Unbound : redirecteur, cache et blacklist DNS

Le logiciel  Open Source Unbound, s’exécute indifféremment sous Linux ou sous Windows. Il a le mérite d’être une solution extrêmement légère écrite en C. Unbound peut faire office, à la fois, de cache, de serveur DNS et aussi de DNS menteur en lui associant une liste de domaines à blacklister.

Unbound : redirecteur, cache et blacklist DNSInstallation et configuration de Unbound

Après une installation qui s’effectue très simplement à la clicouille sous Windows, il reste à configurer le serveur Dns Unbound. Le logiciel s’installe en service. J’ai déjà fait un article expliquant comment installer et configurer Unbound sous Linux.

La configuration sous Windows s’effectue à partir du fichier C:/Program Files/Unbound/service.conf, dans lequel j’ai ajouté ces quelques lignes adaptées du fichier C:/Program Files/Unbound/example.conf.

#Configuration de Unbound
server:
	#Gestion du fichier de log et de la verbosié
	verbosity: 0
	logfile: "E:\unbound.log"
	log-replies: yes
	log-time-ascii: yes
	log-queries: yes
	#Nombre de threads
	num-threads: 4
	#Interfaces locales sur lesquelles écoute Unbound
	interface: 192.168.1.100@53
	interface: fe80::d19a:961b:2342:4f3d@53
	interface: 127.0.0.1@53
	interface: ::1@53
	#Port utilisé
	port: 53
	#Interfaces réseau par lesquelles sortent les paquets
	outgoing-interface: 192.168.1.100
	outgoing-interface: fe80::d19a:961b:2342:4f3d
	outgoing-interface: 127.0.0.1
	outgoing-interface: ::1
	#IPv6 prioritaire par rapport à IPv4
	prefer-ip6: yes
	#Gestion des caches
	so-sndbuf: 8m
	msg-cache-size: 8m
	rrset-cache-size: 8m
	#TTL concernant la mise en cache
	cache-min-ttl: 86400
	cache-max-ttl: 86400
	cache-max-negative-ttl: 86400
	#Machines autorisées à accéder
	access-control: 0.0.0.0/0 refuse
	access-control: 127.0.0.0/8 allow
	access-control: 192.168.1.0/24 allow
	access-control: ::0/0 refuse
	access-control: ::1 allow
	access-control: fe80::/8 allow
	#Adresseq privées non concernées par Unbound
	private-address: 10.0.0.0/8
	private-address: 172.16.0.0/12
	private-address: 192.168.0.0/16
	private-address: 169.254.0.0/16
	private-address: ff00::/8
	private-address: fe80::/10
	#Pas de requête DNS pour les adresses de Loopback et le réseau local
	do-not-query-address: 127.0.0.1/8
	do-not-query-address: ::1
	do-not-query-address: 192.168.1.0/24
	do-not-query-address: fe80::/10
	do-not-query-localhost: yes
	#La blacklist
	include: "D:\config\unbound\blacklist.conf"

#Configuration des redirecteurs Cloudflare
forward-zone:
	name: "."
	forward-addr: 2606:4700:4700::1001
	forward-addr: 1.0.0.1

Vous pouvez tester votre configuration avant de relancer votre service :

cd /d "c:/Program Files/Unbound"
unbound-checkconf

Ma blacklist pour Unbound

Nous allons faire mentir Unbound pour ces utilisateurs. Nous allons donc bloquer certains domaines dont l’objet est de nous innonder de publicités ou bien de collecter nos données issues de votre navigation. La liste ci-dessous est celle que j’utilise.

