├── hooks └── post_checkout ├── bind ├── acl.blockednets ├── acl.sponsornets ├── db.0 ├── db.255 ├── db.127 ├── db.local ├── db.empty ├── named.conf ├── named.conf.default-zones ├── named.conf.options.template ├── zones.rfc1918 ├── db.root └── named.logging ├── .gitmodules ├── LICENSE ├── .github └── workflows │ ├── pull-request.yml │ ├── release-tag.yml │ └── on-demand.yml ├── Dockerfile ├── README.md ├── entrypoint.sh └── healthcheck.sh /hooks/post_checkout: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | git submodule update --init 4 | -------------------------------------------------------------------------------- /bind/acl.blockednets: -------------------------------------------------------------------------------- 1 | # 2 | # Networks who's requests will be dropped 3 | # 4 | 5 | acl blockednets { 6 | 7 | }; 8 | -------------------------------------------------------------------------------- /.gitmodules: -------------------------------------------------------------------------------- 1 | [submodule "dns-config-watchdog"] 2 | path = dns-config-watchdog 3 | url = https://github.com/Al-Azif/dns-config-watchdog 4 | -------------------------------------------------------------------------------- /bind/acl.sponsornets: -------------------------------------------------------------------------------- 1 | # 2 | # Networks who are allowed recursion 3 | # 4 | 5 | acl sponsornets { 6 | 127.0.0.0/8; 7 | 10.0.0.0/8; 8 | 172.16.0.0/12; 9 | 192.168.0.0/16; 10 | fd00::/8; 11 | }; 12 | -------------------------------------------------------------------------------- /bind/db.0: -------------------------------------------------------------------------------- 1 | ; 2 | ; BIND reverse data file for broadcast zone 3 | ; 4 | $TTL 604800 5 | @ IN SOA localhost. root.localhost. ( 6 | 1 ; Serial 7 | 604800 ; Refresh 8 | 86400 ; Retry 9 | 2419200 ; Expire 10 | 604800 ) ; Negative Cache TTL 11 | ; 12 | @ IN NS localhost. 13 | -------------------------------------------------------------------------------- /bind/db.255: -------------------------------------------------------------------------------- 1 | ; 2 | ; BIND reverse data file for broadcast zone 3 | ; 4 | $TTL 604800 5 | @ IN SOA localhost. root.localhost. ( 6 | 1 ; Serial 7 | 604800 ; Refresh 8 | 86400 ; Retry 9 | 2419200 ; Expire 10 | 604800 ) ; Negative Cache TTL 11 | ; 12 | @ IN NS localhost. 13 | -------------------------------------------------------------------------------- /bind/db.127: -------------------------------------------------------------------------------- 1 | ; 2 | ; BIND reverse data file for local loopback interface 3 | ; 4 | $TTL 604800 5 | @ IN SOA localhost. root.localhost. ( 6 | 1 ; Serial 7 | 604800 ; Refresh 8 | 86400 ; Retry 9 | 2419200 ; Expire 10 | 604800 ) ; Negative Cache TTL 11 | ; 12 | @ IN NS localhost. 13 | 1.0.0 IN PTR localhost. 14 | -------------------------------------------------------------------------------- /bind/db.local: -------------------------------------------------------------------------------- 1 | ; 2 | ; BIND data file for local loopback interface 3 | ; 4 | $TTL 604800 5 | @ IN SOA localhost. root.localhost. ( 6 | 2 ; Serial 7 | 604800 ; Refresh 8 | 86400 ; Retry 9 | 2419200 ; Expire 10 | 604800 ) ; Negative Cache TTL 11 | ; 12 | @ IN NS localhost. 13 | @ IN A 127.0.0.1 14 | @ IN AAAA ::1 15 | -------------------------------------------------------------------------------- /bind/db.empty: -------------------------------------------------------------------------------- 1 | ; BIND reverse data file for empty rfc1918 zone 2 | ; 3 | ; DO NOT EDIT THIS FILE - it is used for multiple zones. 4 | ; Instead, copy it, edit named.conf, and use that copy. 5 | ; 6 | $TTL 86400 7 | @ IN SOA localhost. root.localhost. ( 8 | 1 ; Serial 9 | 604800 ; Refresh 10 | 86400 ; Retry 11 | 2419200 ; Expire 12 | 86400 ) ; Negative Cache TTL 13 | ; 14 | @ IN NS localhost. 15 | -------------------------------------------------------------------------------- /bind/named.conf: -------------------------------------------------------------------------------- 1 | // This is the primary configuration file for the BIND DNS server named. 2 | // 3 | // Please read /usr/share/doc/bind9/README.Debian.gz for information on the 4 | // structure of BIND configuration files in Debian, *BEFORE* you customize 5 | // this configuration file. 6 | // 7 | // If you are just adding zones, please do that in /etc/bind/named.conf.local 8 | 9 | include "/etc/bind/named.conf.options"; 10 | include "/etc/bind/named.conf.local"; 11 | include "/etc/bind/named.conf.default-zones"; 12 | //include "/etc/bind/named.logging"; 13 | -------------------------------------------------------------------------------- /bind/named.conf.default-zones: -------------------------------------------------------------------------------- 1 | // prime the server with knowledge of the root servers 2 | zone "." { 3 | type hint; 4 | file "/etc/bind/db.root"; 5 | }; 6 | 7 | // be authoritative for the localhost forward and reverse zones, and for 8 | // broadcast zones as per RFC 1912 9 | 10 | zone "localhost" { 11 | type master; 12 | file "/etc/bind/db.local"; 13 | }; 14 | 15 | zone "127.in-addr.arpa" { 16 | type master; 17 | file "/etc/bind/db.127"; 18 | }; 19 | 20 | zone "0.in-addr.arpa" { 21 | type master; 22 | file "/etc/bind/db.0"; 23 | }; 24 | 25 | zone "255.in-addr.arpa" { 26 | type master; 27 | file "/etc/bind/db.255"; 28 | }; 29 | -------------------------------------------------------------------------------- /bind/named.conf.options.template: -------------------------------------------------------------------------------- 1 | include "/etc/bind/acl.blockednets"; 2 | include "/etc/bind/acl.sponsornets"; 3 | 4 | options { 5 | directory "/var/cache/bind"; 6 | 7 | allow-query { any; }; 8 | allow-query-cache { sponsornets; }; 9 | 10 | recursion yes; 11 | allow-recursion { sponsornets; }; 12 | 13 | blackhole { blockednets; }; 14 | allow-transfer { none; }; 15 | 16 | //listen-on-v4 port 53 { any; }; 17 | //listen-on-v6 port 53 { any; }; 18 | 19 | auth-nxdomain no; # conform to RFC1035 20 | dnssec-validation auto; 21 | 22 | forwarders { 23 | 1.1.1.1; 24 | 1.0.0.1; 25 | 2606:4700:4700::1111; 26 | 2606:4700:4700::1001; 27 | }; 28 | forward only; 29 | }; 30 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2020-2024 Al Azif, https://github.com/Al-Azif/exploit-host-dns 2 | 3 | Permission is hereby granted, free of charge, to any person obtaining 4 | a copy of this software and associated documentation files (the 5 | "Software"), to deal in the Software without restriction, including 6 | without limitation the rights to use, copy, modify, merge, publish, 7 | distribute, sublicense, and/or sell copies of the Software, and to 8 | permit persons to whom the Software is furnished to do so, subject to 9 | the following conditions: 10 | 11 | The above copyright notice and this permission notice shall be 12 | included in all copies or substantial portions of the Software. 13 | 14 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 15 | EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 16 | MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 17 | NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE 18 | LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 19 | OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION 20 | WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 21 | -------------------------------------------------------------------------------- /.github/workflows/pull-request.yml: -------------------------------------------------------------------------------- 1 | name: pull-request 2 | 3 | on: 4 | pull_request: 5 | 6 | jobs: 7 | static-analysis: 8 | name: Static Analysis 9 | runs-on: ubuntu-latest 10 | steps: 11 | - 12 | name: Checkout 13 | uses: actions/checkout@v4.2.2 14 | - 15 | name: Run ShellCheck 16 | uses: ludeeus/action-shellcheck@2.0.0 17 | - 18 | name: Run Hadolint 19 | uses: hadolint/hadolint-action@v3.1.0 20 | with: 21 | dockerfile: Dockerfile 22 | docker: 23 | name: Docker Build 24 | needs: static-analysis 25 | runs-on: ubuntu-latest 26 | steps: 27 | - 28 | name: Checkout 29 | uses: actions/checkout@v4.2.2 30 | with: 31 | submodules: recursive 32 | - 33 | name: Set up QEMU 34 | uses: docker/setup-qemu-action@v3.2.0 35 | - 36 | name: Set up Docker Buildx 37 | uses: docker/setup-buildx-action@v3.8.0 38 | - 39 | name: Build 40 | uses: docker/build-push-action@v6.10.0 41 | with: 42 | context: . 43 | platforms: linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64,linux/ppc64le,linux/s390x 44 | push: false 45 | -------------------------------------------------------------------------------- /bind/zones.rfc1918: -------------------------------------------------------------------------------- 1 | zone "10.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; 2 | 3 | zone "16.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; 4 | zone "17.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; 5 | zone "18.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; 6 | zone "19.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; 7 | zone "20.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; 8 | zone "21.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; 9 | zone "22.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; 10 | zone "23.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; 11 | zone "24.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; 12 | zone "25.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; 13 | zone "26.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; 14 | zone "27.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; 15 | zone "28.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; 16 | zone "29.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; 17 | zone "30.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; 18 | zone "31.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; 19 | 20 | zone "168.192.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; 21 | -------------------------------------------------------------------------------- /.github/workflows/release-tag.yml: -------------------------------------------------------------------------------- 1 | name: release-tag 2 | 3 | on: 4 | push: 5 | tags: 6 | - v*.*.* 7 | 8 | jobs: 9 | docker: 10 | name: Docker Build 11 | runs-on: ubuntu-latest 12 | steps: 13 | - 14 | name: Checkout 15 | uses: actions/checkout@v4.2.2 16 | with: 17 | submodules: recursive 18 | - 19 | name: Docker metadata 20 | id: meta 21 | uses: docker/metadata-action@v5.6.1 22 | with: 23 | images: alazif/exploit-host-dns 24 | tags: | 25 | type=semver,pattern={{version}} 26 | type=semver,pattern={{major}}.{{minor}} 27 | type=semver,pattern={{major}} 28 | - 29 | name: Set up QEMU 30 | uses: docker/setup-qemu-action@v3.2.0 31 | - 32 | name: Set up Docker Buildx 33 | uses: docker/setup-buildx-action@v3.8.0 34 | - 35 | name: Login to DockerHub 36 | uses: docker/login-action@v3.3.0 37 | with: 38 | username: ${{ secrets.DOCKERHUB_USERNAME }} 39 | password: ${{ secrets.DOCKERHUB_TOKEN }} 40 | - 41 | name: Build and push 42 | uses: docker/build-push-action@v6.10.0 43 | with: 44 | context: . 