hosts

The hosts CLI tool generates a DNS sinkhole configuration ready to be imported in an unbound instance.
It retrieves data from curated {block,safe}lists - see sources.

NB: unbound's setup is not covered here.

Installation

$ go install github.com/da-rod/hosts@latest

Usage

$ hosts -h
Usage of ~/go/bin/hosts:
  -output string
        output file name (default "/etc/unbound/unbound.conf.d/blocklist.conf")
  -sources string
        file containing the sources to retrieve the lists (default "$GOPATH/src/github.com/da-rod/hosts/sources.json")

Docker

Use the image from Docker Hub:

$ docker run -d --name unbound-blockhole -p 53:53/udp -p 53:53/tcp peper/unbound-blockhole

Or build your own image:

$ docker build -t unbound-blockhole .

Systemd

For an automated setup, you can add it to systemd so that:

1. the blocklist is updated periodically
2. it gets reloaded by unbound

In order to achieve this, follow these steps:

$ sudo mv systemd/* /etc/systemd/system/
# Make sure that the path to the binary is correct in the service file...
$ sudo systemctl enable unbound-blocklist.timer
$ sudo systemctl start unbound-blocklist.timer

# Verify:
$ awk '/zone/ {print$2}' /etc/unbound/unbound.conf.d/blocklist.conf | shuf -n1 | xargs dig +short
0.0.0.0     # yay!!

Thanks to

• http://malwaredomains.usu.edu/
• https://dshield.org/suspicious_domains.html
• https://github.com/StevenBlack/hosts
• https://github.com/anudeepND/whitelist & https://github.com/anudeepND/blacklist
• https://github.com/disconnectme
• https://github.com/matomo-org/referrer-spam-blacklist
• https://phishing.army/