#local-zone: "android.clients.google.com" static
#local-zone: "clients1.google.com" static
#local-zone: "clients2.google.com" static
#local-zone: "clients3.google.com" static
#local-zone: "clients4.google.com" static
#local-zone: "clients5.google.com" static
#local-zone: "clients6.google.com" static
#local-zone: "connectivity-check.gstatic.com" static
#local-zone: "consent.google.com" static
#local-zone: "ct.googleapis.com" static
#local-zone: "graph.facebook.com" static
#local-zone: "id.google.fr" static
#local-zone: "sls.microsoft.com" static
local-zone: "122.2o7.net" static
local-zone: "168logger.com" static
local-zone: "2mdn.net" static
local-zone: "360yield.com" static
local-zone: "3gl.net" static
local-zone: "a2dfp.net" static
local-zone: "abarrange.info" static
local-zone: "abmr.net" static
local-zone: "abtasty.com" static
local-zone: "accengage.net" static
local-zone: "acommeassure.com" static
local-zone: "ad6media.fr" static
local-zone: "adbutter.net" static
local-zone: "addthis.com" static
local-zone: "addthisedge.com" static
local-zone: "addtoany.com" static
local-zone: "adexchangemachine.com" static
local-zone: "adexchangetracker.com" static
local-zone: "adform.net" static
local-zone: "adhese.com" static
local-zone: "adhslx.com" static
local-zone: "adikteev.com" static
local-zone: "adition.com" static
local-zone: "adkmob.com" static
local-zone: "adleadevent.com" static
local-zone: "adnext.fr" static
local-zone: "adnxs.com" static
local-zone: "adotmob.com" static
local-zone: "adpushup.com" static
local-zone: "adroll.com" static
local-zone: "adrunnr.com" static
local-zone: "adsafeprotected.com" static
local-zone: "adsco.re" static
local-zone: "adservice.google.fr" static
local-zone: "adskeeper.co.uk" static
local-zone: "adspirit.de" static
local-zone: "adsrv4k.com" static
local-zone: "adsrvr.org" static
local-zone: "ads-twitter.com" static
local-zone: "adtech.de" static
local-zone: "adtechus.com" static
local-zone: "adthletic.com" static
local-zone: "advideum.com" static
local-zone: "adwidecenter.com" static
local-zone: "agkn.com" static
local-zone: "alephd.com" static
local-zone: "algolia.com" static
local-zone: "algolia.net" static
local-zone: "algolianet.com" static
local-zone: "alooma.com" static
local-zone: "amazon-adsystem.com" static
local-zone: "amplitude.com" static
local-zone: "anona.world" static
local-zone: "antvoice.com" static
local-zone: "api.data-monitor.info" static
local-zone: "app.link" static
local-zone: "appinthestore.com" static
local-zone: "arancefy.com" static
local-zone: "audiencesquare.com" static
local-zone: "autoupdate.geo.opera.com" static
local-zone: "avads.net" static
local-zone: "babator.com" static
local-zone: "barnebys.com" static
local-zone: "basilic.io" static
local-zone: "bat.bing.com" static
local-zone: "batch.com" static
local-zone: "beampulse.com" static
local-zone: "beopinion.com" static
local-zone: "bidswitch.net" static
local-zone: "bksn.se" static
local-zone: "bluekai.com" static
local-zone: "boudja.com" static
local-zone: "branch.io" static
local-zone: "brightcove.com" static
local-zone: "brightcove.net" static
local-zone: "bttrack.com" static
local-zone: "camakaroda.com" static
local-zone: "capacitly.com" static
local-zone: "carambo.la" static
local-zone: "cayucosprenter.com" static
local-zone: "ccpnzfts.com" static
local-zone: "cedexis.com" static
local-zone: "cedexis.net" static
local-zone: "cedexis-radar.net" static
local-zone: "cedexis-test.com" static
local-zone: "chartbeat.com" static
local-zone: "chartbeat.net" static
local-zone: "clicktale.net" static
local-zone: "clksite.com" static
local-zone: "cloud-media.fr" static
local-zone: "cloudstatpng.info" static
local-zone: "codeonclick.com" static
local-zone: "coin-hive.com" static
local-zone: "coll1onf.com" static
local-zone: "commander1.com" static
local-zone: "connect.facebook.net" static
local-zone: "consensu.org" static
local-zone: "contentabc.com" static
local-zone: "contentsquare.net" static
local-zone: "contextweb.com" static
local-zone: "cookie-script.com" static
local-zone: "cpx.to" static
local-zone: "crazyegg.com" static
local-zone: "criteo.com" static
local-zone: "criteo.net" static
local-zone: "croissed.info" static
local-zone: "crsspxl.com" static
local-zone: "crvtck.com" static
local-zone: "cse.google.com" static
local-zone: "cxense.com" static
local-zone: "datadome.co" static
local-zone: "demdex.net" static
local-zone: "deployads.com" static
local-zone: "detectportal.firefox.com" static
local-zone: "digidip.net" static
local-zone: "digitaltarget.ru" static
local-zone: "disqus.com" static
local-zone: "disquscdn.com" static
local-zone: "districtm.ca" static
local-zone: "do69ifsly4.me" static
local-zone: "doubleclick.net" static
local-zone: "doublepimpssl.com" static
local-zone: "early-birds.fr" static
local-zone: "easydmp.net" static
local-zone: "easylist-downloads.adblockplus.org" static
local-zone: "eb2.3lift.com" static
local-zone: "effectivemeasure.net" static
local-zone: "egnatius-ear.com" static
