Create opennic and parental-control lists directly from public-resolvers

Fixes #697

utils/subset.py

@@ -0,0 +1,103 @@
+#! /usr/bin/env python3
+
+import base64
+from copyreg import constructor
+import os
+import subprocess
+import sys
+from glob import glob
+from termios import B0
+
+
+class Entry:
+    name = None
+    description = None
+    stamps = None
+
+    def __init__(self, name, description, stamps):
+        self.name = name
+        self.description = description
+        self.stamps = stamps
+
+    @staticmethod
+    def parse(raw_entry):
+        description = ""
+        stamps = []
+        lines = raw_entry.strip().splitlines()
+        if len(lines) < 2:
+            return None
+        name = lines[0].strip()
+        previous_was_blank = False
+        for line in lines[1:]:
+            line = line.strip()
+            if previous_was_blank is True and line == "":
+                continue
+            previous_was_blank = False
+            if line.startswith("sdns://"):
+                stamps.append(line)
+            else:
+                description = description + line + "\n"
+
+        description = description.strip()
+        if len(name) < 2 or len(description) < 10 or len(stamps) < 1:
+            return None
+
+        return Entry(name, description, stamps)
+
+    def format(self):
+        out = "## " + self.name + "\n\n"
+        out = out + self.description + "\n\n"
+        for stamp in self.stamps:
+            out = out + stamp + "\n"
+
+        return out
+
+
+def process(names_path, md_path):
+    names_set = set()
+    in_header = True
+    header = ""
+    with open(names_path) as f:
+        for line in f.readlines():
+            line = line.rstrip()
+            if in_header:
+                header = header + line + "\n"
+                if line == "--":
+                    in_header = False
+            elif line != "":
+                names_set.add(line)
+
+    entries = {}
+
+    with open(md_path) as f:
+        previous_content = f.read()
+        c = previous_content.split("\n## ")
+        raw_entries = c[1:]
+        for i in range(0, len(raw_entries)):
+            entry = Entry.parse(raw_entries[i])
+            if not entry:
+                print(
+                    "Invalid entry: [" + raw_entries[i] + "]", file=sys.stderr)
+                continue
+            if entry.name in entries:
+                print("Duplicate entry: [" + entry.name + "]", file=sys.stderr)
+            entries[entry.name] = entry
+
+    print(header)
+
+    for name in entries.keys():
+        if name not in names_set:
+            continue
+
+        entry = entries[name]
+
+        print("## " + name)
+        print()
+        print(entry.description)
+        for stamp in entry.stamps:
+            print(stamp)
+        print()
+        print()
+
+
+process(sys.argv[1], sys.argv[2])

v2/opennic.md

@@ -29,3 +29,11 @@ Maintained by publicarray - https://dns.seby.io
 
 sdns://AgcAAAAAAAAADDQ1Ljc2LjExMy4zMaDMEGDTnIMptitvvH0NbfkwmGm5gefmOS1c2PpAj02A5iBETr1nu4P4gHs5Iek4rJF4uIK9UKrbESMfBEz18I33zhBkb2guc2VieS5pbzo4NDQzCi9kbnMtcXVlcnk
 
+
+## publicarray-au2-doh
+
+DNSSEC • OpenNIC • Non-logging • Uncensored - hosted on ovh.com.au
+Maintained by publicarray - https://dns.seby.io
+
+sdns://AgcAAAAAAAAADTEzOS45OS4yMjIuNzKgzBBg05yDKbYrb7x9DW35MJhpuYHn5jktXNj6QI9NgOYgRE69Z7uD-IB7OSHpOKyReLiCvVCq2xEjHwRM9fCN984NZG9oLTIuc2VieS5pbwovZG5zLXF1ZXJ5
+

