003 File Manager
Current Path:
/usr/src/contrib/unbound/doc
usr
/
src
/
contrib
/
unbound
/
doc
/
📁
..
📄
CNAME-basedRedirectionDesignNotes.pdf
(55.64 KB)
📄
CREDITS
(1.21 KB)
📄
Changelog
(368.01 KB)
📄
FEATURES
(3.57 KB)
📄
IP-BasedActions.pdf
(241.76 KB)
📄
LICENSE
(1.46 KB)
📄
README
(7.08 KB)
📄
README.DNS64
(1.01 KB)
📄
README.ipset.md
(1.8 KB)
📄
README.svn
(656 B)
📄
README.tests
(928 B)
📄
TODO
(4.52 KB)
📄
control_proto_spec.txt
(2.51 KB)
📄
example.conf
(39.04 KB)
📄
example.conf.in
(43.55 KB)
📄
ietf67-design-02.odp
(323.76 KB)
📄
ietf67-design-02.pdf
(615.36 KB)
📄
libunbound.3
(14.7 KB)
📄
libunbound.3.in
(14.79 KB)
📄
requirements.txt
(14.87 KB)
📄
unbound-anchor.8
(7.21 KB)
📄
unbound-anchor.8.in
(7.45 KB)
📄
unbound-checkconf.8
(1.32 KB)
📄
unbound-checkconf.8.in
(1.31 KB)
📄
unbound-control.8
(25.66 KB)
📄
unbound-control.8.in
(26.43 KB)
📄
unbound-host.1
(3.83 KB)
📄
unbound-host.1.in
(3.83 KB)
📄
unbound.8
(2.45 KB)
📄
unbound.8.in
(2.52 KB)
📄
unbound.conf.5
(100.12 KB)
📄
unbound.conf.5.in
(114.13 KB)
📄
unbound.doxygen
(67.37 KB)
Editing: README.ipset.md
## Created a module to support the ipset that could add the domain's ip to a list easily. ### Purposes: * In my case, I can't access the facebook, twitter, youtube and thousands web site for some reason. VPN is a solution. But the internet too slow whether all traffics pass through the vpn. So, I set up a transparent proxy to proxy the traffic which has been blocked only. At the final step, I need to install a dns service which would work with ipset well to launch the system. I did some research for this. Unfortunately, Unbound, My favorite dns service doesn't support ipset yet. So, I decided to implement it by my self and contribute the patch. It's good for me and the community. ``` # unbound.conf server: ... local-zone: "facebook.com" ipset local-zone: "twitter.com" ipset local-zone: "instagram.com" ipset more social website ipset: name-v4: "gfwlist" ``` ``` # iptables iptables -A PREROUTING -p tcp -m set --match-set gfwlist dst -j REDIRECT --to-ports 10800 iptables -A OUTPUT -p tcp -m set --match-set gfwlist dst -j REDIRECT --to-ports 10800 ``` * This patch could work with iptables rules to batch block the IPs. ``` # unbound.conf server: ... local-zone: "facebook.com" ipset local-zone: "twitter.com" ipset local-zone: "instagram.com" ipset more social website ipset: name-v4: "blacklist" name-v6: "blacklist6" ``` ``` # iptables iptables -A INPUT -m set --set blacklist src -j DROP ip6tables -A INPUT -m set --set blacklist6 src -j DROP ``` ### Notes: * To enable this module the root privileges is required. * Please create a set with ipset command first. eg. **ipset -N blacklist iphash** ### How to use: ``` ./configure --enable-ipset make && make install ``` ### Configuration: ``` # unbound.conf server: ... local-zone: "example.com" ipset ipset: name-v4: "blacklist" ```
Upload File
Create Folder