{"id":20121792,"url":"https://github.com/parseword/nolovia","last_synced_at":"2025-05-06T16:32:19.953Z","repository":{"id":56816028,"uuid":"80960668","full_name":"parseword/nolovia","owner":"parseword","description":"Nolovia is an ad/malware blocking configuration file generator for bind, NSD, and other DNS resolvers","archived":false,"fork":false,"pushed_at":"2024-10-31T20:46:27.000Z","size":68829,"stargazers_count":20,"open_issues_count":4,"forks_count":6,"subscribers_count":7,"default_branch":"master","last_synced_at":"2024-10-31T21:27:58.523Z","etag":null,"topics":["bind","blackhole","blacklist","dns","dns-firewall","dns-zone-manager","php","sinkhole"],"latest_commit_sha":null,"homepage":"","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/parseword.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-02-05T01:27:22.000Z","updated_at":"2024-10-31T20:46:31.000Z","dependencies_parsed_at":"2024-03-14T01:31:22.163Z","dependency_job_id":"c5751b0e-865a-45ec-9f2d-763ed7eb51e9","html_url":"https://github.com/parseword/nolovia","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/parseword%2Fnolovia","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/parseword%2Fnolovia/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/parseword%2Fnolovia/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/parseword%2Fnolovia/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/parseword","download_url":"https://codeload.github.com/parseword/nolovia/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":224513550,"owners_count":17323828,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bind","blackhole","blacklist","dns","dns-firewall","dns-zone-manager","php","sinkhole"],"created_at":"2024-11-13T19:32:42.391Z","updated_at":"2024-11-13T19:32:42.853Z","avatar_url":"https://github.com/parseword.png","language":"PHP","funding_links":[],"categories":[],"sub_categories":[],"readme":"# nolovia\nnolovia is an ad-blocking config file generator for `bind`, `NSD`, or other \nDNS resolvers\n\n_From Latin, loosely: **nolo**, I don't want; **via**, a path or route_.\n\nnolovia helps you implement a blackholing DNS server or DNS \"sinkhole\" firewall, \nby generating configuration files that block potentially malicious servers.\n\nnolovia ingests several public lists of advertising, tracking, analytics, malware, \ncryptojacking, and other undesirable servers. These lists are merged and minimized, \nthen exported as a config file suitable for use with the `bind` or `nsd` DNS resolvers. \nA corresponding blackhole [zone file](https://raw.githubusercontent.com/parseword/nolovia/master/blackhole.zone) is included.\n\n## Why operate a local DNS server? \n\nRunning your own DNS is a more powerful alternative to `hosts` file-based ad \nblocking and tracker blocking. \n\n* A DNS server can blackhole entire domains, even when you don't know all of their hostnames or subdomains.\n* With a local DNS server, you configure your blocking rules in one place, instead of constantly updating a text file on all the devices on your network. \n* Unlike `hosts` files, practically every smartphone will let you configure the DNS server without rooting it or installing custom software.\n\n## Using nolovia with `bind`\n\n1. Ensure you already have a working instance of the [`bind` DNS resolver](https://www.isc.org/downloads/bind/) prior to \nstarting. There are lots of tutorials on installing `bind` for your OS. \n\n2. Make a backup of your existing `named.conf` file. \n\n3. Obtain and run nolovia:\n\n`mkdir nolovia \u0026\u0026 cd nolovia`    \n`git clone https://github.com/parseword/nolovia.git .`    \n`php nolovia.php`\n\nThis will generate a file named `blackhole.conf`. \n\n4. Copy `blackhole.conf` and the included `blackhole.zone` file to locations that \nsuit your `bind` installation, like `/var/named/` or `c:\\bind\\`.\n\n5. Edit your `named.conf` to define an access control list (ACL) named \"recursers,\" \nthis will determine who's allowed to query your DNS server recursively. For \nsecurity purposes, only hosts on your local network should be allowed:\n\n    acl recursers {\n        localhost;\n        localnets;\n    };\n\nNow look at the `options { ... }` stanza in your `named.conf` and find the \nrecursion settings. To enable recursion *for the recursers ACL only*, set:\n\n    recursion yes;\n    allow-recursion { recursers; };\n\n6. Finally, add the following to the end of `named.conf`, specifying the path to\nwhich you copied `blackhole.conf`:\n\n    include \"/var/named/blackhole.conf\";\n\nRestart `bind` with `service named restart` or `rndc reload` as appropriate for \nyour system, and make sure all the devices on your network are set to use your \n`bind` instance as their DNS server.\n\n## Using nolovia with `NSD`\n\n1. Ensure you already have a working instance of the [`NSD` DNS resolver](https://www.nlnetlabs.nl/projects/nsd/) prior to \nstarting. There are lots of tutorials on installing `NSD` for your OS. \n\n2. Make a backup of your existing `nsd.conf` file. \n\n3. Obtain nolovia and create its configuration file:\n\n`mkdir nolovia \u0026\u0026 cd nolovia`    \n`git clone https://github.com/parseword/nolovia.git .`    \n`cp config.php-dist config.php`\n\n4. Edit config.php to enable `NSD` support\n\nOut of the box, nolovia's `NSD` support isn't enabled. Open the `config.php` \nfile in the editor of your choice, and look for this section, which is around \nline 70 as of this writing:\n\n    //nsd (disabled by default)\n    $r = new ResolverConfiguration('nsd');\n    $r-\u003esetEnabled(false);\n    ...\n    \nChange `$r-\u003esetEnabled(false);` to `$r-\u003esetEnabled(true);` and save the file.\n\n5. Run nolovia\n\n`php nolovia.php`\n\nThis will generate a file named `blackhole-nsd.conf`.\n\n6. Copy `blackhole-nsd.conf` to your system's NSD configuration directory, e.g.  \n`/etc/nsd/conf.d/`. The default settings for NSD should automatically load any \n.conf files in that directory; if this doesn't occur, you'll need to edit your \n`nsd.conf` file and add the line \n\n    `include: \"/path/to/blackhole-nsd.conf\"`.\n\n7. The nolovia distribution includes a `blackhole.zone` file. Copy this file \ninto your NSD `zonesdir`, which is probably `/etc/nsd/`.\n\nRestart `NSD` with `service nsd restart` or `nsd-control reconfig` as appropriate  \nfor your system, and make sure the devices on your network are set to use your \n`NSD` instance as their DNS server.\n\n## After installation\n\nNow see what breaks! Some sites you use might lose functionality because of \nserver blocking. Edit the personal-whitelist.txt and personal-blacklist.txt \nfiles to tweak nolovia's generated lists to your liking, then run it again to \ncreate a new blackhole.conf file. Once you've worked out any kinks, consider \nsetting up a daily cron job to make an updated blackhole.conf, copy it to \nwherever your resolver looks for it, and reload the name server.\n\n## TODO:\n\n* Export zone files for additional resolvers\n* Add capability to filter entire TLDs (e.g. .top)\n* Filter hostnames N levels deep instead of just 2, e.g. if metric.gstatic.com is blocked, p2-aahhyknavsj2m-wtnlrzkba6lht33q-if-v6exp3-v4.metric.gstatic.com should be recognized as a subdomain instead of making a separate entry\n* Support RPZ or hole-punching (e.g. \"block all of evilcompany.tld *except* safeserver.evilcompany.tld\")\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fparseword%2Fnolovia","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fparseword%2Fnolovia","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fparseword%2Fnolovia/lists"}