Blocking adservers with BIND9.1.0

Isaac Grover ephesys at myexcel.com
Wed Jan 7 06:54:52 UTC 2004


Hi everyone,

After considering what I would gain with djbdns and my configuration, the end
wouldn't justify the means - just looks like more work.

Onto my situation:  using the adserver list at http://adservers.v3.net, I block
the outgoing requests for images to those adservers at my firewall/proxy and
redirect the traffic to a 404 page on my F/P.  Basically I make zone
declarations for those adservers and redirect them to my F/P.

An annoyance I've noticed is that requests to adservers explicitly listed in the
zone declarations result in "host not found" messages on client machines, but
requests to subdomains of those adservers will be correctly redirected to the
F/P and show the 404 page.  For example, a request to "ads.osdn.com" will show a
"host not found" message, but a request to "bogus.ads.osdn.com" will show the
correct 404 page.

The objective is to have requests to all adservers and subdomains of those
adservers be redirected to the 404 page on the F/P.

My config files are below.  (I have not included the complete adserver list for
courtesy.)  Am I missing an option somewhere, or is there a better way to be
doing this?

named.conf.internet:
options {
        directory "/var/named";
        allow-query { 192.168.100.0/24; 127.0.0.1; localhost; };
        listen-on { 192.168.100.1; 127.0.0.1; };
        forward first;
        forwarders { 209.244.0.3; 209.244.0.4; 205.171.3.65; 205.171.19.251; 199
.166.28.10; 199.166.31.3; 204.57.55.100; };
};

zone "." { type hint; file "root.hints"; };
zone "mynetwork" { type master; file "192.168.100.forward"; };
zone "100.168.192.in-addr.arpa" { type master; file "192.168.100.reverse"; };

# 11/17/03
zone "clustera.icq.com" { type master; notify no; file "null.zone.file"; };
zone "clustere.icq.com" { type master; notify no; file "null.zone.file"; };

# 11/25/03
zone "ads.servethis.com" { type master; notify no; file "null.zone.file"; };

192.168.100.forward:
$TTL 3D
@               IN      SOA     gibson.mynetwork. root.gibson.mynetwork. (
                                2003093002 ; year.month.day.sequence
                                8H      ; Refresh
                                2H      ; Retry
                                4W      ; Expire
                                1D)     ; Minimum TTL
        IN      MX      100     gibson
        IN      MX      150     popi.myexcel.com
                NS      gibson
localhost       IN      A       127.0.0.1
gibson  IN      A       192.168.100.1
flower  IN      A       192.168.100.105
milk    IN      A       192.168.100.106
adserver        IN      A       192.168.100.253  <-- where the 404 page is

192.168.100.reverse:
$TTL 3D
@               IN      SOA     gibson.mynetwork. root.gibson.mynetwork. (
                                2003093003 ; year.month.day.sequence
                                8H      ; Refresh
                                2H      ; Retry
                                4W      ; Expire
                                1D)     ; Minimum TTL
@       IN      NS      gibson.mynetwork.
1       IN      PTR     gibson.mynetwork.
105     IN      PTR     flower.mynetwork.
106     IN      PTR     milk.mynetwork.
253     IN      PTR     adserver.mynetwork.

null.zone.file:
$TTL    86400
@       IN      SOA     adserver. root.adserver.mynetwork. (
                        2003112602 ; year.month.day.sequence
                         604800 ; Refresh
                          86400 ; Retry
                        2419200 ; Expire
                         604800 ) ; Negative Cache TTL

        IN      NS      192.168.100.1
;       IN      MX      192.168.100.1
*       IN      A       192.168.100.253

Thanks,

Isaac

Are you losing $14,200.00 per year without your knowledge?
http://bigmoneyandfreetime.web1000.com


More information about the bind-users mailing list