Ad blocking with DNS (unbound & dnsmasq)

Help on building IPFire & Feature Requests
torsten_berlin
Posts: 9
Joined: July 9th, 2017, 4:06 pm

Re: Ad blocking with DNS (unbound & dnsmasq)

Post by torsten_berlin » November 7th, 2017, 9:32 pm

uh, sorry! I just realized that I replied in german language to an english-driven thread..

my main idea was to implement a pakfire GUI addon for this DNS based adblocker script. This would really be helpful for keeping track what's going on, add, remove or review lists, auto-update them etc. But from the comfort of the ipfire GUI. I'm not capable of coding this but maybe someone else finds this idea helpful, too?

best

mioc
Posts: 33
Joined: December 3rd, 2016, 12:18 pm

Re: Ad blocking with DNS (unbound & dnsmasq)

Post by mioc » November 11th, 2017, 1:44 pm

https://github.com/mglinux/IPF_Tools

V1 is working! Should be easy enough still it´s terminal based. Give it a try and report!

User avatar
Deepcuts
Posts: 461
Joined: March 1st, 2016, 3:18 pm
Location: Romania

Re: Ad blocking with DNS (unbound & dnsmasq)

Post by Deepcuts » November 14th, 2017, 4:28 am

Just a heads up for people using nVidia GeForce Experience.
One of the sources blocks some domains required for driver update check.
The source is: https://raw.githubusercontent.com/notra ... tnames.txt
So if you are using it, do not enable this source.
Image
Image

User avatar
trymes
Posts: 664
Joined: February 9th, 2011, 4:10 pm
Location: New England, USA

Re: Ad blocking with DNS (unbound & dnsmasq)

Post by trymes » November 14th, 2017, 4:37 am

Have you reached out to the development team about integrating this functionality?

User avatar
H&M
Posts: 471
Joined: May 29th, 2014, 9:38 pm
Location: Europe

Re: Ad blocking with DNS (unbound & dnsmasq)

Post by H&M » November 16th, 2017, 7:35 pm

Hi,

What is the format of black_list if I need to block an entire TLD like *.pw?

I tried to put pw in a black_list and load it but it doesn't work



Here are some improvements to the script:
1. It logs all the actions to syslog
2. I also added to the GUI the posibility to check the actions of the script.

Logging all actions to systlog: create a file /var/ipfire/dns/DNSBlockListUpdate.sh and chmod +x
with the following content

Code: Select all

#!/bin/bash


#########################################################################################
#                                                                                       #
#                                                                                       #
#       ______ _   _  _____  ______ _            _    _     _     _                     #
#       |  _  \ \ | |/  ___| | ___ \ |          | |  | |   (_)   | |                    #
#       | | | |  \| |\ `--.  | |_/ / | ___   ___| | _| |    _ ___| |_                   #
#       | | | | . ` | `--. \ | ___ \ |/ _ \ / __| |/ / |   | / __| __|                  #
#       | |/ /| |\  |/\__/ / | |_/ / | (_) | (__|   <| |___| \__ \ |_                   #
#       |___/ \_| \_/\____/  \____/|_|\___/ \___|_|\_\_____/_|___/\__|                  #
#                                                                                       #
#                       DNS_BlockList Logger                                            #
#Created by H&M                                                                         #
#Version 1.0                                                                            #
#November 2017                                                                          #
#                                                                                       #
#                                                                                       #
#########################################################################################


exec 1> >(logger -s -t $(basename $0)) 2>&1
echo "DNSBlockListUpdate start..."
/var/ipfire/dns/dns_blocklist.sh -b /var/ipfire/dns/black_list.txt -w /var/ipfire/dns/white_list.txt 2>1&
echo "DNSBlockListUpdate finished."
exit

Create the BlackList and WhiteList files (above script uses them as parameters) - you can put your blocked/white-listed destinations in them:

Code: Select all

touch /var/ipfire/dns/black_list.txt
touch /var/ipfire/dns/white_list.txt
Create a symlink in /etc/fcron.daily/ to the script above.

