25

Decided to throw pi-hole in a bin and found enough resources to throw together my own dns filter in node, which if not on the blacklist - proxies the request to an actual dns, which allows to filter given just a word too (because it's regex matching), "came up" with the idea after @Linuxxx wanted to make (or made?) some big hosts file via php matching and blocking to block anything that e.g. contains "google".

By resources I totally mean I would have ate shit, if it wasn't for: https://peteris.rocks/blog/... as most docs are absolute garbage regarding node-dns

Comments
  • 3
    @Linuxxx this could be interesting for you to maybe chain this infront of pi-hole, so pi-hole would still be blocking random ads, but this would handle null routing anything that contains "google", though I wouldn't recommend usin "(google)" as the regex, as any image path containing that would get null routed too (believe me, it took me a while to get why tf some images are not loading anymore lol)
  • 4
    @JoshBent Could I maaaaybe have the source code? Was literally going to write this tonight xD
  • 3
    @JoshBent *eagerly awaiting response*
  • 3
    @linuxxx will upload it once I'm at my pc again, just went to get some groceries 😊
  • 2
    @JoshBent Can I help out with this? I made something similar which automatically downloads the hosts file based on what you want to block (there's a repo for that). Maybe we can join forces?
  • 2
  • 2
    @JoshBent Does grocery shopping take this long? :(
  • 2
    @linuxxx sorry :), had to do something else too, I'll upload it now and post, will then review what the guy above also suggested, didn't look into it yet
  • 2
    @JoshBent Sorry for my impatience 😅 if this is what I think it is I just can't wait to mess around with it!
  • 1
    @JoshBent You commented his link in another post earlier!
  • 2
    @linuxxx May I show my version of it too?
  • 2
    @monkehparade Yeah of course!
  • 3
    @hugh-mungus This way one could build a control panel around it and display stats etc :)
  • 3
    @linuxxx you'll need bit more patience, set up my gitlab account right now and will push shortly :P
  • 1
    @hugh-mungus basically what @linuxxx said
  • 2
    @JoshBent I'll try my best 😅 gimme a shout when done!
  • 1
    @linuxxx gitkraken wouldn't let me push to origin master for some reason, so I just made it through their page lol, here you go: https://gitlab.com/7twin/...

    the interesting parts are "authority", which contains the to be proxied DNS (to specify e.g. your pi-hole) and "entries", which contains the regex for the domains/words that should be null routed, when I have more time I'll make myself a dashboard too, add a description and credits to the guy I basically took it from as said in OP :)
  • 1
    @linuxxx

    <You commented his link in another post earlier!>

    I did?.. my memory is giving up then tbh lol
  • 1
    @monkehparade I am honestly confused right now, what's your repo, what are we joining on? 😅
  • 2
    @linuxxx ah also I set the ttl to like 10 seconds I think, you might want to adjust that, as I was debugging and didn't want to flush dns all the time
  • 2
    @JoshBent Your project is fucking working! Trying to decipher your code right now as I've got ideas for improvement already :D. Will post a picture soon!
  • 2
    @linuxxx hah it's basically the other guys code in OP all I did was add chalk, "blocked" message and adjust some params :)
  • 2
    @JoshBent ohh lol haha! Well, to that other guy, awesome!
    Things I want to add right now (still thinking how etc):
    - Logging queries for stats
    - Somehow loading blacklisted hosts/strings from a dynamic source.
  • 2
    @JoshBent I mostly need to do a kind of reverse matching. Like, being able to see if a requested domain matches with any of the 'substrings' or domains in a certain array or whatever.
  • 1
    @linuxxx hah basically what I wanted to add too, I thought of reading it into redis, both for the additional blocked hosts and then also just incrementing a value in redis too, though for per day/week/year stats I'd need some sort of date attached to the incrementation, not sure if redis would be good for that too, since it feels like a hack to do it with redis 😅
  • 1
    @linuxxx the matching is already there though?
  • 2
    @JoshBent Redis would actually be my go-to. It might be a little hackish but it's so fucking fast and that's a huge plus when talking DNS!
  • 3
    @JoshBent Yeah true but with this one it's:
    Match any of the given entries to the domain through a regex.

