Denis Machard

My technical gists

Infrastructure background, developer mindset. I build things for pleasure.
    @github @mastodon @rss

    Dynamic blacklist with CDB database on DNSdist

    A DNSdist configuration example to block big list of ads/malwares domains effectively with a CDB database and dynamic reload.

    Download the following CDB blocklist file https://github.com/dmachard/blocklist-domains and put-it in /etc/dnsdist/conf.d/

    The latest version of the configuration can be downloaded from github.

    --- open your CDB database 
    --- dnsdist with reload this database every 3600s
    kvs = newCDBKVStore("/etc/dnsdist/conf.d/blocklist.cdb", 3600)
    
    -- block domains ?
    addAction(KeyValueStoreLookupRule(kvs, KeyValueLookupKeyQName(false)), SetTagAction('policy_block', ''))
    addAction(TagRule('policy_block'), SpoofAction({"127.0.0.1", "::1"}))
    
    --- or answer with NXDOMAIN
    --- addAction(TagRule('policy_block'), RCodeAction(DNSRCode.NXDOMAIN))
    

    Official documentation links

    propulsed by hugo and hugo-theme-gists