无人机蜂群>> zabov>> 返回
项目作者: Loweel

项目描述 :
Tiny, single executable, easy to docker, replacement to piHole AD Block DNS filter.
高级语言: Go
项目地址: git://github.com/Loweel/zabov.git
创建时间: 2019-01-04T18:05:11Z
项目社区:https://github.com/Loweel/zabov
开源协议:MIT License
下载


zabov

Tiny replacement for piHole DNS filter

Still Work in progress, usable.

Idea is to produce a very simple, no-web-interface , IP DNS blocker.

INSTALL

Zabov requires golang 1.13 or later.

  1. git clone https://git.keinpfusch.net/Loweel/zabov.git
  2. cd zabov
  3. go get
  4. go build -mod=vendor

Then, edit config.json: please notice config.json must be in the same folder of the executable you run.

Just a few words about “singlefilters” and “doublefilters”:

Data must be downloaded from URLs of blacklist mantainers.They may come in different formats.

There are two kinds of blacklists:

One is the format zabov calls “singlefilter”, where we find a single column , full of domains:

  1. domain1.com
  2. domain2.com
  3. domain3.com

The second is the format zabov calls “doublefilter” (a file in “/etc/hosts” format, to be precise), where there is an IP, usually localhost or 0.0.0.0 and then the domain:

  1. 127.0.0.1 domain1.com
  2. 127.0.0.1 domain2.com
  3. 127.0.0.1 domain3.com

This is why configuration file has two separated items.

Minimal config file should look like:

  1. {
  2.     "zabov":{
  3.         "port":"53", 
  4.         "proto":"udp", 
  5.         "ipaddr":"0.0.0.0",
  6.         "cachettl": 1,
  7.         "killfilettl": 12,
  8.         "debug:"false"
  9.     },
  10.     "configs":{
  11.         "default":{
  12.             "upstream":"./dns-upstream.txt",
  13.             "singlefilters":"./urls-domains.txt",
  14.             "doublefilters":"./urls-hosts.txt", 
  15.             "blackholeip":"127.0.0.1",
  16.             "hostsfile":"./urls-local.txt",
  17.             "cache":true
  18.         },
  19.     }
  20. }

Global zabov settings:

  • port is the port number. Usually is 53, you can change for docker, if you like
  • proto is the protocol. Choices are “udp”, “tcp”, “tcp/udp”
  • ipaddr is the port to listen to. Maybe empty, (which will result in listening to 0.0.0.0) to avoid issues with docker.
  • cachettl: amount of time the cache is kept (in hours)
  • killfilettl: refresh time for killfiles
  • debug: if set to “true” Zabov prints verbose logs, such as config selection and single DNS requests

configs:

  • contains multiple zabov configuration dictionaries. “default” configuration name is mandatory
  • upstream: file containing all DNS we want to query : each line in format IP:PORT
  • singlefilters: name of the file for blacklists following the “singlefilter” schema.(one URL per line)
  • doublefilters: name of the file, for blacklists following the “doublefilter” schema.(one URL per line)
  • blackholeip: IP address to return when the IP is banned. This is because you may want to avoid MX issues, mail loops on localhost, or you have a web server running on localhost
  • hostsfile: path where you keep your local blacklistfile : this is in the format “singlefilter”, meaning one domain per line, unlike hosts file.
  • cache: if set to false disable the cache for this configuration. Boolean, defaults true

Advanced configuration includes support for multiple configurations based on IP Source and timetables:

