env: TZ: Europe/Amsterdam podAnnotations: prometheus.io/scrape: "true" prometheus.io/port: "4000" image: tag: v0.15 service: main: ports: http: port: 4000 dns-tcp: enabled: false dns-udp: enabled: true type: LoadBalancer externalTrafficPolicy: Local ports: dns-udp: enabled: true port: 53 protocol: UDP targetPort: 53 persistence: logs: enabled: true mountPath: /logs accessMode: ReadWriteOnce size: 1Gi storageClass: local-path prometheus: serviceMonitor: enabled: false # -- Full list of options https://github.com/0xERR0R/blocky/blob/master/docs/config.yml config: | upstream: externalResolvers: - 192.168.1.1 #customDNS: # mapping: # printer.lan: 192.168.178.3 conditional: mapping: lan: udp:192.168.1.1 dc: udp:192.168.1.1 blocking: blackLists: ads: - https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/spy.txt - https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/extra.txt - https://raw.githubusercontent.com/Perflyst/PiHoleBlocklist/master/android-tracking.txt - https://raw.githubusercontent.com/Perflyst/PiHoleBlocklist/master/SmartTV.txt - https://raw.githubusercontent.com/notracking/hosts-blocklists/master/hostnames.txt - https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts - http://sysctl.org/cameleon/hosts - https://adaway.org/hosts.txt - https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-malware.txt - https://hostfiles.frogeye.fr/firstparty-trackers-hosts.txt - https://phishing.army/download/phishing_army_blocklist_extended.txt - https://raw.githubusercontent.com/anudeepND/blacklist/master/adservers.txt - https://raw.githubusercontent.com/anudeepND/youtubeadsblacklist/master/domainlist.txt - https://raw.githubusercontent.com/bigdargon/hostsVN/master/hosts - https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/spy.txt - https://raw.githubusercontent.com/DandelionSprout/adfilt/master/Alternate%20versions%20Anti-Malware%20List/AntiMalwareHosts.txt - https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.2o7Net/hosts - https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.Risk/hosts - https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.Spam/hosts - https://raw.githubusercontent.com/Kees1958/W3C_annual_most_used_survey_blocklist/master/TOP_EU_US_Ads_Trackers_HOST - https://raw.githubusercontent.com/PolishFiltersTeam/KADhosts/master/KADhosts.txt - https://raw.githubusercontent.com/Spam404/lists/master/main-blacklist.txt - https://urlhaus.abuse.ch/downloads/hostfile/ - https://zerodot1.gitlab.io/CoinBlockerLists/hosts_browser # All firebog lists: - https://v.firebog.net/hosts/Cameleon.txt - https://v.firebog.net/hosts/HostsFileOrg.txt - https://v.firebog.net/hosts/JoeWein.txt - https://v.firebog.net/hosts/Mahakala.txt - https://v.firebog.net/hosts/JoeyLane.txt - https://v.firebog.net/hosts/PeterLowe.txt - https://v.firebog.net/hosts/PiwikSpam.txt - https://v.firebog.net/hosts/ReddestDream.txt - https://v.firebog.net/hosts/SBDead.txt - https://v.firebog.net/hosts/SBKAD.txt - https://v.firebog.net/hosts/SBSpam.txt - https://v.firebog.net/hosts/SomeoneWC.txt - https://v.firebog.net/hosts/Spam404.txt - https://v.firebog.net/hosts/Vokins.txt - https://v.firebog.net/hosts/Winhelp2002.txt - https://v.firebog.net/hosts/AdAway.txt - https://v.firebog.net/hosts/Disconnect-ads.txt - https://v.firebog.net/hosts/Easylist.txt - https://v.firebog.net/hosts/Easylist-Dutch.txt - https://v.firebog.net/hosts/SBUnchecky.txt - https://v.firebog.net/hosts/AdguardDNS.txt - https://v.firebog.net/hosts/Prigent-Ads.txt - https://v.firebog.net/hosts/Airelle-trc.txt - https://v.firebog.net/hosts/Disconnect-trc.txt - https://v.firebog.net/hosts/Disconnect-mal.txt - https://v.firebog.net/hosts/Easyprivacy.txt - https://v.firebog.net/hosts/SB2o7Net.txt - https://v.firebog.net/hosts/APT1Rep.txt - https://v.firebog.net/hosts/Airelle-hrsk.txt - https://v.firebog.net/hosts/Openphish.txt - https://v.firebog.net/hosts/SBRisk.txt - https://v.firebog.net/hosts/Shalla-mal.txt - https://v.firebog.net/hosts/Prigent-Malware.txt ms: [] untrusted: - https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/update.txt - https://git.nold.in/nold/dns-whitelist/raw/branch/master/blacklists/ms.txt - https://git.nold.in/nold/dns-whitelist/raw/branch/master/blacklists/fbook.txt - https://git.nold.in/nold/dns-whitelist/raw/branch/master/blacklists/google.txt - https://git.nold.in/nold/dns-whitelist/raw/branch/master/blacklists/nintendont.txt - https://git.nold.in/nold/dns-whitelist/raw/branch/master/blacklists/ps.txt - https://git.nold.in/nold/dns-whitelist/raw/branch/master/blacklists/xbox.txt whiteLists: ads: - https://git.nold.in/nold/dns-whitelist/raw/branch/master/whitelists/common.txt - https://git.nold.in/nold/dns-whitelist/raw/branch/master/whitelists/ms.txt ms: - https://git.nold.in/nold/dns-whitelist/raw/branch/master/whitelists/ms.txt clientGroupsBlock: default: - ads LAPTOP-G35N0AS1.lan: - ads - ms # use client name (with wildcard support: * - sequence of any characters, [0-9] - range) # or single ip address / client subnet as CIDR notation #laptop*: # - ads #192.168.178.1/24: # - special # which response will be sent, if query is blocked: blockType: zeroIp # optional: automatically list refresh period in minutes. Default: 4h. # Negative value -> deactivate automatically refresh. # 0 value -> use default refreshPeriod: 0 # optional: configuration for caching of DNS responses #caching: # amount in minutes, how long a response must be cached (min value). # If <=0, use response's TTL, if >0 use this value, if TTL is smaller # Default: 0 # minTime: 5 # amount in minutes, how long a response must be cached (max value). # If <0, do not cache responses # If 0, use TTL # If > 0, use this value, if TTL is greater # Default: 0 # maxTime: -1 # if true, will preload DNS results for often used queries (names queried more than 5 times in a 2 hour time window) # this improves the response time for often used queries, but significantly increases external traffic # default: false # prefetching: true # optional: configuration of client name resolution clientLookup: # optional: this DNS resolver will be used to perform reverse DNS lookup (typically local router) upstream: udp:192.168.1.1 # optional: custom mapping of client name to IP addresses. Useful if reverse DNS does not work properly or just to have custom client names. #clients: # laptop: # - 192.168.178.29 prometheus: enable: true path: /metrics # optional: write query information (question, answer, client, duration etc) to daily csv file queryLog: # # directory (should be mounted as volume in docker) dir: /logs # # if true, write one file per client. Writes all queries to single file otherwise # perClient: true # # if > 0, deletes log files which are older than ... days logRetentionDays: 1 port: 53 httpPort: 4000 bootstrapDns: udp:192.168.1.1 logLevel: info logFormat: text