfonietta/hostfiles/master/pornography-hosts

plus a adway.whitelist adn adaway.blacklist file to inconditionally ad or remove
a domain from the filtering.

I also add the same domains to /etc/hosts but adding them to unbound
gave me better results, you need to add this line to unbound.conf:

include: "/var/lib/unbound/local-blocking-data.conf"

and to /etc/crontab to run it every friday

# Update adaway hosts list every Friday
25 5    * * FRI root    /usr/local/sbin/adaway.sh


Here the script I use to achieve that if somebody is interested, I even have some debs of it somewhere.

PS: I know it is a ugly script, no need to say.


cat /usr/local/sbin/adaway.sh

#!/bin/sh
# adaway script v1.6 (C) <farmatito@???>
#set -x
DEBUG=1
# Config
ADAWAY_DIR="/etc/adaway"
ADAWAY_URL="https://adaway.org/hosts.txt"
BLACKLIST="$ADAWAY_DIR/adaway.blacklist"
WHITELIST="$ADAWAY_DIR/adaway.whitelist"
SERVERLIST="$ADAWAY_DIR/adaway.serverlist"
UNBOUND_DATA="/var/lib/unbound/local-blocking-data.conf"
HOSTSFILE="/etc/hosts"

PRG=`basename $0`

if [ $DEBUG -eq 0 ] ; then
        STDERR=""
else
        STDERR="--stderr"
fi


RET=$(dpkg -s curl 2>/dev/null | grep -c  "install ok installed")
if [ "x$RET" = "x0" ] ; then
        apt-get install curl
fi


RET=$(dpkg -s dos2unix 2>/dev/null | grep -c  "install ok installed")
if [ "x$RET" = "x0" ] ; then
        logger "$STDERR" -p local0.warning "$PRG: 'dos2unix' not found, trying to install..."
        apt-get install dos2unix
fi


if [ ! -d "$ADAWAY_DIR" ] ; then
        mkdir -p "$ADAWAY_DIR"
        touch "$BLACKLIST"
        touch "$WHITELIST"
        touch "$SERVERLIST"
        echo  "$ADAWAY_URL" >> "$SERVERLIST"
fi


create_secure_tmp_file () {
        local FILE=$(/bin/mktemp)
        if [ $? -ne 0 ] ; then
                        logger "$STDERR" -p local0.warning "$PRG: cannot create secure temporary file"
                        rm "$FILE"
                        exit 1
        fi
        echo "$FILE"
}


logger "$STDERR" -p local0.info "$PRG: starting to update '$HOSTSFILE'"

NEWFILE=`create_secure_tmp_file`

for SRV in `cat "$SERVERLIST" | grep -v '^#' | sed 's/ *[#].*$//g'`
do
        CURLTMP=`create_secure_tmp_file`


        curl --silent -L "$SRV" --output "$CURLTMP"
        if [ $? -ne 0 ] ; then
                        logger  "$STDERR" -p local0.warning "$PRG: cannot download update for '$HOSTSFILE' file from: $SRV"
                        rm "$CURLTMP"
                        rm "$NEWFILE"
                        exit 1
        fi


        cat "$CURLTMP" | dos2unix             | \
                        # leading/trailing  comments
                        grep -v "^#"                  | \
                        sed 's/ *[#].*$//g'           | \
                        # empty lines
                        grep -v "^[[:space:]]*$"     | \
                        # tabs to spaces
                        tr '\t' ' '                   | \
                        # squeeze spaces
                        tr -s ' '                     | \
                        grep -v '^::1'                | \
                        grep -v '^fe0'                | \
                        grep -v '^ff0'                | \
                        grep -v "255.255.255.255"     | \
                        grep -v "127.0.0.1 localhost" | \
                        sed 's/0.0.0.0/127.0.0.1/g'   |\
                        grep -v "^127.0.0.1$" >> "$NEWFILE"
                        rm "$CURLTMP"
done


# Add local blacklisted sites
cat "$BLACKLIST" | grep -v '^#' | sed 's/ *[#].*$//g' >> "$NEWFILE"

NEWFILE2=`create_secure_tmp_file`

# Remove local whitelisted sites
for  line in `cat "$WHITELIST" | grep -v "^#" | sed 's/ *[#].*$//g'`
do
        grep -v "$line" "$NEWFILE" > "$NEWFILE2"
        cat "$NEWFILE2" > "$NEWFILE"
done