local-zone: "elasticad.net" static
local-zone: "email-reflex.com" static
local-zone: "estat.com" static
local-zone: "etahub.com" static
local-zone: "everesttech.net" static
local-zone: "evisys.net" static
local-zone: "exelator.com" static
local-zone: "exoclick.com" static
local-zone: "fisolately.info" static
local-zone: "focuusing.com" static
local-zone: "fogl1onf.com" static
local-zone: "formr.io" static
local-zone: "freegeoip.net" static
local-zone: "freeskreen.com" static
local-zone: "ftv-publicite.fr" static
local-zone: "fwmrm.net" static
local-zone: "fyre.co" static
local-zone: "gemius.pl" static
local-zone: "geoplugin.net" static
local-zone: "geotrust.com" static
local-zone: "getclicky.com" static
local-zone: "getsitecontrol.com" static
local-zone: "ghostery-collector.ghostery.com" static
local-zone: "gigya.com" static
local-zone: "gisi.fr" static
local-zone: "glorinlost.info" static
local-zone: "googleadapis.l.google.com" static
local-zone: "googleadservices.com" static
local-zone: "google-analytics.com" static
local-zone: "googlecommerce.com" static
local-zone: "googlesyndication.com" static
local-zone: "googletagmanager.com" static
local-zone: "googletagservices.com" static
local-zone: "goutee.top" static
local-zone: "graphcomment.com" static
local-zone: "gstaticadssl.l.google.com" static
local-zone: "gvt1.com" static
local-zone: "gwallet.com" static
local-zone: "heapanalytics.com" static
local-zone: "heatmap.it" static
local-zone: "hipush.com" static
local-zone: "histats.com" static
local-zone: "hit-parade.com" static
local-zone: "hlserve.com" static
local-zone: "hostcg.com" static
local-zone: "hotjar.com" static
local-zone: "hunkal.com" static
local-zone: "iadvize.com" static
local-zone: "icipra.org" static
local-zone: "iicheewi.com" static
local-zone: "imgix.net" static
local-zone: "imrworldwide.com" static
local-zone: "inclk.com" static
local-zone: "indexww.com" static
local-zone: "infoprodata.com" static
local-zone: "inspectlet.com" static
local-zone: "iookaz.com" static
local-zone: "ipify.org" static
local-zone: "ip-label.net" static
local-zone: "isadatalab.com" static
local-zone: "ivitrack.com" static
local-zone: "jokerly.com" static
local-zone: "jsonlint.com" static
local-zone: "kameleoon.com" static
local-zone: "kameleoon.eu" static
local-zone: "keywee.co" static
local-zone: "kickassapp.com" static
local-zone: "kiwys.com" static
local-zone: "krxd.net" static
local-zone: "krxnd.net" static
local-zone: "leadplace.fr" static
local-zone: "ligatus.com" static
local-zone: "lijit.com" static
local-zone: "livefyre.com" static
local-zone: "liveviewer.ez.no" static
local-zone: "lp4.io" static
local-zone: "lucklayed.info" static
local-zone: "m6tech.net" static
local-zone: "macromedia.com" static
local-zone: "mailjet.com" static
local-zone: "mailmunch.co" static
local-zone: "marketo.com" static
local-zone: "marketo.net" static
local-zone: "mathjax.org" static
local-zone: "mathtag.com" static
local-zone: "maxonclick.com" static
local-zone: "mc.yandex.ru" static
local-zone: "mclcm.net" static
local-zone: "media.net" static
local-zone: "mediaathay.org.uk" static
local-zone: "mediapostcommunication.net" static
local-zone: "media-rdc.com" static
local-zone: "mediarithmics.com" static
local-zone: "mediego.com" static
local-zone: "metadsp.co.uk" static
local-zone: "metric.gstatic.com" static
local-zone: "metrica.yandex.ru" static
local-zone: "mgid.com" static
local-zone: "mindlytix.com" static
local-zone: "minute.ly" static
local-zone: "mixpanel.com" static
local-zone: "ml314.com" static
local-zone: "mmstat.com" static
local-zone: "mmtro.com" static
local-zone: "moatads.com" static
local-zone: "module-videodesk.com" static
local-zone: "msecnd.net" static
local-zone: "msftconnecttest.com" static
local-zone: "mxpnl.com" static
local-zone: "myadfilter.com" static
local-zone: "naenticle.info" static
local-zone: "natoms.com" static
local-zone: "netavenir.com" static
local-zone: "netmng.com" static
local-zone: "newrelic.com" static
local-zone: "newsharecounts.com" static
local-zone: "newstarads.com" static
local-zone: "nextlnk2.com" static
local-zone: "non.li" static
local-zone: "nosto.com" static
local-zone: "notification.adblockplus.org" static
local-zone: "nuggad.net" static
local-zone: "nxtck.com" static
local-zone: "omnitagjs.com" static
local-zone: "onclickprediction.com" static
local-zone: "onesignal.com" static
local-zone: "onfocus.io" static
local-zone: "onthe.io" static
local-zone: "oopt.fr" static
local-zone: "openload.co" static
local-zone: "opertures.com" static
local-zone: "optimizely.com" static
local-zone: "optinproject.com" static
local-zone: "optnmstr.com" static
local-zone: "orangeads.fr" static
local-zone: "outbrain.com" static
local-zone: "ovcmqf.com" static
local-zone: "ownpage.fr" static
local-zone: "oxom.com" static
local-zone: "pagefair.com" static
local-zone: "pagefair.net" static
local-zone: "pardot.com" static
local-zone: "parketsy.pro" static
local-zone: "parsely.com" static
local-zone: "pebed.dm.gg" static
local-zone: "perfectmarket.com" static
