dns/dns-blackhole: Add new port

Use BIND's Response Policy Zone (RPZ) feature to blackhole various DNS queries.
2026-06-02 11:08:52 +00:00 · 2025-08-28 14:24:34 +00:00
parent ddb6258f03
commit 9937d86c06
7 changed files with 99 additions and 0 deletions
@@ -19,6 +19,7 @@
    SUBDIR += dhisd
    SUBDIR += dlint
    SUBDIR += dns-ui
+    SUBDIR += dns-blackhole
    SUBDIR += dns2blackhole
    SUBDIR += dns2tcp
    SUBDIR += dnsblast
@@ -0,0 +1,41 @@
+PORTNAME=	dns-blackhole
+PORTVERSION=	0.1.0
+CATEGORIES=	dns
+
+MAINTAINER=	dvl@FreeBSD.org
+COMMENT=	Send ads and trackers to a dead-end
+WWW=		https://github.com/morganwdavis/dns-blackhole
+
+USE_GITHUB=	yes
+GH_ACCOUNT=	morganwdavis
+
+NO_BUILD=	yes
+
+BINFILES=	dns-blackhole.sh
+CONFFILES=	dns-blackhole.conf
+DBFILES=	allowed_hosts blocked_hosts
+
+PERIODIC=	${PREFIX}/etc/periodic/daily
+
+SUB_FILES=	901.dns-blackhole
+PLIST_SUB=	PERIODIC=${PERIODIC}
+
+do-install:
+		${MKDIR} ${STAGEDIR}${ETCDIR} ${STAGEDIR}${PERIODIC}
+
+.for f in ${BINFILES}
+		${INSTALL_SCRIPT} ${WRKSRC}/${f} ${STAGEDIR}${PREFIX}/bin
+.endfor
+
+.for f in ${CONFFILES}
+		${REINPLACE_CMD} -e "s:%%PORTNAME%%:${PORTNAME}:g" ${WRKSRC}/${f}.dist
+		${INSTALL_DATA} ${WRKSRC}/${f}.dist ${STAGEDIR}${ETCDIR}/${f}.sample
+.endfor
+
+.for f in ${DBFILES}
+		${INSTALL_DATA} ${WRKSRC}/${f}.dist ${STAGEDIR}${ETCDIR}/${f}.sample
+.endfor
+
+		${INSTALL_SCRIPT} ${WRKDIR}/901.dns-blackhole ${STAGEDIR}${PERIODIC}/
+
+.include <bsd.port.mk>
@@ -0,0 +1,3 @@
+TIMESTAMP = 1756390823
+SHA256 (morganwdavis-dns-blackhole-0.1.0_GH0.tar.gz) = 814ea228695c7054f042b598cb0bec0b893794213c07534e6fb5517f017e541a
+SIZE (morganwdavis-dns-blackhole-0.1.0_GH0.tar.gz) = 5888
@@ -0,0 +1,22 @@
+#!/bin/sh -
+#
+# $FreeBSD$
+#
+
+if [ -r /etc/defaults/periodic.conf ]; then
+	. /etc/defaults/periodic.conf
+	source_periodic_confs
+fi
+
+case "$dns_blackhole_enable" in
+	[Yy][Ee][Ss])
+
+	echo
+	%%PREFIX%%/bin/dns-blackhole.sh -c /usr/local/etc/dns-blackhole/dns-blackhole.conf update
+	;;
+	*)
+	rc=0
+	;;
+esac
+
+exit $rc
@@ -0,0 +1,20 @@
+--- dns-blackhole.conf.dist.orig	2025-08-18 11:53:06 UTC
+++ dns-blackhole.conf.dist
+@@ -3,7 +3,7 @@
+ #
+ 
+ # Directory in which config and custom host files reside
+-dns_blackhole_dir="/usr/local/etc/dns-blackhole"
+dns_blackhole_dir="/var/db/%%PORTNAME%%"
+ 
+ # Path to your BIND namedb directory where included files go
+ named_includes_dir="/usr/local/etc/namedb"
+@@ -12,7 +12,7 @@ named_zone_files_dir="/usr/local/etc/namedb"
+ named_zone_files_dir="/usr/local/etc/namedb"
+ 
+ # Temporary directory in which to fetch and build zone files
+-tmp_dir="/var/tmp/dns-blackhole"
+tmp_dir="/var/tmp/%%PORTNAME%%"
+ 
+ # The fully qualified hostname of your nameserver
+ dns_server_hostname="localhost"
@@ -0,0 +1,7 @@
+If you're running your own home network with a Unix-based server, you can
+easily integrate a DNS blackhole into a local BIND DNS service -- and best
+of all, it's completely free. If you're already using BIND and know your
+way around it, you can use this script to manage BIND's Response Policy
+Zone (RPZ) feature. RPZ is designed for DNS firewall/blocking purposes.
+The script should run on *BSD and Linux distros with proper pathnames
+configured. Out of the box, it has a FreeBSD default configuration.
@@ -0,0 +1,5 @@
+bin/dns-blackhole.sh
+etc/periodic/daily/901.dns-blackhole
+@sample %%ETCDIR%%/allowed_hosts.sample
+@sample %%ETCDIR%%/blocked_hosts.sample
+@sample %%ETCDIR%%/dns-blackhole.conf.sample