v2/opennic.md.minisig

@@ -1,4 +1,4 @@
 untrusted comment: signature from minisign secret key
-RWQf6LRCGA9i50A3DQ/RA95tpsalb9KvyTXhZxGjJCY3er4peV5CtO3rmERpwHqO6QAtR7sy6vjfvWhjiQ0IB8kbBJDSqgvQewY=
-trusted comment: timestamp:1653835981	file:opennic.md
-JgYDqJ7x9gWQQGy2aOfdW4OQ/n15MrhNszgyfSsEJdFf+fuk55Sa4V7Ype0U8H3Yid0ADI+wBLA/A5qsktQZCw==
+RWQf6LRCGA9i5xvl+nnWxzNwz1jhlV2cGZLCfbqkYxjI+7xdeWED6LxDMBJ2Jj/egoWyDZojz2+2wonUoBiAoP5KnRknkDZdBQ8=
+trusted comment: timestamp:1656352364	file:opennic.md
+iGsbjnxM/4CW9DDdlEg2LW2RY3m3MADlJoYcOwrQ+WyuK9b6iO06CaruqknWFNVequ4/WzEOARX6E8L4KlPeAg==

v2/parental-control.md

@@ -54,6 +54,8 @@ sdns://AQEAAAAAAAAADjIwOC42Ny4yMjAuMTIzILc1EUAgbyJdPivYItf9aR6hwzzI1maNDL4Ev6vKQ
 
 Block websites not suitable for children (IPv6)
 
+Warning: This server is incompatible with anonymization.
+
 Warning: modifies your queries to include a copy of your network
 address when forwarding them to a selection of companies and organizations.
 
@@ -66,6 +68,8 @@ Blocks access to all adult, pornographic and explicit sites. It does
 not block proxy or VPNs, nor mixed-content sites. Sites like Reddit
 are allowed. Google and Bing are set to the Safe Mode.
 
+Warning: This server is incompatible with anonymization.
+
 By https://cleanbrowsing.org/
 
 sdns://AQMAAAAAAAAAEzE4NS4yMjguMTY4LjEwOjg0NDMgvKwy-tVDaRcfCDLWB1AnwyCM7vDo6Z-UGNx3YGXUjykRY2xlYW5icm93c2luZy5vcmc
@@ -77,6 +81,8 @@ Blocks access to all adult, pornographic and explicit sites. It does
 not block proxy or VPNs, nor mixed-content sites. Sites like Reddit
 are allowed. Google and Bing are set to the Safe Mode.
 
+Warning: This server is incompatible with anonymization.
+
 By https://cleanbrowsing.org/
 
 sdns://AQMAAAAAAAAAFVsyYTBkOjJhMDA6MTo6MV06ODQ0MyC8rDL61UNpFx8IMtYHUCfDIIzu8Ojpn5QY3HdgZdSPKRFjbGVhbmJyb3dzaW5nLm9yZw
@@ -89,6 +95,8 @@ blocks proxy and VPN domains that are used to bypass the filters.
 Mixed content sites (like Reddit) are also blocked. Google, Bing and
 Youtube are set to the Safe Mode.
 
+Warning: This server is incompatible with anonymization.
+
 By https://cleanbrowsing.org/
 
 sdns://AQMAAAAAAAAAFDE4NS4yMjguMTY4LjE2ODo4NDQzILysMvrVQ2kXHwgy1gdQJ8MgjO7w6OmflBjcd2Bl1I8pEWNsZWFuYnJvd3Npbmcub3Jn
@@ -101,6 +109,8 @@ blocks proxy and VPN domains that are used to bypass the filters.
 Mixed content sites (like Reddit) are also blocked. Google, Bing and
 Youtube are set to the Safe Mode.
 