45 | platforms: linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64,linux/ppc64le,linux/s390x 46 | push: true 47 | tags: ${{ steps.meta.outputs.tags }} 48 | labels: ${{ steps.meta.outputs.labels }} 49 | - 50 | name: Update repo description 51 | uses: peter-evans/dockerhub-description@v4.0.0 52 | with: 53 | username: ${{ secrets.DOCKERHUB_USERNAME }} 54 | password: ${{ secrets.DOCKERHUB_TOKEN }} 55 | repository: alazif/exploit-host-dns 56 | -------------------------------------------------------------------------------- /.github/workflows/on-demand.yml: -------------------------------------------------------------------------------- 1 | name: on-demand 2 | 3 | on: 4 | workflow_dispatch: 5 | branches: 6 | - 'main' 7 | 8 | jobs: 9 | static-analysis: 10 | name: Static Analysis 11 | runs-on: ubuntu-latest 12 | steps: 13 | - 14 | name: Checkout 15 | uses: actions/checkout@v4.2.2 16 | - 17 | name: Run ShellCheck 18 | uses: ludeeus/action-shellcheck@2.0.0 19 | - 20 | name: Run Hadolint 21 | uses: hadolint/hadolint-action@v3.1.0 22 | with: 23 | dockerfile: Dockerfile 24 | docker: 25 | name: Docker Build 26 | needs: static-analysis 27 | runs-on: ubuntu-latest 28 | steps: 29 | - 30 | name: Checkout 31 | uses: actions/checkout@v4.2.2 32 | with: 33 | submodules: recursive 34 | - 35 | name: Set up QEMU 36 | uses: docker/setup-qemu-action@v3.2.0 37 | - 38 | name: Set up Docker Buildx 39 | uses: docker/setup-buildx-action@v3.8.0 40 | - 41 | name: Login to DockerHub 42 | uses: docker/login-action@v3.3.0 43 | with: 44 | username: ${{ secrets.DOCKERHUB_USERNAME }} 45 | password: ${{ secrets.DOCKERHUB_TOKEN }} 46 | - 47 | name: Build and push 48 | uses: docker/build-push-action@v6.10.0 49 | with: 50 | context: . 51 | platforms: linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64,linux/ppc64le,linux/s390x 52 | push: true 53 | tags: alazif/exploit-host-dns:latest 54 | - 55 | name: Update repo description 56 | uses: peter-evans/dockerhub-description@v4.0.0 57 | with: 58 | username: ${{ secrets.DOCKERHUB_USERNAME }} 59 | password: ${{ secrets.DOCKERHUB_TOKEN }} 60 | repository: alazif/exploit-host-dns 61 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM alpine:3.22.2 2 | 3 | RUN \ 4 | # Update and install system applications 5 | apk add --update --no-cache \ 6 | bind=9.20.16-r0 \ 7 | bind-tools=9.20.16-r0 \ 8 | libcap=2.76-r0 \ 9 | python3=3.12.12-r0 \ 10 | py3-pip=25.1.1-r0 \ 11 | shadow=4.17.3-r0 \ 12 | tini=0.19.0-r3 && \ 13 | # Setup cache directory 14 | mkdir -p \ 15 | /var/cache/bind \ 16 | /var/log/named && \ 17 | chmod -R 777 /var/cache/bind && \ 18 | # Allow named to use privileged ports without root 19 | setcap 'cap_net_bind_service=+ep' /usr/sbin/named && \ 20 | # Change named user's uid/gid 21 | groupmod -g 10001 named && \ 22 | usermod -u 10000 named 23 | 24 | # Copy LICENSE to container 25 | COPY LICENSE /LICENSE 26 | 27 | # Copy dns-config-watchdog to container 28 | COPY dns-config-watchdog/main.py /opt/dns-config-watchdog/ 29 | COPY dns-config-watchdog/zones.json /opt/dns-config-watchdog/ 30 | COPY dns-config-watchdog/requirements.txt /opt/dns-config-watchdog/ 31 | COPY dns-config-watchdog/LICENSE /opt/dns-config-watchdog/ 32 | 33 | # Install `requirements.txt` for dns-config-watchdog 34 | # hadolint ignore=SC1091 35 | RUN \ 36 | python3 -m venv /opt/dns-config-watchdog/.venv && \ 37 | . /opt/dns-config-watchdog/.venv/bin/activate && \ 38 | pip3 install --no-cache-dir --root-user-action=ignore -r /opt/dns-config-watchdog/requirements.txt 39 | 40 | # Copy BIND9 configs to container 41 | COPY bind /etc/bind/ 42 | 43 | # Copy entrypoint script to container 44 | COPY entrypoint.sh /entrypoint.sh 45 | 46 | # Copy HEALTHCHECK script to container 47 | COPY healthcheck.sh /healthcheck.sh 48 | 49 | # Set permissions on copied files 50 | SHELL ["/bin/ash", "-eo", "pipefail", "-c"] 51 | RUN \ 52 | chmod 644 \ 53 | /etc/bind/acl.blockednets \ 54 | /etc/bind/acl.sponsornets \ 55 | /etc/bind/db.0 \ 56 | /etc/bind/db.127 \ 57 | /etc/bind/db.255 \ 58 | /etc/bind/db.empty \ 59 | /etc/bind/db.local \ 60 | /etc/bind/db.root \ 61 | /etc/bind/named.conf \ 62 | /etc/bind/named.conf.default-zones \ 63 | /etc/bind/named.conf.options.template \ 64 | /etc/bind/named.logging \ 65 | /etc/bind/zones.rfc1918 && \ 66 | crontab -l | { cat; echo "0 0 * * * curl -o \"/etc/bind/db.root\" -z \"/etc/bind/db.root\" \"https://www.internic.net/domain/named.root\" && \$DNS_RESTART"; } | crontab - && \ 67 | chmod +x \ 68 | /entrypoint.sh \ 69 | /healthcheck.sh && \ 70 | chown -R named:named \ 71 | /etc/bind/ \ 72 | /var/cache/bind/ \ 73 | /var/log/named \ 74 | /var/run/named/ \ 75 | /opt/dns-config-watchdog/ 76 | 77 | # Expose UDP/TCP port 53 78 | EXPOSE 53/udp 53/tcp 79 | 80 | USER named 81 | 82 | # Start entrypoint script 83 | ENTRYPOINT ["/sbin/tini", "--", "/entrypoint.sh", "/usr/sbin/named"] 84 | 85 | # Add HEALTHCHECK directive 86 | HEALTHCHECK CMD [ "/healthcheck.sh" ] 87 | 88 | # Set default command for container 89 | CMD ["-g", "-c", "/etc/bind/named.conf"] 90 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Exploit Host DNS 2 | 3 | Purpose made DNS Docker file setup for hosting exploits for the web browser for Sony PlayStation devices and the Nintendo Wii/WiiU/Switch. 4 | 5 | ## Features 6 | 7 | ### Stand Alone 8 | 9 | - Blocks telemetry 10 | - Blocks system updates 11 | - Blocks PlayStation title updates 12 | - Blocks metadata domain, but raw PKG links resolve. Third party tools like OrbisPatches will function 13 | - Pass through for remainder of the internet 14 | - Obviously Sony/Nintendo domains will not resolve 15 | - Access control list for Blacklisting IPs completely and/or Whitelisting IPs for recursive queries 16 | 17 | ### With Exploit Host HTTP 18 | 19 | When used in conjunction with [Exploit Host HTTP](https://github.com/Al-Azif/exploit-host-http) the following additional features are added: 20 | 21 | - Enables internet speed tests 22 | - Enables serving custom system updates 23 | - Hijacks default browser landing pages 24 | 25 | ## Usage 26 | 27 | ### Command Line 28 | 29 | This command will always pull the latest image from Docker Hub, run on the main Docker bridge network, redirect hijacked domains to `192.0.2.2`, IPv6 is disabled (As it's not explicitly enabled), and it will restart if it's not running until you explicitly tell it to stop. 30 | 31 | `docker run -d --network bridge -p 53:53/tcp -p 53:53/udp -e REDIRECT_IPV4=192.0.2.2 --restart unless-stopped --pull always alazif/exploit-host-dns:latest` 32 | 33 | ### Composer 34 | 35 | This composer file will do the same as the command above. 