The latest bind file contains a catchall for the .info TLD. Would it be possible to remove/whitelist that TLD for the automated builds?

Hi!
One of the VPNs I use at a partner company is using az416426.vo.msecnd.net in their VPN login process. If this host is blocked, I cannot login to the VPN.

Can you please remove this host from the blacklist?
I believe removing this entry from the list could help others facing similar issues.

I forked this project and made some changes to suit my needs. What do you think about merging those big changes, @oznu? I suppose there are different purposes and needs, so no problem to separate and go on from there.

The TravisCI Build fails due to DockerHub API rate limiting. Options:

1. Authenticate, increasing the limit to 200
2. Use a caching proxy (does Travis provide one?)
3. Switch to a Build System that provides one (GitHubCI?)

Do you need help with any of those?

The current way of making the blocklist makes it such that the entries use the "address" option. It is quite easy to make a blocklist using the "server" as well from it in this way as well. This has the added advantage of dnsmasq responding with "NX Domain", causing the browser to not even attempt a lookup.

The new unbound function allows you to cut the block list in half

Unbound 1.13.1
Fix #397: [Feature request] add new type always_null to local-zone similar to always_nxdomain.

local-zone: "doubleclick.net" always_null

To flesh out the nxdomains, we can get an nxdomain for BIND9.10+ with Request Policy Zones, which are meant to serve local dns policy and function more or less as a dns-based firewall.

Essentially:

$ UPSTREAM_HOSTS_FILE='https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews-gambling-porn/hosts'
$ 
$ ## paths
$ TMP='/tmp'
$ SRC="${TMP}/hostfile.src"
$ TMP_RPZ="${TMP}/rpz"
$ 
$ ## functions
$ build_for_isc_bind() {
>   # build BIND9 RPZ zone file
>   echo '$TTL 3H' | tee ${TMP_RPZ} >/dev/null 2>&1
>   echo '@                       SOA LOCALHOST. blocked (1 1h 15m 30d 2h)' | tee --append ${TMP_RPZ} >/dev/null 2>&1
>   echo '                        NS  LOCALHOST.' | tee --append ${TMP_RPZ} >/dev/null 2>&1
>   echo '' | tee --append ${TMP_RPZ} >/dev/null 2>&1
>   awk '$1 == "0.0.0.0" {print $2, "CNAME", "."}' ${SRC} | grep -vE "^[0-9].*[0-9] CNAME \.$" | tee --append ${TMP_RPZ} >/dev/null 2>&1
> }
$ 
$ curl -Lo ${SRC} ${UPSTREAM_HOSTS_FILE} 2>/dev/null
$ build_for_isc_bind
$ 
$ head ${TMP_RPZ}
$TTL 3H
@                       SOA LOCALHOST. blocked (1 1h 15m 30d 2h)
                        NS  LOCALHOST.

1493361689.rsc.cdn77.org CNAME .
30-day-change.com CNAME .
2468.go2cloud.org CNAME .
adsmws.cloudapp.net CNAME .
androidads23.adcolony.com CNAME .
annualconsumersurvey.com CNAME .
$ 
$ # already run and applied system-wide
$ host 1493361689.rsc.cdn77.org
Host 1493361689.rsc.cdn77.org not found: 3(NXDOMAIN)

The whole domain lib.rus.ec is being blocked. This is domain of the Library Genesis project at http://gen.lib.rus.ec/ which aims at giving free access to scientific research. It is controversial as it violates copyright of large publishers, but otherwise does not publish malware etc so unless this blacklist aims at piracy prevention this one should be whitelisted.

In addition to DNS zone files, can you also add functionality to generate hosts file? It shouldn't be too hard I believe. The use-case is for personal computers.

The other project StevenBlack/hosts where you collect data from uses python.

Also, does this project include data from all sources mentioned in https://github.com/StevenBlack/hosts#list-of-all-hosts-file-variants?

It seems to me the unbound DNS zone file uses incorrect syntax.

The lines are formed like:
local-zone: "s.sh" static
[...]

where they should be:
local-zone: "s.sh" always_nxdomain
[...]

Could this be fixed please?

Thanks for your very useful work! - Mark

Wouldn't it be better to use RCODE 5 "REFUSED" as response type rather than NXDOMAIN, since we are filtering DNS requests?

e.g. for Unbound:
local-zone: evil.invalid refuse

Hi,

could you add a license you want to use? Maybe MIT since StevenBlack/hosts uses that. Otherwise Unlicense is possible as well.