{"id":15653417,"url":"https://github.com/hectorm/hblock-resolver","last_synced_at":"2025-04-15T05:47:38.834Z","repository":{"id":35697547,"uuid":"136981849","full_name":"hectorm/hblock-resolver","owner":"hectorm","description":"A Docker image of Knot DNS Resolver with hBlock.","archived":false,"fork":false,"pushed_at":"2025-03-14T17:38:46.000Z","size":432,"stargazers_count":32,"open_issues_count":1,"forks_count":6,"subscribers_count":5,"default_branch":"master","last_synced_at":"2025-04-15T05:47:31.470Z","etag":null,"topics":["ad-blocker","adblock","adblocker","ads","blocker","containers","dns","dns-over-tls","dns-resolver","dns-server","docker","malware","privacy","protection","ransomware","resolver","security","trackers","tracking","trojans"],"latest_commit_sha":null,"homepage":"https://hub.docker.com/r/hectorm/hblock-resolver","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/hectorm.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":"hectorm","custom":"https://hector.molinero.dev/donate"}},"created_at":"2018-06-11T21:15:56.000Z","updated_at":"2025-03-31T14:07:26.000Z","dependencies_parsed_at":"2023-02-15T18:35:47.846Z","dependency_job_id":"d7178b0b-2825-4ec5-b870-f43904ace62b","html_url":"https://github.com/hectorm/hblock-resolver","commit_stats":null,"previous_names":[],"tags_count":177,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hectorm%2Fhblock-resolver","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hectorm%2Fhblock-resolver/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hectorm%2Fhblock-resolver/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hectorm%2Fhblock-resolver/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hectorm","download_url":"https://codeload.github.com/hectorm/hblock-resolver/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":249016316,"owners_count":21198832,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ad-blocker","adblock","adblocker","ads","blocker","containers","dns","dns-over-tls","dns-resolver","dns-server","docker","malware","privacy","protection","ransomware","resolver","security","trackers","tracking","trojans"],"created_at":"2024-10-03T12:45:37.383Z","updated_at":"2025-04-15T05:47:38.802Z","avatar_url":"https://github.com/hectorm.png","language":"Shell","readme":"# hBlock Resolver\n\nA Docker image of [Knot Resolver](https://www.knot-resolver.cz) configured to automatically block ads, tracking and malware domains with\n[hBlock](https://github.com/hectorm/hblock).\n\n## Start an instance\n\n```sh\ndocker run --detach \\\n  --name hblock-resolver \\\n  --publish 127.0.0.153:53:53/udp \\\n  --publish 127.0.0.153:53:53/tcp \\\n  --publish 127.0.0.153:443:443/tcp \\\n  --publish 127.0.0.153:853:853/tcp \\\n  --publish 127.0.0.153:8453:8453/tcp \\\n  --mount type=volume,src=hblock-resolver-data,dst=/var/lib/knot-resolver/ \\\n  docker.io/hectorm/hblock-resolver:latest\n```\n\n\u003e **Warning:** do not expose this service to the open internet. An open DNS resolver represents a significant threat and it can be used in a number of\n\u003e different attacks, such as [DNS amplification attacks](https://www.cloudflare.com/learning/ddos/dns-amplification-ddos-attack/).\n\n## Environment variables\n\n#### `KRESD_CACHE_SIZE` (default: `50`)\nMaximum cache size in megabytes.\n\n#### `KRESD_DNS{1..4}_IP` (default: `1.1.1.1@853` and `1.0.0.1@853`)\nIP (and optionally port) of the DNS-over-TLS server to which the queries will be forwarded\n([alternative DoT servers](https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Public+Resolvers#DNSPrivacyPublicResolvers-DNS-over-TLS(DoT))).\n\n#### `KRESD_DNS{1..4}_HOSTNAME` (default: `cloudflare-dns.com`)\nHostname of the DNS-over-TLS server to which the queries will be forwarded\n([CA+hostname authentication docs](https://knot-resolver.readthedocs.io/en/stable/modules-policy.html#ca-hostname-authentication)).\n\n#### `KRESD_DNS{1..4}_PIN_SHA256` (default: empty)\nCertificate hash of the DNS-over-TLS server to which the queries will be forwarded\n([key-pinned authentication docs](https://knot-resolver.readthedocs.io/en/stable/modules-policy.html#key-pinned-authentication)).\n\n#### `KRESD_INSTANCE_NUMBER` (default: `1`)\nNumber of instances to launch.\n\n#### `KRESD_RECENTLY_BLOCKED_NUMBER` (default: `100`)\nNumber of recently blocked domains to store in memory for each instance.\nThe `/recently_blocked` endpoint returns an aggregated list of all instances.\n\n#### `KRESD_CERT_MANAGED` (default: `true`)\nIf equals `true`, a self-signed certificate will be generated. You can provide your own certificate with these options:\n```\n  --env KRESD_CERT_MANAGED=false \\\n  --mount type=bind,src=/path/to/server.key,dst=/var/lib/knot-resolver/ssl/server.key,ro \\\n  --mount type=bind,src=/path/to/server.crt,dst=/var/lib/knot-resolver/ssl/server.crt,ro \\\n```\n\u003e **Note:** for a more advanced setup, look at the [following example](examples/caddy) with [Let's Encrypt](https://letsencrypt.org) and\n[Caddy](https://caddyserver.com/).\n\n#### `KRESD_NIC` (default: empty)\nIf defined, kresd will only listen on the specified interface. Some users observed a considerable, close to 100%, performance gain in Docker\ncontainers when they bound the daemon to a single interface:ip address pair\n([dynamic configuration docs](https://knot-resolver.readthedocs.io/en/latest/daemon-scripting.html?highlight=docker#lua-scripts),\n[CZ-NIC/knot-resolver#32](https://github.com/CZ-NIC/knot-resolver/pull/32)).\n\n#### `KRESD_LOG_LEVEL` (default: `notice`)\nSet the global logging level. The possible values are: `crit`, `err`, `warning`, `notice`, `info` or `debug`.\n\n## Additional configuration\n\nMain Knot DNS Resolver configuration is located in `/etc/knot-resolver/kresd.conf`. If you would like to add additional configuration, add one or more\n`*.conf` files under `/etc/knot-resolver/kresd.conf.d/`.\n\n## License\n\nSee the [license](LICENSE.md) file.\n","funding_links":["https://github.com/sponsors/hectorm","https://hector.molinero.dev/donate"],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhectorm%2Fhblock-resolver","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhectorm%2Fhblock-resolver","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhectorm%2Fhblock-resolver/lists"}