# Remove Duplicate Entries
NUM1=$(cat "$NEWFILE" | wc -l)
cat "$NEWFILE" | sort| uniq > "$NEWFILE2"
NUM2=$(cat "$NEWFILE2" | wc -l)
NUM3=$(expr $NUM1 - $NUM2)

logger "$STDERR" -p local0.info "$PRG: removed '$NUM3' duplicate entries in '$HOSTSFILE' file"

if [ -d $(dirname "$UNBOUND_DATA") ] ; then
        # Save old file
        mv -f "$UNBOUND_DATA" "$UNBOUND_DATA".bak
        # Create file for unbound DNS
        cat "$NEWFILE2" | grep -v "^[[:space:]]*$" | awk '{print "local-data: \"" $2 " A 127.0.0.1\""}' > "$UNBOUND_DATA"
        chmod 644 "$UNBOUND_DATA"
        if [ $? -ne 0 ] ; then
                        logger "$STDERR" -p local0.warning "$PRG: cannot chmod '$UNBOUND_DATA' file"
        fi
        chown unbound:unbound "$UNBOUND_DATA"


        if [ $? -ne 0 ] ; then
                        logger "$STDERR" -p local0.warning "$PRG: cannot chown '$UNBOUND_DATA' file"
        fi
        service unbound restart
        if [ $? -ne 0 ] ; then
                        logger "$STDERR" -p local0.warning "$PRG: cannot restart unbound restoring old $UNBOUND_DATA"
                        mv -f "$UNBOUND_DATA".bak "$UNBOUND_DATA"
                        service unbound restart
                        if [ $? -ne 0 ] ; then
                                        logger "$STDERR" -p local0.warning "$PRG: cannot restart unbound, abort"
                                        # Something is wrong with the downloaded files, don't update /etc/hosts
                                        exit 1
                        fi
        fi
fi
if [ ! -f "$HOSTSFILE.orig" ] ; then
        # First time backup hosts file
        mv "$HOSTSFILE" "$HOSTSFILE.orig"
        if [ $? -ne 0 ] ; then
                        logger "$STDERR" -p local0.warning "$PRG: cannot move '$HOSTSFILE' to '$HOSTSFILE.orig'"
        fi
fi
# Add header and original hosts file content
echo "# Hosts file managed by adaway.sh script."           > "$NEWFILE"
echo "# Don't edit, as your edits will be overwritten."   >> "$NEWFILE"
echo "# Edit $HOSTSFILE.orig instead."                    >> "$NEWFILE"
cat "$HOSTSFILE.orig" >> "$NEWFILE"


cat "$NEWFILE2" >> "$NEWFILE"
rm "$NEWFILE2"

mv "$NEWFILE" "$HOSTSFILE"

if [ $? -ne 0 ] ; then
        logger "$STDERR" -p local0.warning "$PRG: cannot move '$NEWFILE' to '$HOSTSFILE'"
fi
if [ $? -ne 0 ] ; then
        logger "$STDERR" -p local0.warning "$PRG: cannot create write new '$HOSTSFILE' file"
        rm "$NEWFILE"
        exit 1
fi
chmod 644 "$HOSTSFILE"
if [ $? -ne 0 ] ; then
        logger "$STDERR" -p local0.warning "$PRG: cannot set permissions on new '$HOSTSFILE' file"
fi
chown root:root "$HOSTSFILE"
if [ $? -ne 0 ] ; then
        logger "$STDERR" -p local0.warning "$PRG: cannot set ownership on new '$HOSTSFILE' file"
fi
logger "$STDERR" -p local0.info "$PRG: $(wc -l $HOSTSFILE) lines  updated successfully"
# restart postfix so it can update its private copy of the hosts file
service postfix restart
exit 0



> SteveT
>
> Steve Litt
>
> http://444domains.com
>
> _______________________________________________
> Dng mailing list
> Dng@???
> Manage your subscription: https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
> Archive: https://lists.dyne.org/lurker/list/dng.en.html