Readme: Português
A powerful tool to filter known malicious domains in Bind9. This script automates the protection against DNS spoofing and DNS hijacking by keeping your blocklists updated and properly configured.
- Automated Updates: Download the latest
blockeddomains.dbandblocked_domain_acl.conf. - DNS Filtering: Seamlessly apply security policies to your Bind9 instance.
- Environment Check: Built-in verification for Bind9 installation and config health.
- Version Control: Auto-checks for script updates to ensure you have the latest security patches.
- OS: Linux (Debian, Ubuntu, CentOS, RHEL supported).
- Service: Bind9 (ISC BIND) installed.
- Tools:
curlandsudoprivileges.
You can run the script directly without cloning the repo:
curl -s https://raw.githubusercontent.com/sr00t3d/bindfilter/main/bind_filter.sh | sudo bash -s -- -rNote: Always review scripts before running them with sudo.
| Option | Description |
|---|---|
-r, --run |
Applies DNS filters and restarts/reloads Bind9. |
-u, --update all |
Updates both zone and ACL files. |
-u, --update zone |
Updates only the blockeddomains.db file. |
-u, --update acl |
Updates only the blocked_domain_acl.conf file. |
-c, --check |
Validates current Bind9 environment. |
-h, --help |
Displays help message. |
- Clone:
git clone https://github.com/sr00t3d/bindfilter.git - Access:
cd bindfilter - Execute:
chmod +x bind_filter.sh && sudo ./bind_filter.sh -r
- Permissions: Ensure the script has
+xpermission. - Connectivity: Verify if your server can reach
raw.githubusercontent.com. - Logs: Check
journalctl -u namedif Bind9 fails to restart.
Warning
This software is provided "as is". Always make sure to test first in a development environment. The author is not responsible for any misuse, legal consequences, or data impact caused by this tool.
For a complete step-by-step guide, check out my full article:
👉 Filter known malicious domains in Bind9
This project is licensed under the GNU General Public License v3.0. See the LICENSE file for details.