Postup popsán pro router Turris, ale lze aplikovat obecně.
A)
Přidat do konfigu KNOT resolveru odkaz na custom config.
nano /etc/config/resolver
...
config resolver 'kresd'
option include_config '/etc/kresd/custom.conf'
..
B)
Do custom.conf přidat seznam domén, na které bude KNOT klientům odpovídat NXDOMAIN
nano /etc/kresd/custom.conf
*DoH
policy.add(policy.suffix(policy.DENY, {todname('use-application-dns.net.')}))
*Track, advert etc.
policy.add(policy.suffix(policy.DENY, {todname('googlesyndication.com.')}))
policy.add(policy.suffix(policy.DENY, {todname('connect.facebook.net.')}))
policy.add(policy.suffix(policy.DENY, {todname('google-analytics.com.')}))
policy.add(policy.suffix(policy.DENY, {todname('gemius.pl.')}))
policy.add(policy.suffix(policy.DENY, {todname('iptracer.semnicneposilejte.cz.')}))
policy.add(policy.suffix(policy.DENY, {todname('pubmatic.com.')}))
policy.add(policy.suffix(policy.DENY, {todname('imedia.cz.')}))
policy.add(policy.suffix(policy.DENY, {todname('rubiconproject.com.')}))
policy.add(policy.suffix(policy.DENY, {todname('adform.net.')}))
policy.add(policy.suffix(policy.DENY, {todname('connectad.io.')}))
policy.add(policy.suffix(policy.DENY, {todname('googletagservices.com.')}))
policy.add(policy.suffix(policy.DENY, {todname('ampproject.org.')}))
policy.add(policy.suffix(policy.DENY, {todname('adnxs.com.')}))
policy.add(policy.suffix(policy.DENY, {todname('amazon-adsystem.com.')}))
policy.add(policy.suffix(policy.DENY, {todname('doubleclick.net.')}))
policy.add(policy.suffix(policy.DENY, {todname('adservice.google.cz.')}))
policy.add(policy.suffix(policy.DENY, {todname('adservice.google.com.')}))
policy.add(policy.suffix(policy.DENY, {todname('criteo.net.')}))
policy.add(policy.suffix(policy.DENY, {todname('criteo.com.')}))
policy.add(policy.suffix(policy.DENY, {todname('fundingchoicesmessages.google.com.')}))
policy.add(policy.suffix(policy.DENY, {todname('smartadserver.com.')}))
C)
Reload kresd
Hotovo