Knot resolver and RPZ

Thank you for the answer. Indeed it’s ok

Check my script.
I’ve updated sed parameters and now it creates entries for domain and wildcard for subdomains:

domain.com CNAME .
*.domain.com CNAME .

@Giblet - update Your guide

1 Like

Done, and thanks for the headsup!

Hi, can you please summarize the above described procedure step by step for a man who does not control the Linux commands. Thank you

My post/guide contains the EXACT commands needed to get this to work.
I am not sure what I could do to make it any more clear

I have to check, so far not work

Thank you for the tutorial, i prefer this way - while adblock does not work with knot, this “project” does. And so far - it’s like the pihole :smiley:

So after a few days in use - some sites know that an adblocker is active while using this setup. Is it somehow possible do do it like the pihole (display 1px transparent graphic - sometimes you get empty windows with an X) instead?

This uses the same setup as pihole…
As in that it only blocks dns based domains, as does pihole.
So I suspect something else is going on (are you running adblock or something?)

Thx for the update - I used to have a old adblock on my smartphone (totally forgot it! removing that thing did the trick…grml…)
The new Version of the common on kred resolver has 2 new options set:

config resolver 'common'
...
        option static_domains '1'

config resolver 'kresd'
..
        option dynamic_domains '0'
        list rpz_file '/tmp/file.rpz'

is there an update of the tutorial needed?

You can pass ‘/etc/kresd/blacklist.rpz’ as param to list rpz_file and skip option include_config
If that new param works - it should simplify config.
I have not tested this, I stick to the old engeneering rule - works ok -> do not touch:)

Just checked that new option: it works ok in 3.6

thanks for this nice dns block tutorial!
i would like to add some german ad- and malware domains to the script…any good wget hints for a source?

thank you

1 Like

how should the wget magic syntax be look like for these txt files?
a simple wget -q 'URLTOMALWAREDOMAINS.txt' -O didnt work for me :-/

The script processes a single domain. So it depends what the format of URLTOMALWAREDOMAINS.txt returns. If it’s something like

domain.org A 127.0.0.1

You only want the the domain.org part.

You’ll need to do something like

wget -q ‘URLTOMALWAREDOMAINS.txt’ -O | awk ‘{ print $1 }’

instead. That’s just a simple example. Also there can be comment lines that you need to get rid of as well.

1 Like

Hi,

is your guide still up to date? I plan to add native knot support to the adblock package in LEDE/Openwrt and I am looking for beta testers with such turris devices …

Please contact me by mail (dev@brenken.org) if you interested.

Thanks!

This slightly confuses me, as there’s no package for knot-resolver in the official LEDE/Openwrt tree yet, AFAIK. Still, I assume you know what you’re doing.

@vcunat
It’s intended for turris users who wants to use my adblocker … at this stage they have to switch their dns backend and I want simply implement support for kresd but I need some volunteers for testing …