nixos/home/routing-common: Add DNS blocklist

2025-03-06 11:31:54 +00:00 · 2025-03-06 11:31:54 +00:00 · 2a8ced0fec
commit 2a8ced0fec
parent 36c7096120
2 changed files with 94 additions and 1 deletions
--- a/nixos/boxes/home/routing-common/dns-blocklist.txt
+++ b/nixos/boxes/home/routing-common/dns-blocklist.txt
@ -0,0 +1,74 @@
+# Blocklist for LG WebOS Services (US)
+ad.lgappstv.com
+ibis.lgappstv.com
+info.lgsmartad.com
+lgtvsdp.com
+ngfts.lge.com
+rdx2.lgtvsdp.com
+smartshare.lgtvsdp.com
+lgappstv.com
+us.ad.lgsmartad.com
+us.ibs.lgappstv.com
+us.info.lgsmartad.com
+us.lgtvsdp.com
+
+# Community Contributions
+lgad.cjpowercast.com
+edgesuite.net
+yumenetworks.com
+smartclip.net
+smartclip.com
+
+# Non-US Entries
+rdx2.lgtvsdp.com
+info.lgsmartad.com
+ibs.lgappstv.com
+lgtvsdp.com
+lgappstv.com
+smartshare.lgtvsdp.com
+
+# Full Block for Europe and Other Regions
+de.ad.lgsmartad.com
+de.emp.lgsmartplatform.com
+de.ibs.lgappstv.com
+de.info.lgsmartad.com
+de.lgeapi.com
+de.lgtvsdp.com
+de.rdx2.lgtvsdp.com
+eu.ad.lgsmartad.com
+eu.ibs.lgappstv.com
+eu.info.lgsmartad.com
+app-lgwebos.pluto.tv
+it.lgtvsdp.com
+it.lgeapi.com
+it.emp.lgsmartplatform.com
+
+# LG ThinQ Services
+eic.common.lgthinq.com
+eic.iotservice.lgthinq.com
+eic.service.lgthinq.com
+eic.ngfts.lge.com
+eic.svc-lgthinq-com.aws-thinq-prd.net
+eic.cdpsvc.lgtvcommon.com
+eic.cdpbeacon.lgtvcommon.com
+eic.cdplauncher.lgtvcommon.com
+eic.homeprv.lgtvcommon.com
+eic.lgtviot.com
+eic.nudge.lgtvcommon.com
+eic.rdl.lgtvcommon.com
+eic.recommend.lgtvcommon.com
+eic.service.lgtvcommon.com
+gb-lgeapi-com.esi-prd.net
+gb.lgeapi.com
+lgtvonline.lge.com
+lg-channelplus-de-beacons.xumo.com
+lg-channelplus-de-mds.xumo.com
+lg-channelplus-eu-beacons.xumo.com
+lg-channelplus-eu-mds.xumo.com
+kr-op-v2.lgthinqhome.com
+ngfts.lge.com
+noti.lgthinq.com
+objectcontent.lgthinq.com
+
+# Update Server Block
+#snu.lge.com
--- a/nixos/boxes/home/routing-common/dns.nix
+++ b/nixos/boxes/home/routing-common/dns.nix
@ -63,16 +63,35 @@ in
          webserver-allow-from = [ "127.0.0.1" "::1" ];

          lua-dns-script = pkgs.writeText "pdns-script.lua" ''
-            -- Disney+ doesn't like our IP space...
+            blocklist = newDS()
+
            function preresolve(dq)
              local name = dq.qname:toString()
+
+              -- Disney+ doesn't like our IP space...
              if dq.qtype == pdns.AAAA and (string.find(name, "disneyplus") or string.find(name, "disney-plus") or string.find(name , "disney.api")) then
                dq.rcode = 0
                return true
              end

+              if blocklist:check(dq.qname) then
+                if dq.qtype == pdns.A then
+                  dq:addAnswer(dq.qtype, "127.0.0.1")
+                elseif dq.qtype == pdns.AAAA then
+                  dq:addAnswer(dq.qtype, "::1")
+                end
+                return true
+              end
+
              return false
            end
+
+            for line in io.lines("${./dns-blocklist.txt}") do
+              entry = line:gsub("%s+", "")
+              if entry ~= "" and string.sub(entry, 1, 1) ~= "#" then
+                blocklist:add(entry)
+              end
+            end
          '';
        };
      };