    What I want:
    Match the requested domain to any of the entries. This would save a huge-ass loop when dealing with big amounts of entries
  • 2
    @JoshBent Going to try to load loads of things into redis, get them all through a prefix, load them into an array and do a javascript 'some' match :D
  • 1
    @linuxxx I haven't yet myself looked as much into the code yet, so I am not sure where the difference would be from the two match cases you described, maybe I am just too tired too, but keep me updated, probably through your rants on what you do with it, I'll be doing my own panel n stuff too and we might be able to share some ideas along the way :)
  • 2
    @linuxxx btw what's the devrant signal group about, I missed out on all discords so far (though it seems they all died?) but would enjoy to find some IRCesque chat again where people tinker with stuff like this
  • 2
    @JoshBent The signal group mostly contains security/privacy oriented devRanters! We talk about loads of stuff, from devrant related things to privacy/security related stuffs to even personal things :-)
  • 1
    @linuxxx sounds interesting, does signal use any sort of data when using it, like e.g. your phone number? and is it an open group?
  • 2
    @JoshBent If you're interested in joining, let me know! Also, I just got this fucker to work with a redis-loaded blacklist.
  • 2
    @JoshBent Damn timing haha! The only requirement is one's phone number and nope, I have to add (or anybody of the group) you.
  • 1
    @linuxxx well done! you're far quicker on it than I am, you'll probably have your panel up and stuff already, by the time I come to it again haha

    that's a shame that you need a phone number for it, maybe I'll figure something out, like buy a temporary online one or smth.
  • 2
    @JoshBent That's its only flaw imo, that you need a phone number for it. But except for that, they're extremely open about what they store and for how long so I trust them a lot more than services like whatsapp.

    And yes, currently working on a mysql counter xD
  • 2
    @linuxxx totally agree, will give you a tag if I figure it out, sounds very tempting, also why mysql? thought you're doing it all in redis?
  • 2
    @JoshBent Awesome!

    Not all in redis, I can hardly sort anything or select based on a condition in redis as it's key=>value :/
  • 1
    @linuxxx hm, yeah true, I guess it has to be a mix of having the actual blocking domains in redis and mysql for stats 😊
  • 2
    📌📌📌📌
  • 2
    @JoshBent I'm just fucking pulling my hair out over sql errors right now :'(

    I have no clue what I'm doing wrong. syntax checks come out well but nope.
  • 2
    @linuxxx figured it out, how do I get the phone number to you though?
  • 2
    @linuxxx I could take a look if I'd see it, maybe we can figure out signal, so you can msg me directly or smth?
  • 2
    @JoshBent You can email me at linuxxx@tuta.io!

    And yes, help would be great, I'm losing my mind haha
  • 1
    @linuxxx sent 😊
  • 1
    @JoshBent Messaged you :)
  • 3
    @linuxxx I humbly ask for permission to join the devRant Signal group.

    Is it off-limits for someone who uses Windows regularly? 😓
  • 2
    @linuxxx Need help with Mysql?
  • 2
    @JoshBent Sorry if I had confused. I wrote a dns server/resolver that allows you to blacklist domains, redirect domains to other ips, caches dns responses to redis/fs, auto-downloads and uses the host file into the blacklisted domains. That's pretty much it though.
  • 2
    @monkehparade Figured it out thanks to my dear @PerfectAsshole!
  • 3
    @RememberMe It's not! But get ready for general windows hate and bashing haha
  • 1
    @monkehparade no worries, you can link it, I'll definitely give it a look, but I'm not sure yet if I want this project to be a team effort, since I don't even know when I'll find the time to work on this and what all I want to even add haha
  • 2
    @linuxxx yay!
    Sent you a mail.
Add Comment