CV Ed Roof Maker

How to Add Phishing Blacklists to Your Linux DNS Resolver Firewall

Ed Roof Maker
Reading Time: 2 minutes

Why manage your own dns resolver?

Australia is in the top ten of targeted countries according to this cybercx article https://cybercx.com.au/news/australia-one-of-the-top-ten-countries-targeted/

By managing your own resolver, you decide what gets blocked.

There are free phishing lists openphish.com, and phishtank.com, you would want these as part of your dns block list.

Throughout this article we will use files from https://github.com/ed-roof-maker/gateway-firewall

This article will show instructions for both Linux and OpenWRT.

Configure your whitelists.

git clone git@github.com:ed-roof-maker/gateway-firewall.git
cd dns
vim whitelist

Update anti phishing dbs; –

cd db_openphish
wget https://openphish.com/feed.txt
cd db_phishtank
wget http://data.phishtank.com/data/online-valid.csv

Generate hosts file –

bash gen-hosts.sh

The above command over arches Steven Black’s hosts file generator. We configure it with our own blacklists and whitelists. Below is the overarching bash logic.

cp -f ${cwdd}/whitelist ${cwdd}/hosts/

cat ${OP} | cut -d / -f 3 > ${TMP}/OP.txt
cat ${PT} | cut -d , -f 2 | cut -d / -f 3 > ${TMP}/PT.txt

cat ${TMP}/OP.txt ${TMP}/PT.txt | sort | uniq > ${cwdd}/blacklist
rm ${TMP}/OP.txt ${TMP}/PT.txt

sed -i 's|^|0.0.0.0 |g' ${cwdd}/blacklist
cp -f ${cwdd}/blacklist ${cwdd}/hosts/

python3 ${cwdd}/hosts/updateHostsFile.py

Generate unbound hosts files –

bash gen-unbound-hosts.sh

We also generate in unbound format just in case you also want DNSSEC validation in your dns queries. OpenWRT by default does not support DNSSEC. Below is how we convert the hosts file in unbound format; –

cat ${HOSTS} | grep '^0\.0\.0\.0' | awk '{print "local-zone: \""$2"\" static"}' | tee --append ${cwdd}/dist/unbound-hosts-block.conf > /dev/null

We install the hosts file in linux; —

cp -f dist/hosts /etc/

In MACOS; –

cp -f dist/hosts /private/etc

In windows; –

%SystemRoot%\system32\drivers\etc\hosts

Install in OpenWRT with DNSMasq; –

ssh root@192.168.1.1
cd /etc
wget https://github.com/ed-roof-maker/gateway-firewall/raw/refs/heads/main/dns/dist/hosts

Conclusion

It is nice to fully maximize what is freely available, openphish.com and phishtank.com, by adding these free blacklists to all your DNS resolvers. Combine your custom DNS resolver with a country firewall, and you have made some magic into your devices.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *