commit 08c4d3ed630fdedb2872043ea1f73e81fc451230 Author: Dustin C. Hatch Date: Sun Sep 6 10:25:25 2020 -0500 Initial commit diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..c25ce77 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +*.zone diff --git a/README.rst b/README.rst new file mode 100644 index 0000000..dbd733f --- /dev/null +++ b/README.rst @@ -0,0 +1,36 @@ +=================================== +BIND Response Policy Zone Generator +=================================== + +The :file:`rpzgen.py` script will generate a BIND response policy zone (RPZ) +definition from a list of "hosts files." These files contain a list of DNS +domains to be "blocked" by the resolver, preventing clients from reaching the +servers at those names. + +Currently, the following hosts lists are used: + +* `StevenBlack's Consolidated Hosts list`_ +* Custom list + +Host lists must be in the standard "hosts file" format (i.e. an IP address, +followed by whitespace, followed by a DNS name. Only the first name on each +line is used. Wildcard names are permitted. + + +Requirements +============ + +Only Python 3 is required; no external dependencies are used. + + +Usage +===== + +The generated RPZ file is written to standard output. To save it to a file, +use shell redirection: + +.. code:: sh + + ./rpzgen.py > blackhole.rpz.zone + +.. _StevenBlack's Consolidated Hosts list: https://github.com/StevenBlack/hosts diff --git a/hosts b/hosts new file mode 100644 index 0000000..aae3bb8 --- /dev/null +++ b/hosts @@ -0,0 +1,6 @@ +# Block UniFi telementry +0.0.0.0 unifi-report.ubnt.com +0.0.0.0 ping.ui.com + +# Block Roomba from accessing "the cloud" +0.0.0.0 *.irobotapi.com diff --git a/rpzgen.py b/rpzgen.py new file mode 100755 index 0000000..5ef2746 --- /dev/null +++ b/rpzgen.py @@ -0,0 +1,41 @@ +#!/usr/bin/env python +import datetime +import string +import sys +import urllib.request + +HOST_LISTS = [ + 'hosts', + 'https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews-gambling/hosts', +] + +ZONE_HEADER = string.Template('''\ +$$TTL 3H +@ IN SOA @ rname.invalid. ( + ${serial} ; serial + 1D ; refresh + 1H ; retry + 1W ; expire + 3H ) ; minimum + NS @ + A 127.0.0.1 + AAAA ::1 + +nextcloud.pyrocufflink.net CNAME cloud0.pyrocufflink.blue. + +''') + +serial = datetime.datetime.now().strftime('%Y%m%d%H%M%S') + +sys.stdout.write(ZONE_HEADER.substitute(serial=serial)) + +for hostlist in HOST_LISTS: + if urllib.parse.urlsplit(hostlist).netloc: + f = urllib.request.urlopen(hostlist) + else: + f = open(hostlist, 'rb') + with f: + for line in f.readlines(): + if line.startswith(b'0.0.0.0 '): + name = line.strip().split()[1].decode() + sys.stdout.write(f'{name} CNAME .\n')