  1. {
  2.     "zabov":{
  3.         "port":"53", 
  4.         "proto":"udp", 
  5.         "ipaddr":"0.0.0.0",
  6.         "cachettl": 1,
  7.         "killfilettl": 12,
  8.         "debug":"false",
  9.         "timetable":"tt_default"
  10.     },
  11.     "localresponder":{
  12.         "responder":"192.168.178.1:53",
  13.         "localdomain":"fritz.box"
  14.     },
  15.     "ipaliases":{
  16.         "pc8":"192.168.178.29",
  17.         "lg-tv":"192.168.178.10",
  18.         "localhost":"127.0.0.1"
  19.     },
  20.     "ipgroups":[
  21.         {
  22.             "ips":["localhost", "::1", "192.168.178.30", "192.168.178.31", "pc8"],
  23.             "cfg":"",
  24.             "timetable":"tt_children"
  25.         },
  26.         {
  27.             "ips":["lg-tv"],
  28.             "cfg":"tv",
  29.             "timetable":""
  30.         }
  31.     ],
  32.     "timetables":{
  33.         "tt_children":{
  34.             "tables":[{"times":"00:00-05:00;8:30-12:30;18:30-22:59", "days":"Mo;Tu;We;Th;Fr;Sa;Su"}],
  35.             "cfgin":"children_restricted",
  36.             "cfgout":"default"
  37.         }
  38.         "tt_default":{
  39.             "tables":[{"times":"8:30-22:30", "days":"Su"}],
  40.             "cfgin":"children",
  41.             "cfgout":"default"
  42.         }
  43.     },
  44.     "configs":{
  45.         "default":{
  46.             "upstream":"./dns-upstream.txt",
  47.             "singlefilters":"./urls-domains.txt",
  48.             "doublefilters":"./urls-hosts.txt", 
  49.             "blackholeip":"127.0.0.1",
  50.             "hostsfile":"./urls-local.txt"
  51.         },
  52.         "children":{
  53.             "upstream":"./dns-upstream-safe.txt",
  54.             "singlefilters":"./urls-domains.txt",
  55.             "doublefilters":"./urls-hosts.txt", 
  56.             "blackholeip":"127.0.0.1",
  57.             "hostsfile":"./urls-local.txt"
  58.         },
  59.         "children_restricted":{
  60.             "upstream":"./dns-upstream-safe.txt",
  61.             "singlefilters":"./urls-domains-restricted.txt",
  62.             "doublefilters":"./urls-hosts-restricted.txt", 
  63.             "blackholeip":"127.0.0.1",
  64.             "hostsfile":"./urls-local.txt"
  65.         },
  66.         "tv":{
  67.             "upstream":"./dns-upstream.txt",
  68.             "singlefilters":"",
  69.             "doublefilters":"", 
  70.             "blackholeip":"127.0.0.1",
  71.             "hostsfile":"",
  72.             "cache":false
  73.         }
  74.     }
  75. }

Global zabov settings:

  • timetable: sets the global/default timetable. This table will be used for any client that is not already included in an IP group

localresponder:

  • allows to set a local DNS to respond for “local” domains. A domain name is handled as “local” if dosen’t contains “.” (dots) or if it ends with a well known prefix, such as “.local”.
    Note: the cache is not used for local responder.
  • responder: is the local DNS server address in the IP:PORT format.
  • localdomain: is the suffix for local domain names. All domains ending with this prefix are resolved by local responder

ipaliases: a dictionary of IPs

  • each entry in this dictionary define a domain-alias name and his IP address. It works as replacement of /etc/hosts file.
  • each entry is used by Zabov to resolve that names and to replace any value in the ipgroups.ips array.

timetables: a dictionary of timetable dictionaries

  • allow to define timetables in the format “time-ranges” and “days-of-week”
  • tables: contain an array of dictionaries, each defining a time rule.
    • each table is a dictinary containing “time” and “days” values
    • time: is a string in the form “start:time1-stop:time1;start:time2-stop:time2…”
    • days: is a string containing semicolon separated day names to apply the rule such as “Mo;Tu;We;Th;Fr”
      • days names are: “Mo”, “Tu” “We”, “Th”, “Fr”, “Sa”, “Su”
      • empty value means all week-days
        You can define complex time rules using more than one entry in this dictionay
  • cfgin: is the name of the configuration to apply if current time is “inside” the timetable
  • cfgout: is the name of the configuration to apply if current time is “outside” the timetable

ipgroups: an array of ipgroup dictionaries

  • let you define a set of IP addresses that shall use a configuration other than “default”
  • ips: is an array of strings, each containing an ip address or a name defined in the “ipaliases” config branch
  • cfg: is a string containing the name of the configuration to be used for this group; ignored if timetable is also defined
  • timetable: is a string containing the name of the tiemtable to be aplied to this group

DOCKER

Multistage Dockerfiles are provided for AMD64, ARMv7, ARM64V8

NOTE: you shall use TZ env var to change docker image timezone. TZ defaults to CET.

TODO:

  • caching
  • monitoring port