+Warning: This server is incompatible with anonymization.
+
 By https://cleanbrowsing.org/
 
 sdns://AQMAAAAAAAAAFFsyYTBkOjJhMDA6MTo6XTo4NDQzILysMvrVQ2kXHwgy1gdQJ8MgjO7w6OmflBjcd2Bl1I8pEWNsZWFuYnJvd3Npbmcub3Jn
@@ -311,7 +321,9 @@ Family safety focused blocklist for over 2 million adult sites, as well as phish
 Free to use, paid for customizing blocking for more categories+sites and viewing usage at my.safesurfer.io. Logs taken for viewing
 usage, data never sold - https://safesurfer.io
 
-sdns://AQMAAAAAAAAADzEwNC4xNTUuMjM3LjIyNSAnIH_VEgToNntINABd-f_R0wu-KpwzY55u2_iu2R1A2CAyLmRuc2NyeXB0LWNlcnQuc2FmZXN1cmZlci5jby5ueg
+Warning: this server is incompatible with DNS anonymization.
+
+sdns://AQIAAAAAAAAADzEwNC4xNTUuMjM3LjIyNSAnIH_VEgToNntINABd-f_R0wu-KpwzY55u2_iu2R1A2CAyLmRuc2NyeXB0LWNlcnQuc2FmZXN1cmZlci5jby5ueg
 
 
 ## sfw.scaleway-fr

v2/parental-control.md.minisig

@@ -1,4 +1,4 @@
 untrusted comment: signature from minisign secret key
-RWQf6LRCGA9i5y3xw9FryACi0rsmBAORsyGSpyh9c8n+2mkb7KR0RbbBzZ0d/3MI5tH6wdEzZ1SS4Sn0HYEVxLO4YaRB6tZ8og4=
-trusted comment: timestamp:1655992743	file:parental-control.md
-jogFSRX1UgCNi4GVkTuPHFXQifDm9UHnRssiJxDxdULecaHgcmjls234ygnDHJN6Pg7f/kxy2Jucsb0cB2dsCQ==
+RWQf6LRCGA9i57TmtOMN10QGpujoa2PvOU1vlaUzBJpf4sGr4M0i6kAA4qncBfEZhRAg999zJx9fG/89oUFyYdp4lWN7DLIuBAQ=
+trusted comment: timestamp:1656351887	file:parental-control.md
+7nyTphL3xBjOhMMp+yzyAdGm64ixFopHP4Y0FH/4Z39f+zQ/+7UGXlQImJJg4X87TkCktvLsvPu+O0789ebnBw==

v3/opennic.md

@@ -29,3 +29,11 @@ Maintained by publicarray - https://dns.seby.io
 
 sdns://AgcAAAAAAAAADDQ1Ljc2LjExMy4zMaDMEGDTnIMptitvvH0NbfkwmGm5gefmOS1c2PpAj02A5iBETr1nu4P4gHs5Iek4rJF4uIK9UKrbESMfBEz18I33zhBkb2guc2VieS5pbzo4NDQzCi9kbnMtcXVlcnk
 
+
+## publicarray-au2-doh
+
+DNSSEC • OpenNIC • Non-logging • Uncensored - hosted on ovh.com.au
+Maintained by publicarray - https://dns.seby.io
+
+sdns://AgcAAAAAAAAADTEzOS45OS4yMjIuNzKgzBBg05yDKbYrb7x9DW35MJhpuYHn5jktXNj6QI9NgOYgRE69Z7uD-IB7OSHpOKyReLiCvVCq2xEjHwRM9fCN984NZG9oLTIuc2VieS5pbwovZG5zLXF1ZXJ5
+

v3/opennic.md.minisig

@@ -1,4 +1,4 @@
 untrusted comment: signature from minisign secret key
-RWQf6LRCGA9i501M0BipI+n9EgsnJwjKu7yiS4NcUAhs6PvRr+SAZxzO66Ed8mIPRji3flgTrAjazNQDUgsa/z2dXMEarAjtwAA=
-trusted comment: timestamp:1653835981	file:opennic.md
-IDsvqCpHswuK4CXBo44TaMlcmVl2JbMeykYFu/qjLzkXlXctvWOzZKnAllJssjQqPDWD0EGxvuWrCSxPO8ogAw==
+RWQf6LRCGA9i59hUE/8DT7+6kX6w8K0F/RdeAt9Lj8OZpH4GdP+BOL1n+67VAnKqg++p32rXnuABVE2pmal0WM6XloYtrkFDRQc=
+trusted comment: timestamp:1656352364	file:opennic.md
+4tWBxOcFZt2oRnjRlStFFoSArTh9TtEeVewy9y5qdbdk2GZOZ8uJe0ftnNEkskAShk/jL9maGiLOih1wFwqRCQ==

