this post was submitted on 28 Aug 2024
2264 points (99.3% liked)

Technology

59419 readers
5073 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] undefined@links.hackliberty.org 1 points 2 months ago (1 children)

It’s a common solution but I do something more involved and manual, but it’s the same concept.

[–] MrPoopbutt@lemmy.world 2 points 2 months ago (1 children)

Is it something you can talk about? I'm currently in the process of trying to switch from pihole to pfblockerng but am interested if there are better alternatives

[–] undefined@links.hackliberty.org 1 points 2 months ago

At a high level it involves a terrible custom parser written in Ruby for several formats of DNS blocklists. It finds the proper domain then outputs a large configuration file for Unbound.

I’ve attempted to Dockerize it but honestly, I think it would be better to use a superior parser written in another language that can be statically compiled.

I was using Fly.io to host it in various regions using an Anycast IP, but since I’ve moved onto using VPN for everything I’ve moved it to a few hosts acting as Tailscale exit nodes. Those exit nodes provide the blocking DNS service along with rewriting incoming Tailscale client traffic to route out of another network interface assigned to a VPN provider.

Had I unlimited free time I’d rewrite the parser in Crystal, but part of me thinks there’s got to be something already written by someone in Go.