add dns resolvers

Author: tbds

README.md

@@ -15,37 +15,41 @@ TL:DR `cat domains-{ads,tracking,malware} > /dev/null`
 
 This bash script intends to extract domains lists from various sources.
 It is a replacement for ad blocking extensions in your browser.
-It blocks ads, malware, trackers at DNS level.
+It [blocks ads, malware, trackers at DNS level](https://en.wikipedia.org/wiki/DNSBL).
 
 ## Why
 
  - [Major sites including New York Times and BBC hit by 'ransomware' malvertising](http://www.theguardian.com/technology/2016/mar/16/major-sites-new-york-times-bbc-ransomware-malvertising)
  - [Adblocking: advertising 'accounts for half of data used to read articles'](http://www.theguardian.com/media/2016/mar/16/ad-blocking-advertising-half-of-data-used-articles)
+ - [The Verge's web sucks](http://blog.lmorchard.com/2015/07/22/the-verge-web-sucks/) and [The web is Doom](https://mobiforge.com/research-analysis/the-web-is-doom)
 
 ## What the scripts does?
 
  - Backup the original configuration file
  - Download and merge domains lists from various sources.
  - Create a cron job to automaticly update the hosts file, default every week (optional)
 
-## Benefits
+## Benefits and Features
 
  - Low CPU and RAM usage.
- - Speeds up your Internet use since the local dnsmasq file is checked first, before send a DNS request.
- - Data savings since the ad content is never downloaded.
- - Not just for browsers, it blocks ads and malware across the entire operative system.
+ - **Speeds up your Internet** use since the local file is checked first, before send a DNS request.
+ - **Data savings** since the ad content is never downloaded.
  - Stops ad tracking.
  - Blocks spyware and malware. That increases the safety of your networking experience.
+ - Not just for browsers, it blocks ads and malware across the entire operative system.
 
-## Dependencies
 
+## Dependencies
 
  - [GNU bash](http://www.gnu.org/software/bash/bash.html)
  - [GNU sed](http://www.gnu.org/software/sed)
  - [GNU grep](http://www.gnu.org/software/grep/grep.html)
  - [GNU coreutils](http://www.gnu.org/software/coreutils)
- - [GNU wget](https://www.gnu.org/software/wget/)  or [curl](http://curl.haxx.se/)
- - [dnsmasq](http://www.thekelleys.org.uk/dnsmasq/doc.html)
+ - [GNU wget](https://www.gnu.org/software/wget/) or [cURL](http://curl.haxx.se/) (default)
+ - DNS cacher: [Dnsmasq](http://www.thekelleys.org.uk/dnsmasq/doc.html) (default), [Unbound](https://unbound.net/) or [Pdnsd](http://members.home.nl/p.a.rombouts/pdnsd/index.html)
+ - Caching web proxy: [Polipo](https://www.irif.univ-paris-diderot.fr/~jch//software/polipo/) (optional)
+ - Filtering web proxy: [Privoxy](http://www.privoxy.org/) (optional)
+
 
