Block ads and malicious domains with response policy zones
Project description
rpz-manager
Block ads and malicious domains with response policy zones.
From Wikipedia:
A response policy zone (RPZ) is a mechanism to introduce a customized policy in Domain Name System servers, so that recursive resolvers return possibly modified results. By modifying a result, access to the corresponding host can be blocked.
This program allows you to build and maintain RPZ zones from domain blocklist feeds. The resulting zones can be used with ISC bind (and other compatible DNS servers).
rpz-manager is easy to deploy. Just copy it to your PATH. Optionally write a config file, set up logging, or use a cron job to keep your zone fresh.
Before you Start
Make sure to understand DNS RPZ before using this tool. These sites provide great documentation:
At minimum, you must create a new zone clause for RPZ and mention that zone in a response-policy statement.
How to Install
Run the following as root.
# Download rpz-manager
curl -Ss https://raw.githubusercontent.com/stevekroh/rpz-manager/version-0.x/rpz_manager.py \
-o /usr/local/bin/rpz-manager
# Set the executable bit
chmod 755 /usr/local/bin/rpz-manager
Alternatively, create a virtualenv and run pip install rpz-manager.
Quick Start
# View the help screen
rpz-manager --help
# Write, then review /etc/rpz-manager.ini
rpz-manager --init
# Optionally set up logging
curl -Ss https://raw.githubusercontent.com/stevekroh/rpz-manager/version-0.x/config/rpz-loggers.ini \
-o /etc/rpz-loggers.ini
# Download block lists then write an RPZ zone file
rpz-manager
Automate with Ansible
Add the following to your role or playbook.
# Customize rpz-manager.ini and save it under files
- name: upload rpz-manager.ini
copy:
src: files/rpz-manager.ini
dest: /etc/rpz-manager.ini
owner: root
group: root
mode: 'u=rw,g=r,o=r'
# Customize rpz-loggers.ini and save it under files
- name: upload rpz-loggers.ini
copy:
src: files/rpz-loggers.ini
dest: /etc/rpz-loggers.ini
owner: root
group: root
mode: 'u=rw,g=r,o=r'
# rpz-manager will be updated to the latest version when force=yes
- name: download rpz-manager
get_url:
url: https://raw.githubusercontent.com/stevekroh/rpz-manager/version-0.x/rpz_manager.py
dest: /usr/local/bin/rpz-manager
force: yes
owner: root
group: root
mode: 'u=rwx,g=rx,o=rx'
# Use a cron job to keep your zone fresh
- name: run rpz-manager daily
cron:
name: rpz-manager
special_time: daily
job: /usr/local/bin/rpz-manager
user: root
Run Without Root
It is possible to run rpz-manager without root permissions, though you must be sure to update all relevant settings pertaining to the user.
For example:
# Create an administrator belonging to the named group
useradd -m -G named admin
# Create the user cache directory
mkdir -p /home/admin/.cache
# Run rpz-manager
rpz-manager -o rpz.example.com. -z /var/named/rpz.example.com.zone \
-u admin -g named -d /home/admin/.cache
Inspired by Trellmor/bind-adblock.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for rpz_manager-0.2-py2.py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | e69778b4b0e385329d7ffbf715c90cf3846512496e27b40fb05f6ad43ecf9f2c |
|
| MD5 | ef145bb0e0bd08067c36424750cbd259 |
|
| BLAKE2b-256 | 77efab14cc89e1baf1601a37dd3f581e02ac0f97fc337818dd3081fb6ce67bbd |
