commit: bc033205ea786d4f17a00369a97d46a270955164 parent 03b00eaf8edb13c7be181208afad073b376aa045 Author: Haelwenn (lanodan) Monnier <contact@hacktivis.me> Date: Thu, 1 Jun 2023 22:46:33 +0200 Add RPZ, this allows to nicely block subrecordsDiffstat:
| A | Makefile | 2 | ++ |
| M | README.md | 9 | +++++++++ |
| A | unbound-rpz.conf | 181 | +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ |
| A | unbound-rpz.sh | 7 | +++++++ |
4 files changed, 199 insertions(+), 0 deletions(-)diff --git a/Makefile b/Makefile@@ -0,0 +1,2 @@ +unbound-rpz.conf: unbound-blocks.conf + ./unbound-rpz.shdiff --git a/README.md b/README.md@@ -7,3 +7,12 @@ SPDX-License-Identifier: CC-BY-SA-4.0 Mass-tag based domain blocks, allowying to pick and choose easily. - `tag:tracking`: No consent was given, yet personal data (incl. fairly unique device identification data) was sent / requested or fingerprinting was being used. See [GDPR](https://eur-lex.europa.eu/eli/reg/2016/679). + +## RPZ Example Usage +``` +rpz: + name: blocks.hacktivis.me + zonefile: /git/domain-blocks.work/unbound-rpz.conf + # always NXDOMAIN + rpz-action-override: nxdomain +```diff --git a/unbound-rpz.conf b/unbound-rpz.conf@@ -0,0 +1,181 @@ +; SPDX-FileCopyrightText: 2023 Haelwenn (lanodan) Monnier <contact+domain-blocks@hacktivis.me> +; SPDX-FileCopyrightText: 2016 Shaft +; SPDX-License-Identifier: CC-BY-SA-4.0 +a.co. CNAME . ; org:Amazon tag:click-tracker +*.a.co. CNAME . +addthis.com. CNAME . ; org:Oracle tag:social-tracker tag:gdpr-problematic tag:tracking +*.addthis.com. CNAME . +addthisedge.com. CNAME . ; org:Oracle tag:social-tracker tag:gdpr-problematic tag:tracking +*.addthisedge.com. CNAME . +addtoany.com. CNAME . ; org:Oracle tag:social-tracker +*.addtoany.com. CNAME . +amazon-adsystem.com. CNAME . ; org:Amazon tag:tracking tag:ads +*.amazon-adsystem.com. CNAME . +analytics.tiktok.com. CNAME . ; org:TikTok tag:tracking +*.analytics.tiktok.com. CNAME . +appleid.cdn-apple.com. CNAME . ; org:Apple +*.appleid.cdn-apple.com. CNAME . +at-o.net. CNAME . ; org:AtInternet tag:tracking +*.at-o.net. CNAME . +beacon.wikia-services.com. CNAME . ; org:Wikia tag:tracking +*.beacon.wikia-services.com. CNAME . +bit.ly. CNAME . ; org:Bitly tag:click-tracker +*.bit.ly. CNAME . +bp01.net. CNAME . ; org:NP6 tag:tracking tag:first-party-tracking +*.bp01.net. CNAME . +btloader.com. CNAME . ; tag:tracking +*.btloader.com. CNAME . +cdn.redoc.ly. CNAME . ; org:Redoc tag:CDN +*.cdn.redoc.ly. CNAME . +cdninstagram.com. CNAME . ; org:Facebook +*.cdninstagram.com. CNAME . +click.email.sowee.fr. CNAME . ; org:Sowee tag:click-tracker +*.click.email.sowee.fr. CNAME . +click2apply.net. CNAME . ; org:JobTarget tag:tracking +*.click2apply.net. CNAME . +cloudflareinsights.com. CNAME . ; org:Cloudflare tag:tracking +*.cloudflareinsights.com. CNAME . +consent.liberation.fr. CNAME . ; org:Libération tag:gdpr-paywall-abuse +*.consent.liberation.fr. CNAME . +creditkarma.com. CNAME . ; org:Intuit org:CreditKarma tag:social-scoring +*.creditkarma.com. CNAME . +criteo.com. CNAME . ; org:Criteo tag:tracking +*.criteo.com. CNAME . +crom.avn.sh. CNAME . ; org:Crom tag:walled-garden-integration +*.crom.avn.sh. CNAME . +detailedpedia.com. CNAME . ; republication:wikipedia +*.detailedpedia.com. CNAME . +discord.com. CNAME . ; org:Discord tag:walled-garden +*.discord.com. CNAME . +discord.gg. CNAME . ; org:Discord tag:walled-garden +*.discord.gg. CNAME . +disqus.com. CNAME . ; org:ZETA Org:Disqus tag:tracking tag:gdpr-problematic +*.disqus.com. CNAME . +dnsdelegation.io. CNAME . ; org:Criteo tag:tracking tag:first-party-tracking +*.dnsdelegation.io. CNAME . +donmain.us. CNAME . ; tag:spam tag:typo-squatting tag:domain-squatting +*.donmain.us. CNAME . +doubleclick.net. CNAME . ; org:Google +*.doubleclick.net. CNAME . +drift.com. CNAME . ; org:Drift tag:chatbot +*.drift.com. CNAME . +driftt.com. CNAME . ; org:Drift tag:chatbot +*.driftt.com. CNAME . +durationmedia.net. CNAME . ; org:DurationMedia tag:tracking +*.durationmedia.net. CNAME . +e.gg. CNAME . ; org:Facebook tag:click-tracker +*.e.gg. CNAME . +embed.ly CNAME . ; org:Embedly +*.embed.ly CNAME . +embedly.com. CNAME . ; org:Embedly +*.embedly.com. CNAME . +et-gv.fr. CNAME . ; org:Eulerian tag:tracking tag:first-party-tracking +*.et-gv.fr. CNAME . +*.et-gv.fr. CNAME . ; org:Eulerian tag:tracking tag:first-party-tracking +*.*.et-gv.fr. CNAME . +eulerian.com. CNAME . ; org:Eulerian tag:tracking tag:first-party-tracking +*.eulerian.com. CNAME . +eulerian.fr. CNAME . ; org:Eulerian tag:tracking tag:first-party-tracking +*.eulerian.fr. CNAME . +eulerian.net. CNAME . ; org:Eulerian tag:tracking tag:first-party-tracking +*.eulerian.net. CNAME . +facebook.com. CNAME . ; org:Facebook +*.facebook.com. CNAME . +facebook.net. CNAME . ; org:Facebook +*.facebook.net. CNAME . +fastly-insights.com. CNAME . ; org:Fastly tag:tracking +*.fastly-insights.com. CNAME . +fbcdn.net. CNAME . ; org:Facebook +*.fbcdn.net. CNAME . +g.cn. CNAME . ; org:Google tag:click-tracker +*.g.cn. CNAME . +g.co. CNAME . ; org:Google tag:click-tracker +*.g.co. CNAME . +go-mpulse.net. CNAME . ; org:Akamai tag:tracking +*.go-mpulse.net. CNAME . +goo.gle. CNAME . ; org:Google tag:click-tracker +*.goo.gle. CNAME . +google-analytics.com. CNAME . ; org:Google tag:gdpr-problematic tag:tracking +*.google-analytics.com. CNAME . +google.com. CNAME . ; org:Google +*.google.com. CNAME . +googleapis.com. CNAME . ; org:Google tag:cdn tag:gdpr-problematic +*.googleapis.com. CNAME . +googletagmanager.com. CNAME . ; org:Google tag:tracking +*.googletagmanager.com. CNAME . +googleusercontent.com. CNAME . ; org:Google +*.googleusercontent.com. CNAME . +gstatic.com. CNAME . ; org:Google +*.gstatic.com. CNAME . +hotjar.com. CNAME . ; org:HotJar tag:tracking +*.hotjar.com. CNAME . +hotjar.io. CNAME . ; org:HotJar tag:tracking +*.hotjar.io. CNAME . +icims.com. CNAME . ; org:iCIMS tag:tracking +*.icims.com. CNAME . +intuit.com. CNAME . ; org:Intuit tag:lobbying +*.intuit.com. CNAME . +jobtarget.com. CNAME . ; org:JobTarget tag:tracking +*.jobtarget.com. CNAME . +keyade.com. CNAME . ; org:Keyade tag:tracking tag:first-party-tracking +*.keyade.com. CNAME . +licdn.com. CNAME . ; org:LinkedIn tag:tracking +*.licdn.com. CNAME . +m.me. CNAME . ; org:Facebook tag:click-tracker +*.m.me. CNAME . +mailchimp.com. CNAME . ; org:Intuit org:Mailchimp tag:tracking +*.mailchimp.com. CNAME . +maps.googleapis.com. CNAME . ; org:Google tag:cdn tag:gdpr-problematic +*.maps.googleapis.com. CNAME . +newrelic.com. CNAME . ; org:NewRelic tag:tracking +*.newrelic.com. CNAME . +nr-data.net. CNAME . ; org:NewRelic tag:tracking +*.nr-data.net. CNAME . +nr-dns.net. CNAME . ; org:NewRelic tag:tracking +*.nr-dns.net. CNAME . +omtrdc.net. CNAME . ; org:Adobe tag:tracking tag:first-party-tracking +*.omtrdc.net. CNAME . +onlinewebfonts.com. CNAME . ; org:OnlineWebFont tag:webfont +*.onlinewebfonts.com. CNAME . +oracle.com. CNAME . ; org:Oracle +*.oracle.com. CNAME . +ostatus.org. CNAME . ; tag:spam tag:gambling tag:domain-squatting +*.ostatus.org. CNAME . +quantserve.com. CNAME . ; org:Quantcast tag:tracking +*.quantserve.com. CNAME . +services.fandom.com. CNAME . ; org:Wikia tag:tracking +*.services.fandom.com. CNAME . +sharethis.com. CNAME . ; org:Oracle tag:social-tracker +*.sharethis.com. CNAME . +snap.licdn.com. CNAME . ; org:LinkedIn tag:tracking +*.snap.licdn.com. CNAME . +snowplow.io. CNAME . ; org:Snowplow tag:tracking +*.snowplow.io. CNAME . +snowplow.trx.gitlab.net. CNAME . ; org:Gitlab tag:tracking +*.snowplow.trx.gitlab.net. CNAME . +storetail.io. CNAME . ; org:Criteo tag:tracking tag:first-party-tracking +*.storetail.io. CNAME . +t.co. CNAME . ; org:Twitter tag:click-tracker +*.t.co. CNAME . +tinyurl.com. CNAME . ; org:TinyURL tag:click-tracker +*.tinyurl.com. CNAME . +twitter.com. CNAME . ; org:Twitter +*.twitter.com. CNAME . +webtrekk.com. CNAME . ; org:Webtrekk tag:tracking tag:first-party-tracking +*.webtrekk.com. CNAME . +webtrekk.net. CNAME . ; org:Webtrekk tag:tracking tag:first-party-tracking +*.webtrekk.net. CNAME . +wiki2.org. CNAME . ; republication:wikipedia +*.wiki2.org. CNAME . +wikiwand.com. CNAME . ; republication:wikipedia +*.wikiwand.com. CNAME . +www.reddit.com. CNAME . ; tag:webshit +*.www.reddit.com. CNAME . +xiti.com. CNAME . ; org:AtInternet tag:tracking +*.xiti.com. CNAME . +youtube-nocookie.com. CNAME . ; tag:webshit tag:youtube +*.youtube-nocookie.com. CNAME . +zendesk.com. CNAME . ; org:Zendesk +*.zendesk.com. CNAME . +zendesk.org. CNAME . ; org:Zendesk +*.zendesk.org. CNAME .diff --git a/unbound-rpz.sh b/unbound-rpz.sh@@ -0,0 +1,7 @@ +#!/bin/sh +sed -E \ + -e 's!#!;!' \ + -e 's!local-zone: "!!' \ + -e 's!" always_nxdomain!!' \ + -e 's!^([^;]+)(.*)$!\1 CNAME . \2\n*.\1 CNAME .!' \ + unbound-blocks.conf >|unbound-rpz.conf