36 | 37 | ```yml 38 | --- 39 | version: "3.8" 40 | 41 | services: 42 | exploit-host-dns: 43 | image: alazif/exploit-host-dns:latest 44 | network_mode: bridge 45 | ports: 46 | - 53:53/tcp 47 | - 53:53/udp 48 | environment: 49 | REDIRECT_IPV4: 192.0.2.2 50 | pull_policy: always 51 | restart: unless-stopped 52 | ``` 53 | 54 | Start the compose file by calling `docker compose up -d` from the same location as the composer file. 55 | 56 | ## Options (Environment Variables) 57 | 58 | | Option | Default | Type | Info | 59 | |:-------------------|:--------------|:--------|:-----------------------------| 60 | | DEBUG | `false` | boolean | Show debug output for `entrypoint.sh` in the Docker log. | 61 | | AUTOUPDATE_ZONES | `false` | boolean | Update the zone files automatically if `/opt/dns-config-watchdog/zones.json` is modified. | 62 | | SMART_WATCHER | `false` | boolean | How modifications to `/opt/dns-config-watchdog/zones.json` are checked. If `true` uses Python's Watchdog package. If `false` uses a looped shell command to watch for changes. Ignored if `AUTOUPDATE_ZONES` is `false`. | 63 | | LOGGING | `false` | boolean | Enable DNS logging. Logged to `/var/log/named/`. | 64 | | DNS_RESTART | `rndc reload` | string | The command issued within `/opt/dns-config-watchdog/main.py` to restart the DNS server after generating zone files. | 65 | | REDIRECT_IPV4 | none | string | Must have an IPv4, an IPv6, or both specified. This is the address which hijacked domains will be forwarded to. | 66 | | REDIRECT_IPV6 | none | string | Must have an IPv4, an IPv6, or both specified. This is the address which hijacked domains will be forwarded to. | 67 | 68 | ## TODO 69 | 70 | - [ ] Double check/separate IPv4 vs IPv6 support better. Don't assume IPv4 is supported if IPv6 is on, etc. 71 | - [ ] Test Nintendo Wii/WiiU/Switch support. 72 | - [ ] Add/Test Xbox support. 73 | -------------------------------------------------------------------------------- /bind/db.root: -------------------------------------------------------------------------------- 1 | ; This file holds the information on root name servers needed to 2 | ; initialize cache of Internet domain name servers 3 | ; (e.g. reference this file in the "cache . " 4 | ; configuration file of BIND domain name servers). 5 | ; 6 | ; This file is made available by InterNIC 7 | ; under anonymous FTP as 8 | ; file /domain/named.cache 9 | ; on server FTP.INTERNIC.NET 10 | ; -OR- RS.INTERNIC.NET 11 | ; 12 | ; last update: October 24, 2023 13 | ; related version of root zone: 2023102402 14 | ; 15 | ; FORMERLY NS.INTERNIC.NET 16 | ; 17 | . 3600000 NS A.ROOT-SERVERS.NET. 18 | A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4 19 | A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:ba3e::2:30 20 | ; 21 | ; FORMERLY NS1.ISI.EDU 22 | ; 23 | . 3600000 NS B.ROOT-SERVERS.NET. 24 | B.ROOT-SERVERS.NET. 3600000 A 199.9.14.201 25 | B.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:200::b 26 | ; 27 | ; FORMERLY C.PSI.NET 28 | ; 29 | . 3600000 NS C.ROOT-SERVERS.NET. 30 | C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12 31 | C.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2::c 32 | ; 33 | ; FORMERLY TERP.UMD.EDU 34 | ; 35 | . 3600000 NS D.ROOT-SERVERS.NET. 36 | D.ROOT-SERVERS.NET. 3600000 A 199.7.91.13 37 | D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2d::d 38 | ; 39 | ; FORMERLY NS.NASA.GOV 40 | ; 41 | . 3600000 NS E.ROOT-SERVERS.NET. 42 | E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10 43 | E.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:a8::e 44 | ; 45 | ; FORMERLY NS.ISC.ORG 46 | ; 47 | . 3600000 NS F.ROOT-SERVERS.NET. 48 | F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241 49 | F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2f::f 50 | ; 51 | ; FORMERLY NS.NIC.DDN.MIL 52 | ; 53 | . 3600000 NS G.ROOT-SERVERS.NET. 54 | G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4 55 | G.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:12::d0d 56 | ; 57 | ; FORMERLY AOS.ARL.ARMY.MIL 58 | ; 59 | . 3600000 NS H.ROOT-SERVERS.NET. 60 | H.ROOT-SERVERS.NET. 3600000 A 198.97.190.53 61 | H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::53 62 | ; 63 | ; FORMERLY NIC.NORDU.NET 64 | ; 65 | . 3600000 NS I.ROOT-SERVERS.NET. 66 | I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17 67 | I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fe::53 68 | ; 69 | ; OPERATED BY VERISIGN, INC. 70 | ; 71 | . 3600000 NS J.ROOT-SERVERS.NET. 72 | J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30 73 | J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:c27::2:30 74 | ; 75 | ; OPERATED BY RIPE NCC 76 | ; 77 | . 3600000 NS K.ROOT-SERVERS.NET. 78 | K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129 79 | K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fd::1 80 | ; 81 | ; OPERATED BY ICANN 82 | ; 83 | . 3600000 NS L.ROOT-SERVERS.NET. 84 | L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42 85 | L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:9f::42 86 | ; 87 | ; OPERATED BY WIDE 88 | ; 89 | . 