v3/opennic.subset

@@ -0,0 +1,16 @@
+# opennic
+
+Resolvers from the [OpenNIC](https://www.opennic.org/) project.
+
+To use that list, add this to the `[sources]` section of your
+`dnscrypt-proxy.toml` configuration file:
+
+    [sources.'opennic']
+    urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/opennic.md', 'https://download.dnscrypt.info/resolvers-list/v3/opennic.md']
+    minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
+    cache_file = 'opennic.md'
+
+--
+opennic-R4SAS
+publicarray-au-doh
+publicarray-au2-doh

v3/parental-control.md

@@ -61,6 +61,8 @@ sdns://AQEAAAAAAAAADjIwOC42Ny4yMjAuMTIzILc1EUAgbyJdPivYItf9aR6hwzzI1maNDL4Ev6vKQ
 
 Block websites not suitable for children (IPv6)
 
+Warning: This server is incompatible with anonymization.
+
 Warning: modifies your queries to include a copy of your network
 address when forwarding them to a selection of companies and organizations.
 
@@ -73,6 +75,8 @@ Blocks access to all adult, pornographic and explicit sites. It does
 not block proxy or VPNs, nor mixed-content sites. Sites like Reddit
 are allowed. Google and Bing are set to the Safe Mode.
 
+Warning: This server is incompatible with anonymization.
+
 By https://cleanbrowsing.org/
 
 sdns://AQMAAAAAAAAAEzE4NS4yMjguMTY4LjEwOjg0NDMgvKwy-tVDaRcfCDLWB1AnwyCM7vDo6Z-UGNx3YGXUjykRY2xlYW5icm93c2luZy5vcmc
@@ -84,6 +88,8 @@ Blocks access to all adult, pornographic and explicit sites. It does
 not block proxy or VPNs, nor mixed-content sites. Sites like Reddit
 are allowed. Google and Bing are set to the Safe Mode.
 
+Warning: This server is incompatible with anonymization.
+
 By https://cleanbrowsing.org/
 
 sdns://AQMAAAAAAAAAFVsyYTBkOjJhMDA6MTo6MV06ODQ0MyC8rDL61UNpFx8IMtYHUCfDIIzu8Ojpn5QY3HdgZdSPKRFjbGVhbmJyb3dzaW5nLm9yZw
@@ -96,6 +102,8 @@ blocks proxy and VPN domains that are used to bypass the filters.
 Mixed content sites (like Reddit) are also blocked. Google, Bing and
 Youtube are set to the Safe Mode.
 
+Warning: This server is incompatible with anonymization.
+
 By https://cleanbrowsing.org/
 
 sdns://AQMAAAAAAAAAFDE4NS4yMjguMTY4LjE2ODo4NDQzILysMvrVQ2kXHwgy1gdQJ8MgjO7w6OmflBjcd2Bl1I8pEWNsZWFuYnJvd3Npbmcub3Jn
@@ -108,6 +116,8 @@ blocks proxy and VPN domains that are used to bypass the filters.
 Mixed content sites (like Reddit) are also blocked. Google, Bing and
 Youtube are set to the Safe Mode.
 
