Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/hectorm/hblock-resolver

A Docker image of Knot DNS Resolver with hBlock.
https://github.com/hectorm/hblock-resolver

ad-blocker adblock adblocker ads blocker containers dns dns-over-tls dns-resolver dns-server docker malware privacy protection ransomware resolver security trackers tracking trojans

Last synced: 13 days ago
JSON representation

A Docker image of Knot DNS Resolver with hBlock.

Host: GitHub
URL: https://github.com/hectorm/hblock-resolver
Owner: hectorm
License: mit
Created: 2018-06-11T21:15:56.000Z (over 6 years ago)
Default Branch: master
Last Pushed: 2024-07-26T19:58:50.000Z (4 months ago)
Last Synced: 2024-10-29T22:33:16.149Z (15 days ago)
Topics: ad-blocker, adblock, adblocker, ads, blocker, containers, dns, dns-over-tls, dns-resolver, dns-server, docker, malware, privacy, protection, ransomware, resolver, security, trackers, tracking, trojans
Language: Shell
Homepage: https://hub.docker.com/r/hectorm/hblock-resolver
Size: 402 KB
Stars: 30
Watchers: 5
Forks: 4
Open Issues: 1
Metadata Files:
- Readme: README.md
- License: LICENSE.md

Awesome Lists containing this project

README

        # hBlock Resolver

A Docker image of [Knot Resolver](https://www.knot-resolver.cz) configured to automatically block ads, tracking and malware domains with

[hBlock](https://github.com/hectorm/hblock).

## Start an instance

```sh

docker run --detach \

  --name hblock-resolver \

  --publish 127.0.0.153:53:53/udp \

  --publish 127.0.0.153:53:53/tcp \

  --publish 127.0.0.153:443:443/tcp \

  --publish 127.0.0.153:853:853/tcp \

  --publish 127.0.0.153:8453:8453/tcp \

  --mount type=volume,src=hblock-resolver-data,dst=/var/lib/knot-resolver/ \

  docker.io/hectorm/hblock-resolver:latest

```

> **Warning:** do not expose this service to the open internet. An open DNS resolver represents a significant threat and it can be used in a number of

> different attacks, such as [DNS amplification attacks](https://www.cloudflare.com/learning/ddos/dns-amplification-ddos-attack/).

## Environment variables

#### `KRESD_CACHE_SIZE` (default: `50`)

Maximum cache size in megabytes.

#### `KRESD_DNS{1..4}_IP` (default: `1.1.1.1@853` and `1.0.0.1@853`)

IP (and optionally port) of the DNS-over-TLS server to which the queries will be forwarded

([alternative DoT servers](https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Public+Resolvers#DNSPrivacyPublicResolvers-DNS-over-TLS(DoT))).

#### `KRESD_DNS{1..4}_HOSTNAME` (default: `cloudflare-dns.com`)

Hostname of the DNS-over-TLS server to which the queries will be forwarded

([CA+hostname authentication docs](https://knot-resolver.readthedocs.io/en/stable/modules-policy.html#ca-hostname-authentication)).

#### `KRESD_DNS{1..4}_PIN_SHA256` (default: empty)

Certificate hash of the DNS-over-TLS server to which the queries will be forwarded

([key-pinned authentication docs](https://knot-resolver.readthedocs.io/en/stable/modules-policy.html#key-pinned-authentication)).

#### `KRESD_INSTANCE_NUMBER` (default: `1`)

Number of instances to launch.

#### `KRESD_RECENTLY_BLOCKED_NUMBER` (default: `100`)

Number of recently blocked domains to store in memory for each instance.

The `/recently_blocked` endpoint returns an aggregated list of all instances.

#### `KRESD_CERT_MANAGED` (default: `true`)

If equals `true`, a self-signed certificate will be generated. You can provide your own certificate with these options:

```

  --env KRESD_CERT_MANAGED=false \

  --mount type=bind,src=/path/to/server.key,dst=/var/lib/knot-resolver/ssl/server.key,ro \

  --mount type=bind,src=/path/to/server.crt,dst=/var/lib/knot-resolver/ssl/server.crt,ro \

```

> **Note:** for a more advanced setup, look at the [following example](examples/caddy) with [Let's Encrypt](https://letsencrypt.org) and

[Caddy](https://caddyserver.com/).

#### `KRESD_NIC` (default: empty)

If defined, kresd will only listen on the specified interface. Some users observed a considerable, close to 100%, performance gain in Docker

containers when they bound the daemon to a single interface:ip address pair

([dynamic configuration docs](https://knot-resolver.readthedocs.io/en/latest/daemon-scripting.html?highlight=docker#lua-scripts),

[CZ-NIC/knot-resolver#32](https://github.com/CZ-NIC/knot-resolver/pull/32)).

#### `KRESD_LOG_LEVEL` (default: `notice`)

Set the global logging level. The possible values are: `crit`, `err`, `warning`, `notice`, `info` or `debug`.

## Additional configuration

Main Knot DNS Resolver configuration is located in `/etc/knot-resolver/kresd.conf`. If you would like to add additional configuration, add one or more

`*.conf` files under `/etc/knot-resolver/kresd.conf.d/`.

## License

See the [license](LICENSE.md) file.