3600000 NS M.ROOT-SERVERS.NET. 90 | M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33 91 | M.ROOT-SERVERS.NET. 3600000 AAAA 2001:dc3::35 92 | ; End of file 93 | -------------------------------------------------------------------------------- /bind/named.logging: -------------------------------------------------------------------------------- 1 | logging { 2 | channel default_file { 3 | file "/var/log/named/default.log" versions 3 size 5m; 4 | severity dynamic; 5 | print-severity yes; 6 | print-time yes; 7 | }; 8 | channel general_file { 9 | file "/var/log/named/general.log" versions 3 size 5m; 10 | severity dynamic; 11 | print-severity yes; 12 | print-time yes; 13 | }; 14 | channel database_file { 15 | file "/var/log/named/database.log" versions 3 size 5m; 16 | severity dynamic; 17 | print-severity yes; 18 | print-time yes; 19 | }; 20 | channel security_file { 21 | file "/var/log/named/security.log" versions 3 size 5m; 22 | severity dynamic; 23 | print-severity yes; 24 | print-time yes; 25 | }; 26 | channel config_file { 27 | file "/var/log/named/config.log" versions 3 size 5m; 28 | severity dynamic; 29 | print-severity yes; 30 | print-time yes; 31 | }; 32 | channel resolver_file { 33 | file "/var/log/named/resolver.log" versions 3 size 5m; 34 | severity dynamic; 35 | print-severity yes; 36 | print-time yes; 37 | }; 38 | channel xfer-in_file { 39 | file "/var/log/named/xfer-in.log" versions 3 size 5m; 40 | severity dynamic; 41 | print-severity yes; 42 | print-time yes; 43 | }; 44 | channel xfer-out_file { 45 | file "/var/log/named/xfer-out.log" versions 3 size 5m; 46 | severity dynamic; 47 | print-severity yes; 48 | print-time yes; 49 | }; 50 | channel notify_file { 51 | file "/var/log/named/notify.log" versions 3 size 5m; 52 | severity dynamic; 53 | print-severity yes; 54 | print-time yes; 55 | }; 56 | channel client_file { 57 | file "/var/log/named/client.log" versions 3 size 5m; 58 | severity dynamic; 59 | print-severity yes; 60 | print-time yes; 61 | }; 62 | channel unmatched_file { 63 | file "/var/log/named/unmatched.log" versions 3 size 5m; 64 | severity dynamic; 65 | print-severity yes; 66 | print-time yes; 67 | }; 68 | channel queries_file { 69 | file "/var/log/named/queries.log" versions 3 size 5m; 70 | severity dynamic; 71 | print-severity yes; 72 | print-time yes; 73 | }; 74 | channel network_file { 75 | file "/var/log/named/network.log" versions 3 size 5m; 76 | severity dynamic; 77 | print-severity yes; 78 | print-time yes; 79 | }; 80 | channel update_file { 81 | file "/var/log/named/update.log" versions 3 size 5m; 82 | severity dynamic; 83 | print-severity yes; 84 | print-time yes; 85 | }; 86 | channel dispatch_file { 87 | file "/var/log/named/dispatch.log" versions 3 size 5m; 88 | severity dynamic; 89 | print-severity yes; 90 | print-time yes; 91 | }; 92 | channel dnssec_file { 93 | file "/var/log/named/dnssec.log" versions 3 size 5m; 94 | severity dynamic; 95 | print-severity yes; 96 | print-time yes; 97 | }; 98 | channel lame-servers_file { 99 | file "/var/log/named/lame-servers.log" versions 3 size 5m; 100 | severity dynamic; 101 | print-severity yes; 102 | print-time yes; 103 | }; 104 | 105 | category default { default_file; }; 106 | category general { general_file; }; 107 | category database { database_file; }; 108 | category security { security_file; }; 109 | category config { config_file; }; 110 | category resolver { resolver_file; }; 111 | category xfer-in { xfer-in_file; }; 112 | category xfer-out { xfer-out_file; }; 113 | category notify { notify_file; }; 114 | category client { client_file; }; 115 | category unmatched { unmatched_file; }; 116 | category queries { queries_file; }; 117 | category network { network_file; }; 118 | category update { update_file; }; 119 | category dispatch { dispatch_file; }; 120 | category dnssec { dnssec_file; }; 121 | category lame-servers { lame-servers_file; }; 122 | }; 123 | -------------------------------------------------------------------------------- /entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/bin/ash 2 | # shellcheck shell=dash 3 | set -e 4 | 5 | # Input defaults and text to lower case 6 | DEBUG=${DEBUG:-"false"} && DEBUG=$(echo "$DEBUG" | tr "[:upper:]" "[:lower:]") 7 | AUTOUPDATE_ZONES=${AUTOUPDATE_ZONES:-"false"} && AUTOUPDATE_ZONES=$(echo "$AUTOUPDATE_ZONES" | tr "[:upper:]" "[:lower:]") 8 | SMART_WATCHER=${SMART_WATCHER:-"false"} && SMART_WATCHER=$(echo "$SMART_WATCHER" | tr "[:upper:]" "[:lower:]") 9 | LOGGING=${LOGGING:-"false"} && LOGGING=$(echo "$LOGGING" | tr "[:upper:]" "[:lower:]") 10 | export DNS_RESTART=${DNS_RESTART:-"rndc reload"} 11 | 12 | # Input validation 13 | if [ "$DEBUG" != "true" ] && [ "$DEBUG" != "false" ]; then 14 | echo "[!] Invalid option for DEBUG, expected \"true\" or \"false\"" 15 | exit 1 16 | fi 17 | 18 | if [ "$AUTOUPDATE_ZONES" != "true" ] && [ "$AUTOUPDATE_ZONES" != "false" ]; then 19 | echo "[!] Invalid option for AUTOUPDATE_ZONES, expected \"true\" or \"false\"" 20 | exit 1 21 | fi 22 | 23 | if [ "$SMART_WATCHER" != "true" ] && [ "$SMART_WATCHER" != "false" ]; then 24 | echo "[!] Invalid option for SMART_WATCHER, expected \"true\" or \"false\"" 25 | exit 1 26 | fi 27 | 28 | if [ -z "$REDIRECT_IPV4" ] && [ -z "$REDIRECT_IPV6" ]; then 29 | echo "[!] Either REDIRECT_IPV4 or REDIRECT_IPV6 must be set" 30 | exit 1 31 | fi 32 | 33 | if [ -n "$REDIRECT_IPV4" ]; then 34 | if ! echo "$REDIRECT_IPV4" | grep -E "^(\d|[1-9]\d|1\d\d|2[0-4]\d|25[0-5])\.(\d|[1-9]\d|1\d\d|2[0-4]\d|25[0-5])\.(\d|[1-9]\d|1\d\d|2[0-4]\d|25[0-5])\.