try to block traffic from ad.doubleclick.net, but dns record hops.

Marc C Storck marc at storck.org
Sat Jun 23 16:29:21 UTC 2001


what doubleclick does is called DNS-based load-balancing!
you should reject every ip, or use squid and block the word ad, ads,
doubleclick etc

Marc

BTW: THIS IS NOT A BIND ISSUE!!! NEXT TIME CONTACT THE SQUID OR IP_FRWD (OR
WHATEVER)
DISCUSS-LISTS!

----- Original Message -----
From: <zz at rockstone.com>
To: <bind-users at isc.org>
Cc: <zz at rockstone.com>
Sent: Saturday, June 23, 2001 4:16 PM
Subject: try to block traffic from ad.doubleclick.net, but dns record hops.


>
> I wonder if anyone could provide share your idea, I have this
> issue:  I have a linux box as a gateway/firewall for internal LAN,
> I have noticed http browsing contains too much junk traffic to
> the advertisement servers such as 'ad.doubleclick.net', eg. when you
> browse www.cnn.com, or www.marketwatch.com, etc, you can notice
> such links from the webpage source.
> Because I am concerned over the rumors that they tend to snoop
> on user's pc or on users using java or cookies, to save network
> bandwidth, I am trying to establish rules with ipchains rules
> to reject traffic from those ad servers.
>
> Of course, first, I need to find out their ad server ip addresses,
> so I did this:  ping ad.doubleclick.net, I got:
>
> PING gd3.doubleclick.net (208.32.211.200) from 192.168.1.92 :
> 56(84) bytes of data.
> 64 bytes from 208.32.211.200: icmp_seq=0 ttl=243 time=84.309 msec
>
> Now I had found its ip address, so I added to the ipchains rule:
> ipchains -A input -s 208.32.211.200 -j REJECT
> ipchains -A output -d 208.32.211.200 -j REJECT
>
> but ads keeps coming, so I did again ping to ad.doubleclick.net,
> this time I got reply from a different ip,
> PING gd3.doubleclick.net (208.184.29.130) from 192.168.1.92 :
> 56(84) bytes of data.
> 64 bytes from 208.184.29.130.doubleclick.net (208.184.29.130):
> icmp_seq=0 ttl=11 5 time=87.732 msec
>
> Now I got different ip address for the same host name,
> and this seems repeat endless.
>
> Then I did nslookup every few minutes, and it resolves to all
> different ip addresses for the same host name ad.doubleclick.net:
>
> 208.184.29.70
> 204.253.104.45
> 208.184.29.110
> 206.65.183.110
> 204.253.104.95
> 204.253.104.30
> 208.184.29.50
> 209.67.38.106
> 208.184.29.70
> 206.65.183.80
> 209.67.38.106
> 209.67.38.102
> 204.253.104.45
> 204.253.104.30
> 208.32.211.200
> 208.184.29.130
> 206.65.183.155
> 208.184.29.50
> ....
> #nslookup ad.doubleclick.net
>
> ad.doubleclick.net      canonical name = gd3.doubleclick.net.
> Name:   gd3.doubleclick.net
> Address: 209.67.38.104
> Name:   gd22.doubleclick.net
> Address: 208.184.29.130
>
> > gd22.doubleclick.net
> Server:         127.0.0.1
> Address:        127.0.0.1#53
>
> I don't quite understand the mechanism which doubleclik have deployed
> to make their nslookup hopping or rotating, but are there anyway I
> can completely stop ad traffic from their ad servers to my LAN?
>
> thanks very much.
>
>



More information about the bind-users mailing list