 ## Install
 
@@ -55,8 +59,9 @@ cd FreeContibutor/src
 sudo ./installer.sh
 ```
 
+FreeContributor has some scripts, such as, exporting uBlock or uMatrix rules to dnsmasq format
 
-#### Sources
+## Sources
 
 FreeContributor downloads external files; each has its own license, detailed in the list below.
 
@@ -70,21 +75,95 @@ FreeContributor downloads external files; each has its own license, detailed in
 |[Dan Pollock’s hosts file](http://someonewhocares.org/hosts/)                     | non-commercial |
 |[CAMELEON](http://sysctl.org/cameleon/)                                           | ? |
 |[StevenBlack/hosts](https://github.com/StevenBlack/hosts/)                        | ? |
-|[quidsup/notrack](https://github.com/quidsup/notrack)                             | ? |
-|[gorhill's uMatrix Blocklist](https://github.com/gorhill/uMatrix)                 | ? |
+|[Quidsup/notrack](https://github.com/quidsup/notrack)                             | ? |
+|[Gorhill's uMatrix Blocklist](https://github.com/gorhill/uMatrix)                 | ? |
 |[Malware Domain List](http://www.malwaredomainlist.com/hostslist/hosts.txt)       | |
 |[AdBlock Manager](http://adblock.gjtech.net/?format=unix-hosts)                   | CC Attribution 3.0 |
-|[hostfile project](http://hostsfile.org/hosts.html)                               | LGPL as GPLv2 |
+|[Hostfile project](http://hostsfile.org/hosts.html)                               | LGPL as GPLv2 |
 |[Airelle's host file](http://rlwpx.free.fr/WPFF/hosts.htm)                        | CC Attribution 3.0 |
 |[The Hosts File Project](http://hostsfile.mine.nu)                                | LGPL |
 |[Mahakala](http://adblock.mahakala.is/)                                           | ? |
-|[Secure Mecca](http://securemecca.com/Downloads/hosts.txt)                        | LGPL as GPLv2 |
-|[spam404scamlist](http://spam404bl.com/spam404scamlist.txt)                       | |
-|[Malwaredomains](http://malwaredomains.lehigh.edu/files/domains.txt)              | |
-|[Adzhosts](http://optimate.dl.sourceforge.net/project/adzhosts/HOSTS.txt)         | |
+|[Secure Mecca](http://securemecca.com/)                                           | LGPL as GPLv2 |
+|[Spam404scamlist](http://spam404bl.com/)                                          | |
+|[Malwaredomains](http://malwaredomains.lehigh.edu/)                               | |
+|[Adzhosts](https://sourceforge.net/projects/adzhosts/)                            | |
 |[Zeustracker](hhttps://zeustracker.abuse.ch/blocklist.php)                        | |
 |[hosts.eladkarako.com](http://hosts.eladkarako.com/)                              | |
-|[Malekal](http: //www.malekal.com/HOSTS_filtre/HOSTS.txt)                         | |
+|[Malekal](http://www.malekal.com/)                                                | |
+
+## DNS 101
+
+Without an custom DNS Server
+
+----
++----+      +------------+      +------------------+      +------------------------+
+| PC | <==> | DNS Server | <==> | Other DNS Server | <==> | example.tld = ip adress|
++----+      +------------+      +------------------+      +------------------------+
+
+then
+
++----+      +-------------------------- + 
+| PC | <==> | ip adress of example.tld  |
++----+      +---------------------------+ 
+----
+
+With a local DNS resolver
+
+----
++----+      +----------------+      +------------------+      +------------------+
+| PC |      | DNS Server     | <==> | Other DNS Server | <==> | goodwebsite.tld  |
++----+      +----------------+      +------------------+      +------------------+
+  ^^             ^^                                                    ||
+  ||             ||                                                    || 
+  vv             ||                                                    ||
++--------------------+      +----------------------------------------------------+
+| local DNS resolver | <==> | ads.example.tld = 127.0.0.1 or 0.0.0.0 or NXDOMAIN | 
++--------------------+      +----------------------------------------------------+
+                                                     +------------+    ||
+                                                     | DNS cache  |  <= /
+                                                     +------------+
+
+future requests of goodwebsite.tld
+
++----+      +--------------------+      +------------------------------------------+
+| PC | <==> | local DNS resolver | <==> | DNS cache of goodwebsite.tld = ip adress |
++----+      +--------------------+      +------------------------------------------+
+----
+
+## Hosts vs DNS resolver
+
+The hosts blocking method can not use wildcards (*) and and therefore someone must keep track 
+of each subdomain that should be blocked. Some DNS caching servers can block the domain and
+subdomains with just one rule. For example `/etc/hosts`
+
+   127.0.0.1 example.tld
+   0.0.0.0 example.tld
+
+Will redirect example.tld to the localhost, but not ads.example.tld. With a dns caching server,
+such as Dnsmasq, for example `/etc/dnsmasq.conf`
+
+   address=/example.tld/127.0.0.1
+   address=/example.tld/0.0.0.0
+   server=/example.tld/
+ 
+Will redirect example.tld and all subdomains to 127.0.0.1 or 0.0.0.0. Better yet, it can 
+return NXDOMAIN.
+
+
+## Comparasion
+
+
+| Program              | Language      | Adblocking Method                              |
+| :-------------       | :-------------| :----------------------------------------------|
+| FreeContributor      | Bash          | DNS caching server (Dnsmasq, Unbound or Pdnsd) |
+| Pi-Hole              | Bash, Php     | Hosts with Dnsmasq (for cache only)            |
+| NoTrack              | Bash, Php     | Hosts with Dnsmasq (for cache only)            |