(\d|[1-9]\d|1\d\d|2[0-4]\d|25[0-5])$" > /dev/null 2>&1; then 35 | echo "[!] Invalid IPv4 address for REDIRECT_IPV4 option" 36 | exit 1 37 | fi 38 | fi 39 | 40 | if [ -n "$REDIRECT_IPV6" ]; then 41 | if ! echo "$REDIRECT_IPV6" | grep -E "^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$" > /dev/null 2>&1; then 42 | echo "[!] Invalid IPv6 address for REDIRECT_IPV6 option" 43 | exit 1 44 | fi 45 | fi 46 | 47 | if [ "$LOGGING" != "true" ] && [ "$LOGGING" != "false" ]; then 48 | echo "[!] Invalid option for LOGGING, expected \"true\" or \"false\"" 49 | exit 1 50 | fi 51 | 52 | if [ "$DEBUG" = "true" ]; then 53 | echo "=== DEBUG =====================================================" 54 | echo "AUTOUPDATE_ZONES » $AUTOUPDATE_ZONES" 55 | echo "SMART_WATCHER » $SMART_WATCHER" 56 | echo "DNS_RESTART » $DNS_RESTART" 57 | if [ -n "$REDIRECT_IPV4" ]; then 58 | echo "REDIRECT_IPV4 » $REDIRECT_IPV4" 59 | fi 60 | if [ -n "$REDIRECT_IPV6" ]; then 61 | echo "REDIRECT_IPV6 » $REDIRECT_IPV6" 62 | fi 63 | echo "LOGGING » $LOGGING" 64 | echo "===============================================================" 65 | fi 66 | 67 | echo "[-] Configuring settings..." 68 | 69 | # Delete existing named.conf.options and replace with the template 70 | rm -f /etc/bind/named.conf.options 2> /dev/null || true 71 | cp -f /etc/bind/named.conf.options.template /etc/bind/named.conf.options 72 | 73 | # TODO: Is there a similar way to detect if an IPv4 interface is available like IPv6 below? 74 | # Bind to IPv4 interface if it's available 75 | if [ -n "$REDIRECT_IPV4" ]; then 76 | echo "[-] IPv4 interface detected, enabling IPv4..." 77 | sed -i "s/\/\/listen-on-v4/listen-on/g" "/etc/bind/named.conf.options" 78 | fi 79 | 80 | # Bind to IPv6 interface if it's available 81 | if [ -n "$REDIRECT_IPV6" ] && [ "$(ip -6 addr)" != "" ]; then 82 | echo "[-] IPv6 interface detected, enabling IPv6..." 83 | sed -i "s/\/\/listen-on-v6/listen-on-v6/g" "/etc/bind/named.conf.options" 84 | fi 85 | 86 | # Toggle Logging 87 | if [ "$LOGGING" = "true" ]; then 88 | echo "[-] Enabling logging..." 89 | sed -i "s/\/\/include/include/g" "/etc/bind/named.conf" 90 | fi 91 | 92 | # Grab latest `db.root` on startup 93 | echo "[-] Downloading latest \"db.root\" file..." 94 | curl -o "/etc/bind/db.root" -z "/etc/bind/db.root" -s "https://www.internic.net/domain/named.root" || true 95 | 96 | # Activate Python virtual environment 97 | echo "[-] Activating Python virtual environment..." 98 | # shellcheck source=/dev/null 99 | . /opt/dns-config-watchdog/.venv/bin/activate 100 | 101 | # Generate zone files 102 | echo "[-] Generating zone files..." 103 | python3 /opt/dns-config-watchdog/main.py --skip-refresh 104 | 105 | if [ "$AUTOUPDATE_ZONES" = "true" ]; then 106 | if [ "$SMART_WATCHER" = "true" ]; then 107 | # Run watchdog on zones.json in background... if not on a Windows host 108 | python3 /opt/dns-config-watchdog/main.py --watchdog & 109 | elif [ "$SMART_WATCHER" = "false" ]; then 110 | # http://blog.subjectify.us/miscellaneous/2017/04/24/docker-for-windows-watch-bindings.html 111 | # Check the file modified date every 5 seconds 112 | sh -c 'LTIME=$(stat -c %Z /opt/dns-config-watchdog/zones.json); while true; do ATIME=$(stat -c %Z /opt/dns-config-watchdog/zones.json); if [ "$ATIME" != "$LTIME" ]; then . /opt/dns-config-watchdog/.venv/bin/activate; python3 /opt/dns-config-watchdog/main.py; LTIME=$ATIME; fi; sleep 5; done' & 113 | fi 114 | fi 115 | 116 | # Start BIND 117 | echo "[-] Starting BIND..." 118 | exec "$@" 119 | -------------------------------------------------------------------------------- /healthcheck.sh: -------------------------------------------------------------------------------- 1 | #!/bin/ash 2 | # shellcheck shell=dash 3 | 4 | # We'll manually edit this file, otherwise any issue in the files used to 5 | # generate the zones file will likely be mirrored here and not be noticed. 6 | 7 | redirect_check() { 8 | if [ -n "$REDIRECT_IPV4" ] && [ "$(dig "$1" @127.0.0.1 A +short)" != "$REDIRECT_IPV4" ]; then 9 | echo "Failed redirect check IPv4: $1" 10 | exit 1 11 | fi 12 | if [ -n "$REDIRECT_IPV6" ] && [ "$(ip -6 addr)" != "" ] && [ "$(dig "$1" @::1 AAAA +short)" != "$REDIRECT_IPV6" ]; then 13 | echo "Failed redirect check IPv6: $1" 14 | exit 1 15 | fi 16 | } 17 | 18 | cname_check() { 19 | if [ -n "$REDIRECT_IPV4" ] && [ "$(dig "$1" @127.0.0.1 CNAME +short)" != "$2" ]; then 20 | echo "Failed CNAME check IPv4: $1" 21 | exit 1 22 | fi 23 | if [ -n "$REDIRECT_IPV6" ] && [ "$(ip -6 addr)" != "" ] && [ "$(dig "$1" @::1 CNAME +short)" != "$2" ]; then 24 | echo "Failed CNAME check IPv6: $1" 25 | exit 1 26 | fi 27 | } 28 | 29 | block_check() { 30 | if [ -n "$REDIRECT_IPV4" ] && [ "$(dig "$1" @127.0.0.1 A +short)" != "0.0.0.0" ]; then 31 | echo "Failed block check IPv4: $1" 32 | exit 1 33 | fi 34 | if [ -n "$REDIRECT_IPV6" ] && [ "$(ip -6 addr)" != "" ] && [ "$(dig "$1" @::1 AAAA +short)" != "::" ]; then 35 | echo "Failed block check IPv6: $1" 36 | exit 1 37 | fi 38 | } 39 | 40 | # Redirect Nintendo Landing Page Domains 41 | redirect_check "ctest.cdn.nintendo.net" 42 | redirect_check "conntest.nintendowifi.net" 43 | redirect_check "cfh.wapp.wii.com" 44 | 45 | # Redirect PlayStation Landing Page Domains 46 | redirect_check "www.playstation.com" 47 | redirect_check "manuals.playstation.net" 48 | redirect_check "oss.dl.playstation.net" 49 | redirect_check "status.playstation.com" 50 | 51 | # Redirect PlayStation Network Test Domains 52 | redirect_check "get.net.playstation.net" 53 | redirect_check "post.net.playstation.net" 54 | redirect_check "ena.net.playstation.net" 55 | 56 | # Redirect Generic PlayStation Update Domains 57 | redirect_check "update.net.playstation.net" 58 | 59 | # Redirect OSS Page for Proto Hijack 60 | redirect_check "oss.dl.playstation.net" 61 | 62 | # Redirect PS3 Update PUP CDN Domains 63 | redirect_check "djp01.ps3.update.playstation.net" 64 | redirect_check "dus01.ps3.update.playstation.net" 65 | redirect_check "deu01.ps3.update.playstation.net" 66 | redirect_check "dkr01.ps3.update.playstation.net" 67 | redirect_check "duk01.ps3.update.playstation.net" 68 | redirect_check "dmx01.ps3.update.playstation.net" 69 | redirect_check "dau01.ps3.update.playstation.net" 70 | redirect_check "dsa01.ps3.update.playstation.net" 71 | redirect_check "dtw01.ps3.update.playstation.net" 72 | redirect_check "dru01.ps3.update.playstation.net" 73 | redirect_check "dcn01.ps3.update.playstation.net" 74 | redirect_check "dhk01.ps3.update.playstation.net" 75 | redirect_check "dbr01.ps3.update.playstation.net" 76 | 77 | # Redirect PS4 Update PUP CDN Domains 78 | redirect_check "djp01.ps4.update.playstation.net" 79 | redirect_check "dus01.ps4.update.playstation.net" 80 | redirect_check "deu01.ps4.update.playstation.net" 81 | redirect_check "dkr01.ps4.update.playstation.net" 82 | redirect_check "duk01.ps4.update.playstation.net" 83 | redirect_check "dmx01.ps4.update.playstation.net" 84 | redirect_check "dau01.ps4.update.playstation.net" 85 | redirect_check "dsa01.ps4.update.playstation.net" 86 | redirect_check "dtw01.ps4.update.playstation.net" 87 | redirect_check "dru01.ps4.update.playstation.net" 88 | redirect_check "dcn01.ps4.update.playstation.net" 89 | redirect_check "dhk01.ps4.update.playstation.net" 90 | redirect_check "dbr01.ps4.update.playstation.net" 91 | 92 | # Redirect PS5 Update PUP CDN Domains 93 | redirect_check "djp01.ps5.update.playstation.net" 94 | redirect_check "dus01.ps5.update.playstation.net" 95 | redirect_check "deu01.ps5.update.playstation.net" 96 | redirect_check "dkr01.ps5.update.playstation.net" 97 | redirect_check "duk01.ps5.update.playstation.net" 98 | redirect_check "dmx01.ps5.update.playstation.net" 99 | redirect_check "dau01.ps5.update.playstation.net" 100 | redirect_check "dsa01.ps5.update.playstation.net" 101 | redirect_check "dtw01.ps5.update.playstation.net" 102 | redirect_check "dru01.ps5.update.playstation.net" 103 | redirect_check "dcn01.ps5.update.playstation.net" 104 | redirect_check "dhk01.ps5.update.playstation.net" 105 | redirect_check "dbr01.ps5.update.playstation.net" 106 | 107 | # Redirect PS Vita Update PUP CDN Domains 108 | redirect_check "djp01.psp2.update.playstation.net" 109 | redirect_check "dus01.psp2.update.playstation.net" 110 | redirect_check "deu01.psp2.update.playstation.net" 111 | redirect_check "dkr01.psp2.update.playstation.net" 112 | redirect_check "duk01.psp2.update.playstation.net" 113 | redirect_check "dmx01.psp2.update.playstation.net" 114 | redirect_check "dau01.psp2.update.playstation.net" 115 | redirect_check "dsa01.psp2.update.playstation.net" 116 | redirect_check "dtw01.psp2.update.playstation.net" 117 | redirect_check "dru01.psp2.update.playstation.net" 118 | redirect_check "dcn01.psp2.update.playstation.net" 119 | redirect_check "dhk01.psp2.update.playstation.net" 120 | redirect_check "dbr01.psp2.update.playstation.net" 121 | 122 | # Redirect PS3 Update List Domains 123 | redirect_check "fjp01.ps3.update.playstation.net" 124 | redirect_check "fus01.ps3.update.playstation.net" 125 | redirect_check "feu01.ps3.update.playstation.net" 126 | redirect_check "fkr01.ps3.update.playstation.net" 127 | redirect_check "fuk01.ps3.update.playstation.net" 128 | redirect_check "fmx01.ps3.update.playstation.net" 129 | redirect_check "fau01.ps3.update.playstation.net" 130 | redirect_check "fsa01.ps3.update.playstation.net" 131 | redirect_check "ftw01.ps3.update.playstation.net" 132 | redirect_check "fru01.ps3.update.playstation.net" 133 | redirect_check "fcn01.ps3.update.playstation.net" 134 | redirect_check "fhk01.ps3.update.playstation.net" 135 | redirect_check "fbr01.ps3.update.playstation.net" 136 | 137 | # Redirect PS4 Update List Domains 138 | redirect_check "fjp01.ps4.update.playstation.net" 139 | redirect_check "fus01.ps4.update.playstation.net" 140 | redirect_check "feu01.ps4.update.playstation.net" 141 | redirect_check "fkr01.ps4.update.playstation.net" 142 | redirect_check "fuk01.ps4.update.playstation.net" 143 | redirect_check "fmx01.ps4.update.playstation.net" 144 | redirect_check "fau01.ps4.update.playstation.net" 145 | redirect_check "fsa01.ps4.update.playstation.net" 146 | redirect_check "ftw01.ps4.update.playstation.net" 147 | redirect_check "fru01.ps4.update.playstation.net" 148 | redirect_check "fcn01.ps4.update.playstation.net" 149 | redirect_check "fhk01.ps4.update.playstation.net" 150 | redirect_check "fbr01.ps4.update.playstation.net" 151 | 152 | # Redirect PS5 Update List Domains 153 | redirect_check "fjp01.ps5.update.playstation.net" 154 | redirect_check "fus01.ps5.update.playstation.net" 155 | redirect_check "feu01.ps5.update.playstation.net" 156 | redirect_check "fkr01.ps5.update.playstation.net" 157 | redirect_check "fuk01.ps5.update.playstation.net" 158 | redirect_check "fmx01.ps5.update.playstation.net" 159 | redirect_check "fau01.ps5.update.playstation.net" 160 | redirect_check "fsa01.ps5.update.playstation.net" 161 | redirect_check "ftw01.ps5.update.playstation.net" 162 | redirect_check "fru01.ps5.update.playstation.net" 163 | redirect_check "fcn01.ps5.update.playstation.net" 164 | redirect_check "fhk01.ps5.update.playstation.net" 165 | redirect_check "fbr01.ps5.update.playstation.net" 166 | 167 | # Redirect PS Vita Update List Domains 168 | redirect_check "fjp01.psp2.update.playstation.net" 169 | redirect_check "fus01.psp2.update.playstation.net" 170 | redirect_check "feu01.psp2.update.playstation.net" 171 | redirect_check "fkr01.psp2.update.playstation.net" 172 | redirect_check "fuk01.psp2.update.playstation.net" 173 | redirect_check "fmx01.psp2.update.playstation.net" 174 | redirect_check "fau01.psp2.update.playstation.net" 175 | redirect_check "fsa01.psp2.update.playstation.net" 176 | redirect_check "ftw01.psp2.update.playstation.net" 177 | redirect_check "fru01.psp2.update.playstation.net" 178 | redirect_check "fcn01.psp2.update.playstation.net" 179 | redirect_check "fhk01.psp2.update.playstation.net" 180 | redirect_check "fbr01.psp2.update.playstation.net" 181 | 182 | # Redirect PS4 Update Feature Domains 183 | redirect_check "hjp01.ps4.update.playstation.net" 184 | redirect_check "hus01.ps4.update.playstation.net" 185 | redirect_check "heu01.ps4.update.playstation.net" 186 | redirect_check "hkr01.ps4.update.playstation.net" 187 | redirect_check "huk01.ps4.update.playstation.net" 188 | redirect_check "hmx01.ps4.update.playstation.net" 189 | redirect_check "hau01.ps4.update.playstation.net" 190 | redirect_check "hsa01.ps4.update.playstation.net" 191 | redirect_check "htw01.ps4.update.playstation.net" 192 | redirect_check "hru01.ps4.update.playstation.net" 193 | redirect_check "hcn01.ps4.update.playstation.net" 194 | redirect_check "hhk01.ps4.update.playstation.net" 195 | redirect_check "hbr01.ps4.update.playstation.net" 196 | 197 | # Redirect PS5 Update Feature Domains 198 | redirect_check "hjp01.ps5.update.playstation.net" 199 | redirect_check "hus01.ps5.update.playstation.net" 200 | redirect_check "heu01.ps5.update.playstation.net" 201 | redirect_check "hkr01.ps5.update.playstation.net" 202 | redirect_check "huk01.ps5.update.playstation.net" 203 | redirect_check "hmx01.ps5.update.playstation.net" 204 | redirect_check "hau01.ps5.update.playstation.net" 205 | redirect_check "hsa01.ps5.update.playstation.net" 206 | redirect_check "htw01.ps5.update.playstation.net" 207 | redirect_check "hru01.ps5.update.playstation.net" 208 | redirect_check "hcn01.ps5.update.playstation.net" 209 | redirect_check "hhk01.ps5.update.playstation.net" 210 | redirect_check "hbr01.ps5.update.playstation.net" 211 | 212 | # Patch PKG Domains 213 | cname_check "b0.ww.np.dl.playstation.net" "b0.ww.np.dl.playstation.net.edgesuite.net." 214 | cname_check "gs.ww.np.dl.playstation.net" "gs.ww.np.dl.playstation.net.edgesuite.net." 215 | cname_check "gs2.ww.prod.dl.playstation.net" "gs2.ww.prod.dl.playstation.net.edgesuite.net." 216 | cname_check "gst.prod.dl.playstation.net" "gst.prod.dl.playstation.net.edgesuite.net." 217 | 218 | # Blocked Domains 219 | block_check "nintendo.net" 220 | block_check "nintendowifi.net" 221 | block_check "wii.com" 222 | block_check "playstation.com" 223 | block_check "playstation.net" 224 | 225 | block_check "wildcard.nintendo.net" 226 | block_check "wildcard.nintendowifi.net" 227 | block_check "wildcard.wii.com" 228 | block_check "wildcard.playstation.com" 229 | block_check "wildcard.playstation.net" 230 | 231 | block_check "nintendo-europe.com" 232 | block_check "nintendo.at" 233 | block_check "nintendo.be" 234 | block_check "nintendo.ch" 235 | block_check "nintendo.co.jp" 236 | block_check "nintendo.co.kr" 237 | block_check "nintendo.co.nz" 238 | block_check "nintendo.co.uk" 239 | block_check "nintendo.co.za" 240 | block_check "nintendo.com" 241 | block_check "nintendo.com.au" 242 | block_check "nintendo.com.hk" 243 | block_check "nintendo.cz" 244 | block_check "nintendo.de" 245 | block_check "nintendo.dk" 246 | block_check "nintendo.es" 247 | block_check "nintendo.eu" 248 | block_check "nintendo.fi" 249 | block_check "nintendo.fr" 250 | block_check "nintendo.gr" 251 | block_check "nintendo.hu" 252 | block_check "nintendo.it" 253 | block_check "nintendo.jp" 254 | block_check "nintendo.nl" 255 | block_check "nintendo.no" 256 | block_check "nintendo.pt" 257 | block_check "nintendo.ru" 258 | block_check "nintendo.se" 259 | block_check "nintendo.tw" 260 | block_check "nintendoswitch.cn" 261 | block_check "nintendoswitch.com" 262 | block_check "nintendoswitch.com.cn" 263 | block_check "nintendoservicecentre.co.uk" 264 | 265 | block_check "playstation.org" 266 | block_check "scea.com" 267 | block_check "sonyentertainmentnetwork.com" 268 | block_check "sie-rd.com" 269 | 270 | block_check "wildcard.nintendo-europe.com" 271 | block_check "wildcard.nintendo.at" 272 | block_check "wildcard.nintendo.be" 273 | block_check "wildcard.nintendo.ch" 274 | block_check "wildcard.nintendo.co.jp" 275 | block_check "wildcard.nintendo.co.kr" 276 | block_check "wildcard.nintendo.co.nz" 277 | block_check "wildcard.nintendo.co.uk" 278 | block_check "wildcard.nintendo.co.za" 279 | block_check "wildcard.nintendo.com" 280 | block_check "wildcard.nintendo.com.au" 281 | block_check "wildcard.nintendo.com.hk" 282 | block_check "wildcard.nintendo.cz" 283 | block_check "wildcard.nintendo.de" 284 | block_check "wildcard.nintendo.dk" 285 | block_check "wildcard.nintendo.es" 286 | block_check "wildcard.nintendo.eu" 287 | block_check "wildcard.nintendo.fi" 288 | block_check "wildcard.nintendo.fr" 289 | block_check "wildcard.nintendo.gr" 290 | block_check "wildcard.nintendo.hu" 291 | block_check "wildcard.nintendo.it" 292 | block_check "wildcard.nintendo.jp" 293 | block_check "wildcard.nintendo.nl" 294 | block_check "wildcard.nintendo.no" 295 | block_check "wildcard.nintendo.pt" 296 | block_check "wildcard.nintendo.ru" 297 | block_check "wildcard.nintendo.se" 298 | block_check "wildcard.nintendo.tw" 299 | block_check "wildcard.nintendoswitch.cn" 300 | block_check "wildcard.nintendoswitch.com" 301 | block_check "wildcard.nintendoswitch.com.cn" 302 | block_check "wildcard.nintendoservicecentre.co.uk" 303 | 304 | block_check "wildcard.playstation.org" 305 | block_check "wildcard.scea.com" 306 | block_check "wildcard.sonyentertainmentnetwork.com" 307 | block_check "wildcard.sie-rd.com" 308 | 309 | exit 0 310 | --------------------------------------------------------------------------------