blocky-config.yaml

  1upstream:
  2  default:
  3    - https://cloudflare-dns.com/dns-query
  4    - https://dns.adguard.com/dns-query
  5upstreamTimeout: 2s
  6bootstrapDns: tcp+udp:1.1.1.1
  7startVerifyUpstream: false
  8connectIPVersion: dual
  9
 10# optional: custom IP address(es) for domain name (with all sub-domains). Multiple addresses must be separated by a comma
 11# example: query "printer.lan" or "my.printer.lan" will return 192.168.178.3
 12customDNS:
 13  customTTL: 1h
 14  filterUnmappedTypes: true
 15  mapping:
 16    unifi: 192.168.86.1
 17    ...
 18
 19# optional: use black and white lists to block queries (for example ads, trackers, adult pages etc.)
 20blocking:
 21  # definition of blacklist groups. Can be external link (http/https) or local file
 22  blackLists:
 23    ads:
 24      - https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
 25      - http://sbc.io/hosts/hosts
 26      - https://adaway.org/hosts.txt
 27      - https://v.firebog.net/hosts/AdguardDNS.txt
 28      - https://v.firebog.net/hosts/Admiral.txt
 29      - https://raw.githubusercontent.com/anudeepND/blacklist/master/adservers.txt
 30      - https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
 31      - https://v.firebog.net/hosts/Easylist.txt
 32      - https://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&showintro=0&mimetype=plaintext
 33      - https://raw.githubusercontent.com/FadeMind/hosts.extras/master/UncheckyAds/hosts
 34      - https://raw.githubusercontent.com/bigdargon/hostsVN/master/hosts
 35    trackers:
 36      - https://v.firebog.net/hosts/Easyprivacy.txt
 37      - https://v.firebog.net/hosts/Prigent-Ads.txt
 38      - https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.2o7Net/hosts
 39      - https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/spy.txt
 40      - https://hostfiles.frogeye.fr/firstparty-trackers-hosts.txt
 41    malware:
 42      - https://raw.githubusercontent.com/DandelionSprout/adfilt/master/Alternate%20versions%20Anti-Malware%20List/AntiMalwareHosts.txt
 43      - https://osint.digitalside.it/Threat-Intel/lists/latestdomains.txt
 44      - https://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt
 45      - https://v.firebog.net/hosts/Prigent-Crypto.txt
 46      - https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.Risk/hosts
 47      - https://bitbucket.org/ethanr/dns-blacklists/raw/8575c9f96e5b4a1308f2f12394abd86d0927a4a0/bad_lists/Mandiant_APT1_Report_Appendix_D.txt
 48      - https://phishing.army/download/phishing_army_blocklist_extended.txt
 49      - https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-malware.txt
 50      - https://v.firebog.net/hosts/RPiList-Malware.txt
 51      - https://v.firebog.net/hosts/RPiList-Phishing.txt
 52      - https://raw.githubusercontent.com/Spam404/lists/master/main-blacklist.txt
 53      - https://raw.githubusercontent.com/AssoEchap/stalkerware-indicators/master/generated/hosts
 54      - https://urlhaus.abuse.ch/downloads/hostfile/
 55    fakenews:
 56      - https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews/hosts
 57      - http://sbc.io/hosts/alternates/fakenews/hosts
 58    gambling:
 59      - https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/gambling/hosts
 60      - http://sbc.io/hosts/alternates/gambling/hosts
 61    nsfw:
 62      - https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/porn/hosts
 63      - http://sbc.io/hosts/alternates/porn/hosts
 64    social:
 65      - https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/social/hosts
 66      - http://sbc.io/hosts/alternates/social/hosts
 67  whiteLists:
 68    ads:
 69      - /etc/blocky/whitelist.txt
 70  clientGroupsBlock:
 71    default:
 72      - ads
 73      - trackers
 74      - malware
 75      - fakenews
 76  blockType: zeroIp
 77  blockTTL: 10m
 78  refreshPeriod: 12h
 79  downloadTimeout: 4m
 80  downloadAttempts: 5
 81  downloadCooldown: 10s
 82  startStrategy: fast
 83
 84caching:
 85  minTime: 5m
 86  maxTime: 30m
 87  maxItemsCount: 0
 88  prefetching: true
 89  prefetchExpires: 2h
 90  prefetchThreshold: 5
 91  prefetchMaxItemsCount: 0
 92  cacheTimeNegative: 30m
 93
 94clientLookup:
 95  clients:
 96    secur-t:
 97      - 10.0.0.1
 98      - 192.168.86.197
 99    brainiac:
100      - 10.0.0.21
101      - 192.168.86.197
102    bender:
103      - 10.0.0.25
104      - 192.168.86.88
105
106# optional: write query information (question, answer, client, duration etc.) to daily csv file
107queryLog:
108  type: csv
109  target: /var/log/blocky/queries/
110  logRetentionDays: 21
111  creationAttempts: 1
112  creationCooldown: 2s
113
114port: "{{ blocky.route }}"
115{% if blocky.http is defined %}
116httpPort: 127.0.0.1:{{ blocky.http.port }}
117{% endif %}
118minTlsServeVersion: 1.3
119
120# optional: if path defined, use this file for query resolution (A, AAAA and rDNS). Default: empty
121hostsFile:
122  filePath: /etc/hosts
123  hostsTTL: 20m
124  refreshPeriod: 10m
125  filterLoopback: false
126
127log:
128  level: debug
129  format: text
130  timestamp: true
131  privacy: false