Code: Select all

DNSBlockListUpdate.sh -> /var/ipfire/dns/DNSBlockListUpdate.sh
For GUI: edit /srv/web/ipfire/cgi-bin/logs.cgi/log.dat

a. Find the definition of the
my %sections
array and insert a new line (section) for DNS Block List Update:

Code: Select all

        'DNSBlockListUpdate' => '(DNSBlockListUpdate)',
b. Fint the
# Translations for the %sections array.
(my %trsections = ) and add the translation for above insertet section:

Code: Select all

        'DNSBlockListUpdate' => 'DNS: Unbound BlockList Update',

Pay attention to the comma "," at the end of each line you inserted.

Here is the result in the GUI:
DNSBlockListUpdate.JPG


Thank you,
H&M

sammydk
Posts: 773
Joined: July 8th, 2012, 2:50 pm
Location: NRW

Re: Ad blocking with DNS (unbound & dnsmasq)

Post by sammydk » November 29th, 2017, 8:16 am

Hi, is it possible that logging with Core 116 doesn't work anymore?
I have implemented everything 1:1, but in the Gui the logging is empty every day.
The black_list.txt and white_list.txt are filled.
I don't see any error messages either.
Gruß Dietmar
@ HOME 338 MBit Down/ 21 MBit Up by UM IPv4 ;-)
Image
Testsystem
Image

User avatar
H&M
Posts: 471
Joined: May 29th, 2014, 9:38 pm
Location: Europe

Re: Ad blocking with DNS (unbound & dnsmasq)

Post by H&M » December 1st, 2017, 10:18 pm

Hi,

Regarding logging: I do remember that logging was changed in core 116 (I am not that good with GIT to check the changes in last core version but I do remember that I lost my "tweaks" with this version)
I do recommend to check the log.dat file for the added reporting options.

Hope it helps,
H&M

User avatar
H&M
Posts: 471
Joined: May 29th, 2014, 9:38 pm
Location: Europe

Re: Ad blocking with DNS (unbound & dnsmasq)

Post by H&M » December 1st, 2017, 10:21 pm

Hi Deepcuts ,
Deepcuts wrote:
November 14th, 2017, 4:28 am
Just a heads up for people using nVidia GeForce Experience.
One of the sources blocks some domains required for driver update check.
The source is: https://raw.githubusercontent.com/notra ... tnames.txt
So if you are using it, do not enable this source.
I noticed that many other things stop working - including parts of legit sites.
My question: how did you reach to the source that is the cause for malfunctioning of a site?
I need the method in order to find which file contains the restrictions that impact some of the sites I use.

Kind of "debuging" steps for such cases.

Thank you,
H&M

User avatar
Deepcuts
Posts: 461
Joined: March 1st, 2016, 3:18 pm
Location: Romania

Re: Ad blocking with DNS (unbound & dnsmasq)

Post by Deepcuts » December 2nd, 2017, 1:08 am

Enabled one source at a time and checked for "nvidia" string after each reload.
Image
Image

mioc
Posts: 33
Joined: December 3rd, 2016, 12:18 pm

Re: Ad blocking with DNS (unbound & dnsmasq)

Post by mioc » December 3rd, 2017, 2:04 pm

Updated shallalist script. You can now filter each category and add your own custom hosts. Logging is enabled too!
Shalla_blocklist can easily be used by dns_blocklist.sh with -B [path to blocklist]

Example crontab while combining the scripts:

20 4 * * * bash /root/ipf_tools/shalla_ipfire.sh -u && /root/ipf_tools/dns_blocklist.sh 1,2,3,4,5 -b /root/ipf_tools/shalla.blocklist -r 127.0.0.1 && sed -i 's/local-data/local-zone/g; s/[[:space:]]A 127.0.0.1"/" static/g' /etc/unbound/local.d/blocklist.conf && /etc/init.d/unbound restart


Page: https://github.com/mglinux/IPF_Tools

Direct link script: https://raw.githubusercontent.com/mglin ... _ipfire.sh


Enjoy and give some feedback, thx!

Post Reply