wiki:RpzList

Version 4 (modified by AnonymousPoster, 13 days ago) ( diff )

Added reference to our DnsHosts

RPZ

This list contains our public facing Response Policy Zone

Here you can see our RPZ driven Response Policy Zones to be used in your DNS Firewall or by simply switch your DNS Client setting to point to our Firewall DNS server.

rpz.mypdns.cloud

The primary zone-file is hosted in the rpz.mypdns.cloud.

This RPZ zone contains a mix of the following records from Git sources except from bait_sites, porno-sites and safesearch.

adult.mypdns.cloud

This is the RPZ Firewall zone which hosts all our Adult and Porno related domains that have been reported you can also find reported Adult Contents at GitLab and GitHub.

This zone is not our primary concern and as a result the default weight for maintaining this record is therefore limited.

safesearch.mypdns.cloud

The safesearch.mypdns.cloud zone is intended to enable SafeSearch in your browser by default by redirecting the ordinary DNS response into a predefined IP-address by search providers like duckduckgo.com or for duckduckgo.com on the tor-network .onion

These records is placed outside the default source folder in safesearch/.

typosquatting.mypdns.cloud

The Typo Squatting zone is purely based on source/typosquatting/

whitelist.mypdns.cloud

This list have it's very own life, as this is a very very tricky one to maintain.

The reason for that is, it have to balance between what is going on with a domain that for several reasons might be blacklisted on some lists but not on others. It can also be that a domain in general do 99,9% right, but because of it's nature of user based submissions, could do a lot of evil.

E.g. Gitlab.com

Gitlab is 100% user submitted contents, but for the same reason also a widely target from bad guys to host there evil code. For that rightfully reason Gitlab often pop ups on list for malicious code. But as that would have huge influence on our workflow, it's of curse to be whitelisted.

However you are more than welcome to use it :)

Obtain DNS Firewall zones

To obtain a valid copy of our DNS zones you can use several tools. We will here introduce you into the best and most stable ways to do this in preferred order.

DNS Resolver

The best and most modern way to run a DNS Firewall is by using a good and up to date DNSResolver and have that to automatically fetch our RPZ zones, when the SOA record changes.

The best and most modern DNS-resolvers to use RPZ zones is PowerDNS-Recursor and Bind 9

Next to these two very powerful DNS resolvers which fully support the use of Response Policy Zones we can recommend Unbound for which we do maintain ready to use zone files in our Unbound Zone files project.
It is worth mentioning that Unbound do work on supporting RPZ-Firewall, but it seems to have a very low priority. See this PullRequest at GH

Hosts files

We don't do much in this severely outdated method of blocking, as it is resources extensive, and is heavy adding loads to any systems using these.

Many times Windows completely fails to even start the network as the files are getting to big with to many records. We have therefore decided to nearly completely dish all hosts files, but a few of them, is been kept alive do to the importance of the records in them.
The records within our few hosts formatted sources is cut down to those other project like StevenBlack/hosts leaves out by whitelisting these extreme intrusive records which only purpose is to intercept your privacy and track all of your movements.

A extreme scary example to this could be assets.adobedtm.com which clearly is part of Adobe's AdWare network.

Response Policy Zones

Ipv4

If you only have access to IPv4 Network you'll have to switch the standard DNS port 53 to 5353 Please use DNS name axfr.ipv4.mypdns.cloud

Ipv6

Getting the zones over IPv6 offers you to keep the default DNS server port 53 Please use DNS name axfr.mypdns.cloud

dig examples

To get the latest typosquatting.mypdns.cloud with dig you simply do:

For IPv4

dig axfr typosquatting.mypdns.cloud @axfr.ipv4.mypdns.cloud -p 5353

For IPv6

dig axfr typosquatting.mypdns.cloud @axfr.mypdns.cloud -p 53
Note: See TracWiki for help on using the wiki.