diff --git a/utils/subset.py b/utils/subset.py new file mode 100755 index 00000000..0c60cc42 --- /dev/null +++ b/utils/subset.py @@ -0,0 +1,103 @@ +#! /usr/bin/env python3 + +import base64 +from copyreg import constructor +import os +import subprocess +import sys +from glob import glob +from termios import B0 + + +class Entry: + name = None + description = None + stamps = None + + def __init__(self, name, description, stamps): + self.name = name + self.description = description + self.stamps = stamps + + @staticmethod + def parse(raw_entry): + description = "" + stamps = [] + lines = raw_entry.strip().splitlines() + if len(lines) < 2: + return None + name = lines[0].strip() + previous_was_blank = False + for line in lines[1:]: + line = line.strip() + if previous_was_blank is True and line == "": + continue + previous_was_blank = False + if line.startswith("sdns://"): + stamps.append(line) + else: + description = description + line + "\n" + + description = description.strip() + if len(name) < 2 or len(description) < 10 or len(stamps) < 1: + return None + + return Entry(name, description, stamps) + + def format(self): + out = "## " + self.name + "\n\n" + out = out + self.description + "\n\n" + for stamp in self.stamps: + out = out + stamp + "\n" + + return out + + +def process(names_path, md_path): + names_set = set() + in_header = True + header = "" + with open(names_path) as f: + for line in f.readlines(): + line = line.rstrip() + if in_header: + header = header + line + "\n" + if line == "--": + in_header = False + elif line != "": + names_set.add(line) + + entries = {} + + with open(md_path) as f: + previous_content = f.read() + c = previous_content.split("\n## ") + raw_entries = c[1:] + for i in range(0, len(raw_entries)): + entry = Entry.parse(raw_entries[i]) + if not entry: + print( + "Invalid entry: [" + raw_entries[i] + "]", file=sys.stderr) + continue + if entry.name in entries: + print("Duplicate entry: [" + entry.name + "]", file=sys.stderr) + entries[entry.name] = entry + + print(header) + + for name in entries.keys(): + if name not in names_set: + continue + + entry = entries[name] + + print("## " + name) + print() + print(entry.description) + for stamp in entry.stamps: + print(stamp) + print() + print() + + +process(sys.argv[1], sys.argv[2]) diff --git a/v2/opennic.md b/v2/opennic.md index 9dcc1801..1572c169 100644 --- a/v2/opennic.md +++ b/v2/opennic.md @@ -29,3 +29,11 @@ Maintained by publicarray - https://dns.seby.io sdns://AgcAAAAAAAAADDQ1Ljc2LjExMy4zMaDMEGDTnIMptitvvH0NbfkwmGm5gefmOS1c2PpAj02A5iBETr1nu4P4gHs5Iek4rJF4uIK9UKrbESMfBEz18I33zhBkb2guc2VieS5pbzo4NDQzCi9kbnMtcXVlcnk + +## publicarray-au2-doh + +DNSSEC • OpenNIC • Non-logging • Uncensored - hosted on ovh.com.au +Maintained by publicarray - https://dns.seby.io + +sdns://AgcAAAAAAAAADTEzOS45OS4yMjIuNzKgzBBg05yDKbYrb7x9DW35MJhpuYHn5jktXNj6QI9NgOYgRE69Z7uD-IB7OSHpOKyReLiCvVCq2xEjHwRM9fCN984NZG9oLTIuc2VieS5pbwovZG5zLXF1ZXJ5 + diff --git a/v2/opennic.md.minisig b/v2/opennic.md.minisig index bfb78ec9..b88ef711 100644 --- a/v2/opennic.md.minisig +++ b/v2/opennic.md.minisig @@ -1,4 +1,4 @@ untrusted comment: signature from minisign secret key -RWQf6LRCGA9i50A3DQ/RA95tpsalb9KvyTXhZxGjJCY3er4peV5CtO3rmERpwHqO6QAtR7sy6vjfvWhjiQ0IB8kbBJDSqgvQewY= -trusted comment: timestamp:1653835981 file:opennic.md -JgYDqJ7x9gWQQGy2aOfdW4OQ/n15MrhNszgyfSsEJdFf+fuk55Sa4V7Ype0U8H3Yid0ADI+wBLA/A5qsktQZCw== +RWQf6LRCGA9i5xvl+nnWxzNwz1jhlV2cGZLCfbqkYxjI+7xdeWED6LxDMBJ2Jj/egoWyDZojz2+2wonUoBiAoP5KnRknkDZdBQ8= +trusted comment: timestamp:1656352364 file:opennic.md +iGsbjnxM/4CW9DDdlEg2LW2RY3m3MADlJoYcOwrQ+WyuK9b6iO06CaruqknWFNVequ4/WzEOARX6E8L4KlPeAg== diff --git a/v2/parental-control.md b/v2/parental-control.md index c326d81f..7cae48e7 100644 --- a/v2/parental-control.md +++ b/v2/parental-control.md @@ -54,6 +54,8 @@ sdns://AQEAAAAAAAAADjIwOC42Ny4yMjAuMTIzILc1EUAgbyJdPivYItf9aR6hwzzI1maNDL4Ev6vKQ Block websites not suitable for children (IPv6) +Warning: This server is incompatible with anonymization. + Warning: modifies your queries to include a copy of your network address when forwarding them to a selection of companies and organizations. @@ -66,6 +68,8 @@ Blocks access to all adult, pornographic and explicit sites. It does not block proxy or VPNs, nor mixed-content sites. Sites like Reddit are allowed. Google and Bing are set to the Safe Mode. +Warning: This server is incompatible with anonymization. + By https://cleanbrowsing.org/ sdns://AQMAAAAAAAAAEzE4NS4yMjguMTY4LjEwOjg0NDMgvKwy-tVDaRcfCDLWB1AnwyCM7vDo6Z-UGNx3YGXUjykRY2xlYW5icm93c2luZy5vcmc @@ -77,6 +81,8 @@ Blocks access to all adult, pornographic and explicit sites. It does not block proxy or VPNs, nor mixed-content sites. Sites like Reddit are allowed. Google and Bing are set to the Safe Mode. +Warning: This server is incompatible with anonymization. + By https://cleanbrowsing.org/ sdns://AQMAAAAAAAAAFVsyYTBkOjJhMDA6MTo6MV06ODQ0MyC8rDL61UNpFx8IMtYHUCfDIIzu8Ojpn5QY3HdgZdSPKRFjbGVhbmJyb3dzaW5nLm9yZw @@ -89,6 +95,8 @@ blocks proxy and VPN domains that are used to bypass the filters. Mixed content sites (like Reddit) are also blocked. Google, Bing and Youtube are set to the Safe Mode. +Warning: This server is incompatible with anonymization. + By https://cleanbrowsing.org/ sdns://AQMAAAAAAAAAFDE4NS4yMjguMTY4LjE2ODo4NDQzILysMvrVQ2kXHwgy1gdQJ8MgjO7w6OmflBjcd2Bl1I8pEWNsZWFuYnJvd3Npbmcub3Jn @@ -101,6 +109,8 @@ blocks proxy and VPN domains that are used to bypass the filters. Mixed content sites (like Reddit) are also blocked. Google, Bing and Youtube are set to the Safe Mode. +Warning: This server is incompatible with anonymization. + By https://cleanbrowsing.org/ sdns://AQMAAAAAAAAAFFsyYTBkOjJhMDA6MTo6XTo4NDQzILysMvrVQ2kXHwgy1gdQJ8MgjO7w6OmflBjcd2Bl1I8pEWNsZWFuYnJvd3Npbmcub3Jn @@ -311,7 +321,9 @@ Family safety focused blocklist for over 2 million adult sites, as well as phish Free to use, paid for customizing blocking for more categories+sites and viewing usage at my.safesurfer.io. Logs taken for viewing usage, data never sold - https://safesurfer.io -sdns://AQMAAAAAAAAADzEwNC4xNTUuMjM3LjIyNSAnIH_VEgToNntINABd-f_R0wu-KpwzY55u2_iu2R1A2CAyLmRuc2NyeXB0LWNlcnQuc2FmZXN1cmZlci5jby5ueg +Warning: this server is incompatible with DNS anonymization. + +sdns://AQIAAAAAAAAADzEwNC4xNTUuMjM3LjIyNSAnIH_VEgToNntINABd-f_R0wu-KpwzY55u2_iu2R1A2CAyLmRuc2NyeXB0LWNlcnQuc2FmZXN1cmZlci5jby5ueg ## sfw.scaleway-fr diff --git a/v2/parental-control.md.minisig b/v2/parental-control.md.minisig index db66bdec..4664e2d8 100644 --- a/v2/parental-control.md.minisig +++ b/v2/parental-control.md.minisig @@ -1,4 +1,4 @@ untrusted comment: signature from minisign secret key -RWQf6LRCGA9i5y3xw9FryACi0rsmBAORsyGSpyh9c8n+2mkb7KR0RbbBzZ0d/3MI5tH6wdEzZ1SS4Sn0HYEVxLO4YaRB6tZ8og4= -trusted comment: timestamp:1655992743 file:parental-control.md -jogFSRX1UgCNi4GVkTuPHFXQifDm9UHnRssiJxDxdULecaHgcmjls234ygnDHJN6Pg7f/kxy2Jucsb0cB2dsCQ== +RWQf6LRCGA9i57TmtOMN10QGpujoa2PvOU1vlaUzBJpf4sGr4M0i6kAA4qncBfEZhRAg999zJx9fG/89oUFyYdp4lWN7DLIuBAQ= +trusted comment: timestamp:1656351887 file:parental-control.md +7nyTphL3xBjOhMMp+yzyAdGm64ixFopHP4Y0FH/4Z39f+zQ/+7UGXlQImJJg4X87TkCktvLsvPu+O0789ebnBw== diff --git a/v3/opennic.md b/v3/opennic.md index 850f688d..a70d6d1e 100644 --- a/v3/opennic.md +++ b/v3/opennic.md @@ -29,3 +29,11 @@ Maintained by publicarray - https://dns.seby.io sdns://AgcAAAAAAAAADDQ1Ljc2LjExMy4zMaDMEGDTnIMptitvvH0NbfkwmGm5gefmOS1c2PpAj02A5iBETr1nu4P4gHs5Iek4rJF4uIK9UKrbESMfBEz18I33zhBkb2guc2VieS5pbzo4NDQzCi9kbnMtcXVlcnk + +## publicarray-au2-doh + +DNSSEC • OpenNIC • Non-logging • Uncensored - hosted on ovh.com.au +Maintained by publicarray - https://dns.seby.io + +sdns://AgcAAAAAAAAADTEzOS45OS4yMjIuNzKgzBBg05yDKbYrb7x9DW35MJhpuYHn5jktXNj6QI9NgOYgRE69Z7uD-IB7OSHpOKyReLiCvVCq2xEjHwRM9fCN984NZG9oLTIuc2VieS5pbwovZG5zLXF1ZXJ5 + diff --git a/v3/opennic.md.minisig b/v3/opennic.md.minisig index e7350c16..5f40b9a2 100644 --- a/v3/opennic.md.minisig +++ b/v3/opennic.md.minisig @@ -1,4 +1,4 @@ untrusted comment: signature from minisign secret key -RWQf6LRCGA9i501M0BipI+n9EgsnJwjKu7yiS4NcUAhs6PvRr+SAZxzO66Ed8mIPRji3flgTrAjazNQDUgsa/z2dXMEarAjtwAA= -trusted comment: timestamp:1653835981 file:opennic.md -IDsvqCpHswuK4CXBo44TaMlcmVl2JbMeykYFu/qjLzkXlXctvWOzZKnAllJssjQqPDWD0EGxvuWrCSxPO8ogAw== +RWQf6LRCGA9i59hUE/8DT7+6kX6w8K0F/RdeAt9Lj8OZpH4GdP+BOL1n+67VAnKqg++p32rXnuABVE2pmal0WM6XloYtrkFDRQc= +trusted comment: timestamp:1656352364 file:opennic.md +4tWBxOcFZt2oRnjRlStFFoSArTh9TtEeVewy9y5qdbdk2GZOZ8uJe0ftnNEkskAShk/jL9maGiLOih1wFwqRCQ== diff --git a/v3/opennic.subset b/v3/opennic.subset new file mode 100644 index 00000000..3e6f97ec --- /dev/null +++ b/v3/opennic.subset @@ -0,0 +1,16 @@ +# opennic + +Resolvers from the [OpenNIC](https://www.opennic.org/) project. + +To use that list, add this to the `[sources]` section of your +`dnscrypt-proxy.toml` configuration file: + + [sources.'opennic'] + urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/opennic.md', 'https://download.dnscrypt.info/resolvers-list/v3/opennic.md'] + minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3' + cache_file = 'opennic.md' + +-- +opennic-R4SAS +publicarray-au-doh +publicarray-au2-doh diff --git a/v3/parental-control.md b/v3/parental-control.md index 79c4a1a4..56befc95 100644 --- a/v3/parental-control.md +++ b/v3/parental-control.md @@ -61,6 +61,8 @@ sdns://AQEAAAAAAAAADjIwOC42Ny4yMjAuMTIzILc1EUAgbyJdPivYItf9aR6hwzzI1maNDL4Ev6vKQ Block websites not suitable for children (IPv6) +Warning: This server is incompatible with anonymization. + Warning: modifies your queries to include a copy of your network address when forwarding them to a selection of companies and organizations. @@ -73,6 +75,8 @@ Blocks access to all adult, pornographic and explicit sites. It does not block proxy or VPNs, nor mixed-content sites. Sites like Reddit are allowed. Google and Bing are set to the Safe Mode. +Warning: This server is incompatible with anonymization. + By https://cleanbrowsing.org/ sdns://AQMAAAAAAAAAEzE4NS4yMjguMTY4LjEwOjg0NDMgvKwy-tVDaRcfCDLWB1AnwyCM7vDo6Z-UGNx3YGXUjykRY2xlYW5icm93c2luZy5vcmc @@ -84,6 +88,8 @@ Blocks access to all adult, pornographic and explicit sites. It does not block proxy or VPNs, nor mixed-content sites. Sites like Reddit are allowed. Google and Bing are set to the Safe Mode. +Warning: This server is incompatible with anonymization. + By https://cleanbrowsing.org/ sdns://AQMAAAAAAAAAFVsyYTBkOjJhMDA6MTo6MV06ODQ0MyC8rDL61UNpFx8IMtYHUCfDIIzu8Ojpn5QY3HdgZdSPKRFjbGVhbmJyb3dzaW5nLm9yZw @@ -96,6 +102,8 @@ blocks proxy and VPN domains that are used to bypass the filters. Mixed content sites (like Reddit) are also blocked. Google, Bing and Youtube are set to the Safe Mode. +Warning: This server is incompatible with anonymization. + By https://cleanbrowsing.org/ sdns://AQMAAAAAAAAAFDE4NS4yMjguMTY4LjE2ODo4NDQzILysMvrVQ2kXHwgy1gdQJ8MgjO7w6OmflBjcd2Bl1I8pEWNsZWFuYnJvd3Npbmcub3Jn @@ -108,6 +116,8 @@ blocks proxy and VPN domains that are used to bypass the filters. Mixed content sites (like Reddit) are also blocked. Google, Bing and Youtube are set to the Safe Mode. +Warning: This server is incompatible with anonymization. + By https://cleanbrowsing.org/ sdns://AQMAAAAAAAAAFFsyYTBkOjJhMDA6MTo6XTo4NDQzILysMvrVQ2kXHwgy1gdQJ8MgjO7w6OmflBjcd2Bl1I8pEWNsZWFuYnJvd3Npbmcub3Jn @@ -319,7 +329,9 @@ Family safety focused blocklist for over 2 million adult sites, as well as phish Free to use, paid for customizing blocking for more categories+sites and viewing usage at my.safesurfer.io. Logs taken for viewing usage, data