local-zone: "personalicanvas.com" static
local-zone: "phywi.org" static
local-zone: "piguiqproxy.com" static
local-zone: "pingdom.net" static
local-zone: "plxnt.com" static
local-zone: "po.st" static
local-zone: "poool.fr" static
local-zone: "popads.net" static
local-zone: "preview.team" static
local-zone: "priice.net" static
local-zone: "protecmedia.com" static
local-zone: "proxistore.com" static
local-zone: "pubmine.com" static
local-zone: "pulpix.com" static
local-zone: "purch.com" static
local-zone: "puserving.com" static
local-zone: "pushcrew.com" static
local-zone: "pxt-networks.com" static
local-zone: "qualtrics.com" static
local-zone: "quantserve.com" static
local-zone: "quantum-advertising.com" static
local-zone: "r66net.com" static
local-zone: "rawgit.com" static
local-zone: "readspeaker.com" static
local-zone: "realytics.io" static
local-zone: "reportantu.info" static
local-zone: "rubiconproject.com" static
local-zone: "s3blog.org" static
local-zone: "safebrowsing.google.com" static
local-zone: "safebrowsing.googleapis.com" static
local-zone: "safebrowsing-cache.google.com" static
local-zone: "sblcjzjp.com" static
local-zone: "sb-ssl.google.com" static
local-zone: "sb-ssl.l.google.com" static
local-zone: "schibsted.com" static
local-zone: "scorecardresearch.com" static
local-zone: "sddan.com" static
local-zone: "sdv.fr" static
local-zone: "seedtag.com" static
local-zone: "selfcampaign.com" static
local-zone: "sendinblue.com" static
local-zone: "servimg.com" static
local-zone: "serving-sys.com" static
local-zone: "shareasale.com" static
local-zone: "sharethrough.com" static
local-zone: "shein.com" static
local-zone: "shermore.info" static
local-zone: "singleclickapps.com" static
local-zone: "sitestat.com" static
local-zone: "skimresources.com" static
local-zone: "smartadserver.com" static
local-zone: "smartp.com" static
local-zone: "snap-scan.com" static
local-zone: "social9.com" static
local-zone: "social-sb.com" static
local-zone: "speedcurve.com" static
local-zone: "spot.im" static
local-zone: "stack-sonar.com" static
local-zone: "statcounter.com" static
local-zone: "steepto.com" static
local-zone: "stickyadstv.com" static
local-zone: "storetail.io" static
local-zone: "strapolan.com" static
local-zone: "stripchat.com" static
local-zone: "summerhamster.com" static
local-zone: "sumome.com" static
local-zone: "superfastcdn.com" static
local-zone: "surfaceprivee.com" static
local-zone: "symcb.com" static
local-zone: "symcd.com" static
local-zone: "t.kelkoogroup.net" static
local-zone: "t4btv.com" static
local-zone: "taboola.com" static
local-zone: "tagbucket.cc" static
local-zone: "tagcommander.com" static
local-zone: "targetemsecure.blob.core.windows.net" static
local-zone: "tatumsmolena.com" static
local-zone: "tdfpiig.com" static
local-zone: "teads.tv" static
local-zone: "tellapart.com" static
local-zone: "theadex.com" static
local-zone: "tidaltv.com" static
local-zone: "tiqcdn.com" static
local-zone: "tldw.me" static
local-zone: "tokywoky.com" static
local-zone: "tororango.com" static
local-zone: "tradedoubler.com" static
local-zone: "tradelab.fr" static
local-zone: "traffic.focuusing.com" static
local-zone: "trafficfactory.biz" static
local-zone: "trafficjunky.net" static
local-zone: "trafficshaping.dsp.mp.microsoft.com" static
local-zone: "trafficstars.com" static
local-zone: "tribalfusion.com" static
local-zone: "trustarc.com" static
local-zone: "tsyndicate.com" static
local-zone: "ttlbd.net" static
local-zone: "turn.com" static
local-zone: "typekit.net" static
local-zone: "udc.yahoo.com" static
local-zone: "ultimedia.com" static
local-zone: "unit-sense.net" static
local-zone: "usersnap.com" static
local-zone: "veinteractive.com" static
local-zone: "velocecdn.com" static
local-zone: "venturead.com" static
local-zone: "vicomi.com" static
local-zone: "videoplaza.tv" static
local-zone: "videostep.com" static
local-zone: "vidible.tv" static
local-zone: "viglink.com" static
local-zone: "visiblemeasures.com" static
local-zone: "visualrevenue.com" static
local-zone: "visualwebsiteoptimizer.com" static
local-zone: "vlgqpikka.com" static
local-zone: "wbdds.com" static
local-zone: "weatherblink.com" static
local-zone: "weathernco.com" static
local-zone: "webedia.fr" static
local-zone: "weborama.fr" static
local-zone: "wemfbox.ch" static
local-zone: "wibbitz.com" static
local-zone: "windguru.cz" static
local-zone: "windy.com" static
local-zone: "wonderpush.com" static
local-zone: "worldsecuresystems.com" static
local-zone: "wurfl.io" static
local-zone: "wwwpromoter.com" static
local-zone: "wxvejfvmfwl.com" static
local-zone: "wysistat.com" static
local-zone: "xiti.com" static
local-zone: "xkawgrrrpszb.com" static
local-zone: "yadro.ru" static
local-zone: "yandex.net" static
local-zone: "youbora.com" static
local-zone: "yume.com" static
local-zone: "zebestof.com" static
local-zone: "zemanta.com" static
local-zone: "zencdn.net" static
local-zone: "zendesk.com" static
local-zone: "zergnet.com" static
local-zone: "zopim.com" static

