filter

Description

The filter plugins enables blocking requests based on predefined lists and rules, creating a DNS sinkhole similar to Pi-Hole or AdGuard.

Features

Regex and simple string matching support.
Inspection of CNAME, SVCB and HTTPS records detects and blocks cloaking.
Block replies are fully cacheable by the cache plugin.

Syntax

filter {
    allow FILE
    block FILE
    uncloak
    ttl DURATION
}

allow load FILE to the whitelist.
block load FILE to the blacklist.
uncloak enables response uncloaking, disabled by default.
ttl sets TTL for blocked responses, default is 3600s.

Metrics

If monitoring is enabled (via the prometheus plugin) then the following metric are exported:

coredns_filter_blocked_requests_total{server} - count per server

Examples

.:53 {
    filter {
        allow /lists/allowlist.txt
        block /lists/denylist.txt
        uncloak
        ttl 600
    }
    forward . tls://1.1.1.1 tls://1.0.0.1 {
        tls_servername cloudflare-dns.com
    }
}

Name		Name	Last commit message	Last commit date
Latest commit History 447 Commits
.github		.github
testdata		testdata
.gitignore		.gitignore
.golangci.yml		.golangci.yml
LICENSE		LICENSE
README.md		README.md
filter.go		filter.go
filter_test.go		filter_test.go
go.mod		go.mod
go.sum		go.sum
metrics.go		metrics.go
pattern_matcher.go		pattern_matcher.go
response.go		response.go
rules.go		rules.go
setup.go		setup.go
setup_test.go		setup_test.go
source.go		source.go

License

milgradesec/filter

Folders and files

Latest commit

History

Repository files navigation

filter

Description

Features

Syntax

Metrics

Examples

About

Topics

Resources

License

Stars

Watchers

Forks

Languages