Fincer
/
dns-sinkhole
mirror of https://github.com/Fincer/dns-sinkhole
1
0
Fork 0
Code Issues 0 Projects 0 Releases 0 Wiki Activity
Generate domain sinkhole (blacklist) files for DNSCrypt & pdnsd DNS servers
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
9 Commits
1 Branch
7.0 MiB
Tree: fec3e722cd
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'fec3e722cd'
${ noResults }
dns-sinkhole/README.md

62 lines
2.0 KiB
Raw Normal View History

Update README.md
5 years ago
Initial commit
5 years ago
Update README.md
5 years ago
Initial commit
5 years ago
README: Formatting
5 years ago
Initial commit
5 years ago
Add material about the basic idea of this setup
5 years ago
Initial commit
5 years ago
 
  1. # [DNS sinkhole](https://en.wikipedia.org/wiki/DNS_sinkhole)

  2. 

  3. Generate domain sinkhole (blacklist) files for [DNSCrypt](https://github.com/jedisct1/dnscrypt-proxy) and [pdnsd](http://members.home.nl/p.a.rombouts/pdnsd/) DNS servers. Comparable to Pi-Hole, but uses more simple structure without too much overhead. Generated blacklist files can be added to existing DNS server installations.
  4. 

  5. ![](images/sample.png)
  6. 

  7. ----------
  8. 

  9. # Usage

  10. 

  11. Add blacklists and whitelists as you wish into [the python script](data/dns-sinkhole_gen.py). Once done, run the script with Python 3. The script generates necessary files for you to adapt to your DNS servers.
  12. 

  13. ----------
  14. 

  15. # Developer's notice

  16. 

  17. ## Benefits:

  18. 

  19. Useful for blocking ads, tracking & telemetry on:
  20. 

  21. - single device with a DNS server
  22. 

  23. - on a full network segment if a centralized DNS server is used (multiple devices)
  24. 

  25. - applies to IoT devices (+ SmartTVs etc.) if traffic is routed via a centralized DNS server applying this sinkhole/blacklist policy
  26. 

  27. **NOTE (Tor users):** These lists do not work with SOCKS5/HTTP Tor connections, as DNS resolution is done on the Tor exit nodes, not by your DNS server(s).
  28. 

  29. ### Tested on

  30. 

  31. ```
  32. Arch Linux (x86_64):           DNSCrypt server, pdnsd server
  33. Android (mobile phone, ARMv7): DNSCrypt server
  34. ```
  35. 

  36. ## About used list formats

  37. 

  38. ### pdnsd

  39. 

  40. Although pdnsd offers `neg` feature, it is not very reliable with large DNS blocklists. However, custom `rr` (Resource Record) entries have been tested with a list of over 240 000 blacklisted domains, and it works as expected.
  41. 

  42. ### DNSCrypt

  43. 

  44. Although DNSCrypt offers blacklist feature, it is not very reliable with large DNS blocklists. However, cloaking list has been tested with a list of over 240 000 blacklisted domains, and it works as expected.
  45. 

  46. ----------
  47. 

  48. ## Basic principle/idea

  49. 

  50. ### Single device

  51. 

  52. ![](images/dns-sinkhole_phone.png)
  53. 

  54. ### Multiple devices

  55. 

  56. ![](dns-sinkhole_network.png)
  57. 

  58. ----------
  59. 

  60. # License

  61. 

  62. This repository uses MIT license. See [LICENSE](LICENSE) file for details.