never sold - https://safesurfer.io -sdns://AQMAAAAAAAAADzEwNC4xNTUuMjM3LjIyNSAnIH_VEgToNntINABd-f_R0wu-KpwzY55u2_iu2R1A2CAyLmRuc2NyeXB0LWNlcnQuc2FmZXN1cmZlci5jby5ueg +Warning: this server is incompatible with DNS anonymization. + +sdns://AQIAAAAAAAAADzEwNC4xNTUuMjM3LjIyNSAnIH_VEgToNntINABd-f_R0wu-KpwzY55u2_iu2R1A2CAyLmRuc2NyeXB0LWNlcnQuc2FmZXN1cmZlci5jby5ueg ## sfw.scaleway-fr diff --git a/v3/parental-control.md.minisig b/v3/parental-control.md.minisig index bb641b83..03ef5030 100644 --- a/v3/parental-control.md.minisig +++ b/v3/parental-control.md.minisig @@ -1,4 +1,4 @@ untrusted comment: signature from minisign secret key -RWQf6LRCGA9i51iGNbkR9xLMXfI/x/+FkFAsq0M0wKSCAU04xi4N2SLaM7RV99CkBrCKkIpIYVg5rEjey92JxZ9K6s+Iq5klwgA= -trusted comment: timestamp:1655992743 file:parental-control.md -tcKpYQO8R3hna6PmTDER8yypCB85kEcuLbN8iGLvScexTaEhTDYorW0DLANu77JhzGErChGla3tnh36oULRECA== +RWQf6LRCGA9i57aC95XoecaIbQU3OVok0BI21BntugkAVBF0/yeJm8+L9qnpUSnN/hCka2IJE2wPMsjeUE6p+DmyFF9KCeE/agM= +trusted comment: timestamp:1656352364 file:parental-control.md +bGGrNRrUmf8+So/tbFbJB819Cczxb41yYFnBRdwojpwm+vKx86aaPo2255CIxhNMlKJzbPxMav74Yr4lU/4eCw== diff --git a/v3/parental-control.subset b/v3/parental-control.subset new file mode 100644 index 00000000..b70b1b74 --- /dev/null +++ b/v3/parental-control.subset @@ -0,0 +1,52 @@ +# parental-control + +A set of resolvers blocking popular websites that may not be appropriate +for children. + +This is not bulletproof. In particular, websites in languages that are +not English will require additional, local rules. + +To use that list, add this to the `[sources]` section of your +`dnscrypt-proxy.toml` configuration file: + + [sources.'parental-control'] + urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/parental-control.md', 'https://download.dnscrypt.info/resolvers-list/v3/parental-control.md'] + minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3' + cache_file = 'parental-control.md' + +In order to enforce safe search results from Google and Youtube, you may +also want to enable cloaking (`cloaking_rules` in the configuration file). + +-- + +adguard-dns-family +adguard-dns-family-doh +adguard-dns-family-ipv6 +cisco-familyshield +cisco-familyshield-ipv6 +cleanbrowsing-adult +cleanbrowsing-adult-ipv6 +cleanbrowsing-family +cleanbrowsing-family-ipv6 +cloudflare-family +cloudflare-family-ipv6 +dnsforfamily +dnsforfamily-doh +dnsforfamily-doh-no-safe-search +dnsforfamily-no-safe-search +dnsforfamily-v6 +dnswarden-asia-adultfilter-dcv4 +dnswarden-asia-adultfilter-dcv6 +dnswarden-asia-adultfilter-doh +dnswarden-eu-adultfilter-dcv4 +dnswarden-eu-adultfilter-dcv6 +dnswarden-eu-adultfilter-doh +dnswarden-us-adultfilter-dcv4 +dnswarden-us-adultfilter-dcv6 +dnswarden-us-adultfilter-doh +doh-cleanbrowsing-adult +doh-cleanbrowsing-family +puredns-family-doh +puredns-family-doh-ipv6 +safesurfer +sfw.scaleway-fr