Knot resolver and RPZ

Software SW help
26

So for everyone willing to try this.
I took the guide jklaas posted and combined it with other info in the thread to make a beginner guide.

1). First open /etc/config/resolver with a text editor such as vi:

vi /etc/config/resolver

Look for the following:

config resolver 'kresd'
       option rundir '/tmp/kresd'
       option log_stderr '1'
       option log_stdout '1'
       option forks '1'
       #option include_config '/tmp/kresd.custom.conf'
       #option hostname_config '/etc/hosts'

And change it to:

config resolver 'kresd'
       option rundir '/tmp/kresd'
       option log_stderr '1'
       option log_stdout '1'
       option forks '1'
       option include_config '/etc/kresd/custom.conf'
       #option hostname_config '/etc/hosts'

Also look for the following:

config resolver 'common'
        list interface '0.0.0.0'
        list interface '::0'
        option port '53'
        option keyfile '/etc/root.keys'
        option verbose '0'
        option msg_buffer_size '4096'
        option msg_cache_size '20M'
        option net_ipv6 '1'
        option net_ipv4 '1'
        option forward_upstream '1'
        option prefered_resolver 'kresd'
        option ignore_root_key '0'
        option prefetch 'yes'

And change it to the following:

config resolver 'common'
        list interface '0.0.0.0'
        list interface '::0'
        option port '53'
        option keyfile '/etc/root.keys'
        option verbose '0'
        option msg_buffer_size '4096'
        option msg_cache_size '20M'
        option net_ipv6 '1'
        option net_ipv4 '1'
        option forward_upstream '0'
        option prefered_resolver 'kresd'
        option ignore_root_key '0'
        option prefetch 'yes'

2). Open /etc/kresd/custom.conf with a text editor:

vi /etc/kresd/custom.conf

Add the following lines in the specified to the file:

policy.add(policy.rpz(policy.DENY, '/etc/kresd/blacklist.rpz'))
policy.add(policy.all(policy.FORWARD('8.8.8.8')))
policy.add(policy.all(policy.FORWARD('8.8.4.4')))

3). Create a script file called “generate_blacklist.sh” in the following location /usr/local witht he following command:

vi /etc/kresd/generate_blacklist.sh

Add the following text/script:

#!/bin/bash

blacklistfile="/etc/kresd/blacklist.rpz"

cat > $blacklistfile <<EOF
\$TTL 60
@		IN	SOA  localhost. root.localhost.  (
			2   ; serial 
			3H  ; refresh 
			1H  ; retry 
			1W  ; expiry 
			1H) ; minimum 
		IN	NS    localhost.

EOF

{
    wget -q 'http://malwaredomains.lehigh.edu/files/immortal_domains.txt' -O - | grep -v \#; \
    wget -q 'http://pgl.yoyo.org/adservers/serverlist.php?hostformat=nohtml&showintro=1&startdate%5Bday%5D=&startdate%5Bmonth%5D=&startdate%5Byear%5D=&mimetype=plaintext' -O - ; \
    wget -q 'http://malwaredomains.lehigh.edu/files/BOOT' -O - | grep PRIMARY | cut -d " " -f 2; \
} | sort -u | sed -e 's/.*/\0\tCNAME\t.\n*.\0\tCNAME\t./' >> $blacklistfile

/etc/init.d/kresd reload

4). Make the above script exacuteable with the following command:

chmod +x /etc/kresd/generate_blacklist.sh

5). Create a cronjob to exactue the above script, make a cronjob with the following command:

crontab -e

And add the following line:

6 1 * * 3 /etc/kresd/generate_blacklist.sh

That should be all…
Please give love/thanks to jklaas, cabal, Leonardo and all others that helped in this thread

P.S. If I made any mistakes please let me know and I’ll correct them asap

7 Likes