using bind for blacklist of domains
dhottinger at harrisonburg.k12.va.us
dhottinger at harrisonburg.k12.va.us
Tue Mar 24 21:29:33 UTC 2009
Quoting Doug McIntyre <merlyn at dork.geeks.org>:
> In comp.protocols.dns.bind you write:
>> Has anyone used their internal dns server for blacklisting? I would
>> like to specifically block access to domains that are spreading
>> malware. I was grepping around the internet and fell upon this
>> website http://www.malwaredomains.com/, but dont seem to be able to
>> get my internal name server to like any of the configs I push on it.
>> thanks for any advice that might be offered.
>
> It should be easy enough to take the list, parse it into config line
> items pointing to a single zone file that just maps * to 127.0.0.1 or
> something.
>
> Or you could just use OpenDNS?
>
> (Not that I use them, but thats one of the free features they support).
>
Sounds good and that is what I thought (except for OpenDNS), however I
created a zone file named blacklist.host and added an entry into my
named.conf file that said
zone "00.devoid.us" {
type master;
file "blockeddomains.host";
};
When I restart named I get the following error message in my message logs:
Mar 24 14:14:14.970 dns_master_load: blockeddomains.host:9: no current
owner name
Mar 24 14:14:14.971 zone 00.devoid.us/IN: loading master file
blockeddomains.host: no owner
I actually have 8 existing zones on this server and they each have a
root server listed in their zone files. Do I need to have a root
server in this one?
thanks,
ddh
--
Dwayne Hottinger
Network Administrator
Harrisonburg City Public Schools
"Everything should be made as simple as possible, but not simpler."
-- Albert Einstein
"The hottest places in Hell are reserved for those who, in times of moral
crisis, preserved their neutrality."
-- Dante
More information about the bind-users
mailing list