+Warning: This server is incompatible with anonymization.
+
 By https://cleanbrowsing.org/
 
 sdns://AQMAAAAAAAAAFFsyYTBkOjJhMDA6MTo6XTo4NDQzILysMvrVQ2kXHwgy1gdQJ8MgjO7w6OmflBjcd2Bl1I8pEWNsZWFuYnJvd3Npbmcub3Jn
@@ -319,7 +329,9 @@ Family safety focused blocklist for over 2 million adult sites, as well as phish
 Free to use, paid for customizing blocking for more categories+sites and viewing usage at my.safesurfer.io. Logs taken for viewing
 usage, data never sold - https://safesurfer.io
 
-sdns://AQMAAAAAAAAADzEwNC4xNTUuMjM3LjIyNSAnIH_VEgToNntINABd-f_R0wu-KpwzY55u2_iu2R1A2CAyLmRuc2NyeXB0LWNlcnQuc2FmZXN1cmZlci5jby5ueg
+Warning: this server is incompatible with DNS anonymization.
+
+sdns://AQIAAAAAAAAADzEwNC4xNTUuMjM3LjIyNSAnIH_VEgToNntINABd-f_R0wu-KpwzY55u2_iu2R1A2CAyLmRuc2NyeXB0LWNlcnQuc2FmZXN1cmZlci5jby5ueg
 
 
 ## sfw.scaleway-fr

v3/parental-control.md.minisig

@@ -1,4 +1,4 @@
 untrusted comment: signature from minisign secret key
-RWQf6LRCGA9i51iGNbkR9xLMXfI/x/+FkFAsq0M0wKSCAU04xi4N2SLaM7RV99CkBrCKkIpIYVg5rEjey92JxZ9K6s+Iq5klwgA=
-trusted comment: timestamp:1655992743	file:parental-control.md
-tcKpYQO8R3hna6PmTDER8yypCB85kEcuLbN8iGLvScexTaEhTDYorW0DLANu77JhzGErChGla3tnh36oULRECA==
+RWQf6LRCGA9i57aC95XoecaIbQU3OVok0BI21BntugkAVBF0/yeJm8+L9qnpUSnN/hCka2IJE2wPMsjeUE6p+DmyFF9KCeE/agM=
+trusted comment: timestamp:1656352364	file:parental-control.md
+bGGrNRrUmf8+So/tbFbJB819Cczxb41yYFnBRdwojpwm+vKx86aaPo2255CIxhNMlKJzbPxMav74Yr4lU/4eCw==

v3/parental-control.subset

@@ -0,0 +1,52 @@
+# parental-control
+
+A set of resolvers blocking popular websites that may not be appropriate
+for children.
+
+This is not bulletproof. In particular, websites in languages that are
+not English will require additional, local rules.
+
+To use that list, add this to the `[sources]` section of your
+`dnscrypt-proxy.toml` configuration file:
+
+    [sources.'parental-control']
+    urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/parental-control.md', 'https://download.dnscrypt.info/resolvers-list/v3/parental-control.md']
+    minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
+    cache_file = 'parental-control.md'
+
+In order to enforce safe search results from Google and Youtube, you may
+also want to enable cloaking (`cloaking_rules` in the configuration file).
+
+--
+
+adguard-dns-family
+adguard-dns-family-doh
+adguard-dns-family-ipv6
+cisco-familyshield
+cisco-familyshield-ipv6
+cleanbrowsing-adult
+cleanbrowsing-adult-ipv6
+cleanbrowsing-family
+cleanbrowsing-family-ipv6
+cloudflare-family
+cloudflare-family-ipv6
+dnsforfamily
+dnsforfamily-doh
+dnsforfamily-doh-no-safe-search
+dnsforfamily-no-safe-search
+dnsforfamily-v6
+dnswarden-asia-adultfilter-dcv4
+dnswarden-asia-adultfilter-dcv6
+dnswarden-asia-adultfilter-doh
+dnswarden-eu-adultfilter-dcv4
+dnswarden-eu-adultfilter-dcv6
+dnswarden-eu-adultfilter-doh
+dnswarden-us-adultfilter-dcv4
+dnswarden-us-adultfilter-dcv6
+dnswarden-us-adultfilter-doh
+doh-cleanbrowsing-adult
+doh-cleanbrowsing-family
+puredns-family-doh
+puredns-family-doh-ipv6
+safesurfer
+sfw.scaleway-fr