'Blackholing' certain domains
/dev/rob0
rob0 at gmx.co.uk
Mon Mar 8 21:37:06 UTC 2004
On Monday 08 March 2004 14:29, Jason wrote:
> working great (Better than expected really :) ).
Yes, I'm a BIND newbie myself, and have been surprised at how much I
like BIND. :)
> Anyway, I want to block certain domains so my users can't get to
> certain services, specifically IM stuff.
>
> I was curious what the best way is to go about doing this. Obviously,
I think I posted about this a month or 2 ago.
> you need to create a zone file, but what should the contents of the
> zone file be?
First the config file. Here's one I have:
#v+
zone "gator.com" { type master; notify no; file "null.zone"; };
#v-
Repeat for all other zones you want to block. I save this one as
/etc/named.blacklist, which is brought in via an "include" statement.
It's good to keep this kind of thing modular IMO. I update this file on
the master, and the slave checks a TXT record hourly. If that's changed
from the previous hour it knows to go get the new blacklist.
> Anything I should put in the zone file to block it? Maybe leave it
> blank?
Here's the "null.zone" file:
#v+
; BIND db file for ad servers - point all addresses to internal IP
;
; Originally for use with the list of ad server hostnames at:
;
; http://pgl.yoyo.org/adservers/
;
; - pgl at yoyo.org
; (adapted by rob0 at gmx.co.uk)
$TTL 86400 ; one day
@ IN SOA ns.your.ns. hostmaster.your.ns. (
2004012000 ; serial number YYMMDDNN
28800 ; refresh 8 hours
7200 ; retry 2 hours
864000 ; expire 10 days
86400 ) ; min ttl 1 day
NS ns.your.ns.
A 192.168.64.1
* IN A 192.168.64.1
#v-
You'd of course have to change the details in there: IP address and NS
and SOA records. The yoyo guy had it pointing to localhost, but since
we use this to detect spyware I wanted to use an internal server's IP.
All the infected machines dutifully connect to 192.168.64.1 regularly.
--
mail to this address is discarded unless "/dev/rob0"
or "not-spam" is in Subject: header
More information about the bind-users
mailing list