Using bind and ad blocking
Mark Andrews
marka at isc.org
Sat Jan 23 22:13:07 UTC 2016
In message <56A3E6C7.5020505 at schinagl.nl>, Olliver Schinagl writes:
> Hi list,
>
> recently I updated to bind-9.10 and noticed that an illegal setup was
> finally disallowed. Good things, but I (and others I'm sure) kind of
> miss-used this ability. With the change however, I am now looking for
> help on restoring similar behavior. Let me explain.
>
> As we all know, ads are everywhere and can be quite troublesome. Because
> of this I block many known adservers internally via bind. To obtain this
> list of adservers, I use http://pgl.yoyo.org/adservers/ which generates
> a file with the following syntax: zone "example.com" { type master;
> notify no; file "pri/null.zone"; }; The Null zone looks as follows:
>
> ; BIND db file for ad servers - point all addresses to an invalid IP
> $TTL 864000 ; ten days
>
> @ IN SOA ns0.example.net. hostmaster.example.net. (
> 2008032800 ; serial number YYMMDDNN
> 288000 ; refresh 80 hours
> 72000 ; retry 20 hours
> 8640000 ; expire 100 days
> 864000 ) ; min ttl 10 day
> NS ns0.example.net.
>
> A 0.0.0.0
>
> * IN A 0.0.0.0
>
> Obviously with this and the many (generated) zones having 1 dummy zone
> sounds reasonable logically.
>
> These adservers are included in my 'internal' view as such:
>
> view "internal" {
> match-clients { internal; trusted; };
> recursion yes;
>
> include "/etc/bind/dlz_internal.conf";
>
> # include "/etc/bind/adservers.conf";
> };
>
> Adservers.conf being commented here as bind now fails on this.
>
> My question is, what is a good method to do this with the latest bind. I
> tried to find some way to disable updates or mark the view/include as
> 'read-only' but have not found this out as of yet.
>
> Any tips and tricks appreciated!
>
> Olliver
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
Presumably you have a zone which which has pri/null.zone as a slave
or you have a global/view level dynamic updating of all master zones
turned on as just sharing a read-only master zone is still permitted.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list