Pensez ensuite à redémarrer le service Unbound à partir de la console des services Windows. Il m’a fallu un petit quart d’heure pour installer, comprendre et configurer ce « petit » logiciel remarquable. Le site propose une excellente documentation, ainsi qu’un manuel au format PDF pour la configuration sous Windows.

Billet publié initialement le 2 février 2013, modifié le 24 avril 2018

Dns  / Blacklist Cache Dns Dns Redirecteur DNS Serveur Dns Unbound 

Commentaires

Hello,

Je te conseille d’utiliser une liste de nom domaine plutôt que de les ajouter à la main. Tout simplement car il y en a des dizaines de milliers et qu’il est difficile de les connaître trous.

J’avais écris un article sur le sujet il y a peu. Il est un peu brute mais tu peux y trouver les informations relatives à la liste.

https://blog.mirabellette.eu/index.php?article17/block-advertise-domain-name-with-unbound

@Mirabellette

Tout d’abord, merci pour le lien. Très intéressant !

La blacklist, c’est celle que j’ai constituée par moi-même et elle me convient très bien. ;+)

« mathjax.org » ?
c’est pour faire du rendu de formule mathématique dans le navigateur.
si tu en es à considérer cela il va falloir bloquer jquery.org.
c’est pas très sérieux.

@Stéphane

Merci pour l’info. Ceci étant, je ne vois pas bien le rapport entre mathjax.org et jquery. D’ailleurs, dans la liste, il n’y a rien concernant jquery. Quel est donc l’objectif de ton commentaire que j’ai hésité à publier ?

Et la tienne de liste, elle est où ? Comme ça, je pourrais la fusionner avec la mienne.

@Denis, le rapport est que ce sont tous deux des bibliothèques logiciel qui peuvent être nécessaires au fonctionnement d’un site web et que blacklister l’une ou l’autre n’est pas forcement une bonne idée.
Pour ma part, je m’appuie sur les lites fournies par adaway.org.

@Stéphane

J’utilise ma propre liste.

Laisser un commentaire

(requis)

(requis)