+| Hostsblock           | Bash          | Hosts with Dnsmasq (for cache only)            |
+| dnsgate              | Python        | Hosts or Dnsmasq                               |
+| StevenBlack/hosts    | Python        | Hosts                                          |
+| adsuck               | C             | DNS server                                     |
+| pfBlockerNG          | Sh, PHP       | DNS caching server: Unbound                    |
+
 
 ## License
 

conf/pdnsd.conf

@@ -0,0 +1,143 @@
+// Sample pdnsd configuration file. Must be customized to obtain a working pdnsd setup!
+// Read the pdnsd.conf(5) manpage for an explanation of the options.
+// Add or remove '#' in front of options you want to disable or enable, respectively.
+// Remove '/*' and '*/' to enable complete sections.
+
+global {
+	perm_cache=1024;
+	cache_dir="/var/cache/pdnsd";
+#	pid_file = /var/run/pdnsd.pid;
+	run_as="pdnsd";
+	server_ip = 127.0.0.1;  # Use eth0 here if you want to allow other
+				# machines on your network to query pdnsd.
+	status_ctl = on;
+#	paranoid=on;       # This option reduces the chance of cache poisoning
+	                   # but may make pdnsd less efficient, unfortunately.
+	query_method=udp_tcp;
+	min_ttl=15m;       # Retain cached entries at least 15 minutes.
+	max_ttl=1w;        # One week.
+	timeout=10;        # Global timeout option (10 seconds).
+	neg_domain_pol=on;
+	udpbufsize=1024;   # Upper limit on the size of UDP messages.
+}
+
+# The following section is most appropriate if you have a fixed connection to
+# the Internet and an ISP which provides good DNS servers.
+server {
+	label= "myisp";
+	ip = 192.168.0.1;  # Put your ISP's DNS-server address(es) here.
+#	proxy_only=on;     # Do not query any name servers beside your ISP's.
+	                   # This may be necessary if you are behind some
+	                   # kind of firewall and cannot receive replies
+	                   # from outside name servers.
+	timeout=4;         # Server timeout; this may be much shorter
+			   # that the global timeout option.
+	uptest=if;         # Test if the network interface is active.
+	interface=eth0;    # The name of the interface to check.
+	interval=10m;      # Check every 10 minutes.
+	purge_cache=off;   # Keep stale cache entries in case the ISP's
+			   # DNS servers go offline.
+	edns_query=yes;    # Use EDNS for outgoing queries to allow UDP messages
+			   # larger than 512 bytes. May cause trouble with some
+			   # legacy systems.
+#	exclude=.thepiratebay.org,  # If your ISP censors certain names, you may
+#		.thepiratebay.se,   # want to exclude them here, and provide an
+#		.piratebay.org,	    # alternative server section below that will
+#		.piratebay.se;	    # successfully resolve the names.
+}
+
+/*
+# The following section is more appropriate for dial-up connections.
+# Read about how to use pdnsd-ctl for dynamic configuration in the documentation.
+server {
+	label= "dialup";
+	file = "/etc/ppp/resolv.conf";  # Preferably do not use /etc/resolv.conf
+	proxy_only=on;
+	timeout=4;
+	uptest=if;
+	interface = ppp0;
+	interval=10;       # Check the interface every 10 seconds.
+	purge_cache=off;
+	preset=off;
+}
+*/
+
+/*
+# The servers provided by OpenDNS are fast, but they do not reply with
+# NXDOMAIN for non-existant domains, instead they supply you with an
+# address of one of their search engines. They also lie about the addresses of 
+# of the search engines of google, microsoft and yahoo.
+# If you do not like this behaviour the "reject" option may be useful.
+server {
+	label = "opendns";
+	ip = 208.67.222.222, 208.67.220.220;
+	reject = 208.69.32.0/24,  # You may need to add additional address ranges
+	         208.69.34.0/24,  # here if the addresses of their search engines
+	         208.67.219.0/24; # change.
+	reject_policy = fail;     # If you do not provide any alternative server
+	                          # sections, like the following root-server
+	                          # example, "negate" may be more appropriate here.
+	timeout = 4;
+	uptest = ping;            # Test availability using ICMP echo requests.
+        ping_timeout = 100;       # ping test will time out after 10 seconds.
+	interval = 15m;           # Test every 15 minutes.
+	preset = off;
+}
+*/
+
+/*
+# This section is meant for resolving from root servers.
+server {
+	label = "root-servers";
+	root_server = discover; # Query the name servers listed below
+				# to obtain a full list of root servers.
+	randomize_servers = on; # Give every root server an equal chance
+	                        # of being queried.
+	ip = 	198.41.0.4,     # This list will be expanded to the full
+		192.228.79.201; # list on start up.
+	timeout = 5;
+	uptest = query;         # Test availability using empty DNS queries.
+#	query_test_name = .;    # To be used if remote servers ignore empty queries.
+	interval = 30m;         # Test every half hour.
+	ping_timeout = 300;     # Test should time out after 30 seconds.
+	purge_cache = off;
+#	edns_query = yes;	# Use EDNS for outgoing queries to allow UDP messages
+			   	# larger than 512 bytes. May cause trouble with some
+			   	# legacy systems.
+	exclude = .localdomain;
+	policy = included;
+	preset = off;
+}
+*/
+
+source {
+	owner=localhost;
+#	serve_aliases=on;
+	file="/etc/hosts";
+}
+
+/*
+include {file="/etc/pdnsd.include";}	# Read additional definitions from /etc/pdnsd.include.
+*/
+
+rr {
+	name=localhost;
+	reverse=on;
+	a=127.0.0.1;
+	owner=localhost;
+	soa=localhost,root.localhost,42,86400,900,86400,86400;
+}
+
+/*
+neg {
+	name=doubleclick.net;
+	types=domain;   # This will also block xxx.doubleclick.net, etc.
+}
+*/
+
+/*
+neg {
+	name=bad.server.com;   # Badly behaved server you don't want to connect to.
+	types=A,AAAA;
+}
+*/