* preserve DNS cache after adblock processing,
- 'unbound' and 'named' support this (please check readme)
- 'dnsmasq' now uses the 'servers-file' directive
to minimize the reload disruption,
even though the dns cache will be cleared after SIGHUP
- 'kresd' dns cache is persistent by upstream default, anyway
Turris Omnia devices need a small upstream software change
which is not accepted/implemented yet
* email notification in case of an error or domain count < n
(default 0, check readme)
* removed securemecca from default config (service has been closed)
* new separate functions for hash compare and list/overall count
* add missing package dependencies
* various clean-ups
* update documentation
Signed-off-by: Dirk Brenken <dev@brenken.org>
* => daily updates, approx. 32.000 entries (a short description of all shallalist categories can be found [online](http://www.shallalist.de/categories.html))
* [spam404](http://www.spam404.com)
@ -76,6 +74,7 @@ A lot of people already use adblocker plugins within their desktop browsers, but
* minimal status & error logging to syslog, enable debug logging to receive more output
* procd based init system support (start/stop/restart/reload/suspend/resume/query/status)
* procd network interface trigger support or classic time based startup
* keep the dns cache intact after adblock processing (currently supported by unbound and named)
* conditional dns backend restarts by old/new blocklist comparison with sha256sum (default) or md5sum
* suspend & resume adblock actions temporarily without blocklist reloading
* output comprehensive runtime information via LuCI or via 'status' init command
@ -86,6 +85,7 @@ A lot of people already use adblocker plugins within their desktop browsers, but
* optional: automatic blocklist backup & restore, they will be used in case of download errors or during startup in backup mode
* optional: 'backup mode' to re-use blocklist backups during startup, get fresh lists only via reload or restart action
* optional: 'whitelist mode' to block access to all domains except those explicitly listed in the whitelist file
* optional: send notification emails in case of a processing error or if the overall domain count is ≤ 0
* optional: add new adblock sources on your own via uci config
## Prerequisites
@ -133,18 +133,21 @@ A lot of people already use adblocker plugins within their desktop browsers, but
* adb\_forcesrt => force overall sort on low memory devices with less than 64 MB RAM (default: '0', disabled)
* adb\_backup_mode => do not automatically update blocklists during startup, use backups instead (default: '0', disabled)
* adb\_whitelist_mode => block access to all domains except those explicitly listed in the whitelist file (default: '0', disabled)
* adb\_dnsflush => flush DNS cache after adblock processing, i.e. enable the old restart behavior (default: '0', disabled)
* adb\_notify => send notification emails in case of a processing error or if the overall domain count is ≤ 0 (default: '0', disabled)
Adblock deposits the final blocklist 'adb_list.overall' in '/var/lib/unbound' where unbound can find them in its jail. If you use manual configuration for unbound, then just include the following line in your 'server' clause:
<pre><code>
include: "/var/lib/unbound/adb_list.overall"
</code></pre>
Adblock deposits the final blocklist 'adb_list.overall' in '/var/lib/unbound' where unbound can find them in its jail.
To preserve the DNS cache after adblock processing you need to install 'unbound-control'.
**change default dns backend to 'named' (bind):**
**change default dns backend to 'named' (bind):**
Adblock deposits the final blocklist 'adb_list.overall' in '/var/lib/bind'. To use the blocklist please modify '/etc/bind/named.conf':
Adblock deposits the final blocklist 'adb_list.overall' in '/var/lib/bind'.
To preserve the DNS cache after adblock processing you need to install & configure 'bind-rdnc'.
To use the blocklist please modify '/etc/bind/named.conf':
<pre><code>
in the 'options' namespace add:
response-policy { zone "rpz"; };
@ -158,21 +161,45 @@ and at the end of the file add:
};
</code></pre>
**change default dns backend to 'kresd':**
**change default dns backend to 'kresd':**
The knot-resolver (kresd) is only available on Turris Omnia devices.
Adblock deposits the final blocklist 'adb_list.overall' in '/etc/kresd', no further configuration needed.
**change default dns backend to 'dnscrypt-proxy':**
The knot-resolver (kresd) is only available on turris omnia devices. Adblock deposits the final blocklist 'adb_list.overall' in '/etc/kresd'. To use the blocklist please modify '/etc/config/resolver':
The required 'blacklist' option of dnscrypt-proxy is not enabled by default, because the package will be compiled without plugins support.
Take a custom LEDE build with plugins support to use this feature. Adblock deposits the final blocklist 'adb_list.overall' in '/tmp'.
To use the blocklist please modify '/etc/config/dnscrypt-proxy' per instance:
<pre><code>
list rpz_file '/etc/kresd/adb_list.overall'
list blacklist 'domains:/tmp/adb_list.overall'
</code></pre>
**change default dns backend to 'dnscrypt-proxy':**
**enable email notification via msmtp:**
The required 'blacklist' option of dnscrypt-proxy is not enabled by default, because the package will be compiled without plugins support. Take a custom LEDE build with plugins support to use this feature. Adblock deposits the final blocklist 'adb_list.overall' in '/tmp'. To use the blocklist please modify '/etc/config/dnscrypt-proxy' per instance:
To use the email notification you have to install & configure the package 'msmtp'.
Modify the file '/etc/msmtprc':
<pre><code>
list blacklist 'domains:/tmp/adb_list.overall'
[...]
defaults
auth on
tls on
tls_certcheck off
timeout 5
syslog LOG_MAIL
[...]
account adb_notify
host smtp.gmail.com
port 587
from dev.adblock@gmail.com
user dev.adblock
password xxx
</code></pre>
Edit the file '/etc/adblock/adblock.notify' and change at least the 'mail_receiver'.
Finally make this file executable via 'chmod' and test it directly. If no more errors come up you can comment 'mail_debug', too.
**configuration for different download utilities:**
<pre><code>
wget (default):
option adb_fetch '/usr/bin/wget'
@ -192,24 +219,27 @@ curl:
</code></pre>
**receive adblock runtime information:**
<pre><code>
/etc/init.d/adblock status
::: adblock runtime information
+ adblock_status : enabled
+ adblock_version : 3.1.0
+ overall_domains : 5117
+ adblock_version : 3.4.0
+ overall_domains : 5167 (normal/backup mode)
+ fetch_utility : wget (built-in)
+ dns_backend : kresd (/etc/kresd)
+ last_rundate : 03.11.2017 22:57:41
+ system_release : Turris Omnia, OpenWrt omnia 15.05/3.8.4
+ last_rundate : 27.12.2017 20:52:35
+ system_release : Turris Omnia, OpenWrt omnia 15.05/3.9.1
</code></pre>
**cronjob for a regular block list update (/etc/crontabs/root):**
**query the active blocklist for a certain (sub-)domain, e.g. for whitelisting:**
**query the active blocklist for a certain (sub-)domain, e.g. for whitelisting:**
The query function checks against the submitted (sub-)domain and recurses automatically to the upper top level domain. For every (sub-)domain it returns the first ten relevant results.
<pre><code>
@ -255,7 +286,7 @@ The query function checks against the submitted (sub-)domain and recurses automa