Block ads and malicious domains with response policy zones

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for stevekroh from gravatar.com stevekroh

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: GNU General Public License v3 or later (GPLv3+) (GPLv3)
  • Author: Steven Kroh
  • Tags dns , rpz , rpz-feed , pihole
  • Requires: Python >=3.6
Classifiers
Report project as malware

Project description

rpz-manager

Block ads and malicious domains with response policy zones.

GitHub release (latest SemVer) PyPI PyPI - Python Version GitHub commit activity GitHub commits since latest release (by SemVer) GitHub Workflow Status (branch)

From Wikipedia:

A response policy zone (RPZ) is a mechanism to introduce a customized policy in Domain Name System servers, so that recursive resolvers return possibly modified results. By modifying a result, access to the corresponding host can be blocked.

This program allows you to build and maintain RPZ zones from domain blocklist feeds. The resulting zones can be used with ISC bind (and other compatible DNS servers).

rpz-manager is easy to deploy. Just copy it to your PATH. Optionally write a config file, set up logging, or use a cron job to keep your zone fresh.

Before you Start

Make sure to understand DNS RPZ before using this tool. These sites provide great documentation:

At minimum, you must create a new zone clause for RPZ and mention that zone in a response-policy statement.

How to Install

Run the following as root.

# Download rpz-manager
curl -Ss https://raw.githubusercontent.com/stevekroh/rpz-manager/version-0.x/rpz_manager.py \
  -o /usr/local/bin/rpz-manager

# Set the executable bit
chmod 755 /usr/local/bin/rpz-manager

Alternatively, create a virtualenv and run pip install rpz-manager.

Quick Start

# View the help screen
rpz-manager --help

# Write, then review /etc/rpz-manager.ini
rpz-manager --init

# Optionally set up logging
curl -Ss https://raw.githubusercontent.com/stevekroh/rpz-manager/version-0.x/config/rpz-loggers.ini \
  -o /etc/rpz-loggers.ini

# Download block lists then write an RPZ zone file
rpz-manager

Automate with Ansible

Add the following to your role or playbook.

# Customize rpz-manager.ini and save it under files
- name: upload rpz-manager.ini
  copy:
    src: files/rpz-manager.ini
    dest: /etc/rpz-manager.ini
    owner: root
    group: root
    mode: 'u=rw,g=r,o=r'

# Customize rpz-loggers.ini and save it under files
- name: upload rpz-loggers.ini
  copy:
    src: files/rpz-loggers.ini
    dest: /etc/rpz-loggers.ini
    owner: root
    group: root
    mode: 'u=rw,g=r,o=r'

# rpz-manager will be updated to the latest version when force=yes
- name: download rpz-manager
  get_url:
    url: https://raw.githubusercontent.com/stevekroh/rpz-manager/version-0.x/rpz_manager.py
    dest: /usr/local/bin/rpz-manager
    force: yes
    owner: root
    group: root
    mode: 'u=rwx,g=rx,o=rx'

# Use a cron job to keep your zone fresh
- name: run rpz-manager daily
  cron:
    name: rpz-manager
    special_time: daily
    job: /usr/local/bin/rpz-manager
    user: root

Run Without Root

It is possible to run rpz-manager without root permissions, though you must be sure to update all relevant settings pertaining to the user.

For example:

# Create an administrator belonging to the named group
useradd -m -G named admin

# Create the user cache directory
mkdir -p /home/admin/.cache

# Run rpz-manager
rpz-manager -o rpz.example.com. -z /var/named/rpz.example.com.zone \
  -u admin -g named -d /home/admin/.cache

Inspired by Trellmor/bind-adblock.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for stevekroh from gravatar.com stevekroh

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: GNU General Public License v3 or later (GPLv3+) (GPLv3)
  • Author: Steven Kroh
  • Tags dns , rpz , rpz-feed , pihole
  • Requires: Python >=3.6
Classifiers

Release history Release notifications | RSS feed

This version

0.2

0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

rpz-manager-0.2.tar.gz (25.1 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

rpz_manager-0.2-py2.py3-none-any.whl (24.6 kB view details)

Uploaded Python 2Python 3

File details

Details for the file rpz-manager-0.2.tar.gz.

File metadata

  • Download URL: rpz-manager-0.2.tar.gz
  • Upload date:
  • Size: 25.1 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.1.1 pkginfo/1.5.0.1 requests/2.22.0 setuptools/46.0.0 requests-toolbelt/0.9.1 tqdm/4.41.0 CPython/3.8.3

File hashes

Hashes for rpz-manager-0.2.tar.gz
Algorithm Hash digest
SHA256 55610ee9d744e586a55ff1ca32567a597c18f274d11cf5bc19d26cb7a13a78b7
MD5 21a8a496c995ab4a795a76373638eede
BLAKE2b-256 f1cff25e2cd337121841ffbb60ebf798e628ad60d037b6caf429c721812d5b0f

See more details on using hashes here.

File details

Details for the file rpz_manager-0.2-py2.py3-none-any.whl.

File metadata

  • Download URL: rpz_manager-0.2-py2.py3-none-any.whl
  • Upload date:
  • Size: 24.6 kB
  • Tags: Python 2, Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.1.1 pkginfo/1.5.0.1 requests/2.22.0 setuptools/46.0.0 requests-toolbelt/0.9.1 tqdm/4.41.0 CPython/3.8.3

File hashes

Hashes for rpz_manager-0.2-py2.py3-none-any.whl
Algorithm Hash digest
SHA256 e69778b4b0e385329d7ffbf715c90cf3846512496e27b40fb05f6ad43ecf9f2c
MD5 ef145bb0e0bd08067c36424750cbd259
BLAKE2b-256 77efab14cc89e1baf1601a37dd3f581e02ac0f97fc337818dd3081fb6ce67bbd

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page