Blocking undesirable domains using BIND

Hello,

I'm currently setting up a new firewall for my home network
using
FreeBSD 7. The firewall will also act as our local name
server
(authoritative for the local domain, and caching for
everything else).
One of the things I'd like to do with it is use BIND to
block various
undesirable domains (ad servers, malicious sites, etc.). The
plan is
to have a separate BIND config file which is included in the
main one.
In that file I map all the blocked domains to either the
empty zone or
perhaps my local web server that's just serving a blank page
for any
request. Haven't decided which way is better yet. This file
is updated
periodically (once a week maybe) and BIND is then told to
reload the
config. That's the plan as it stands now, eventually I hope
to add a
web interface to the system for adding and removing blocked
domains.

My question for you guys is if know any _reliable_ sources
for getting
that list of domains in the first place? I currently use the
hosts
file on all my machines, which is about 2MB in size and
hasn't been
updated in several years. I'll definitely import all of
those entries
myself, but it would be good if I could periodically pull an
updated
list from somewhere else. The following site has a pretty
decent
collection of ad servers, though it's a bit short compared
to what I
already have: http://pgl.yoyo.org/a
dservers/. It even provides the
list in a BIND format, meaning that I don't need to do any
additional
processing with it. Just fetch the page and reload BIND.
This,
however, is not one of my requirements. I'm perfectly happy
getting
just a list of the domains (in any format), and then
processing them
into a BIND config file myself. Just need good sources. What
are your
recommendations?

- Max
_______________________________________________
freebsd-questionsfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-que
stions
To unsubscribe, send any mail to
"freebsd-questions-unsubscribefreebsd.org"

On Dec 27, 2007 3:46 PM, Maxim Khitrov <mkhitrovgmail.com> wrote:
> Hello,
>
> I'm currently setting up a new firewall for my home
network using
> FreeBSD 7. The firewall will also act as our local name
server
> (authoritative for the local domain, and caching for
everything else).
> One of the things I'd like to do with it is use BIND to
block various
> undesirable domains (ad servers, malicious sites,
etc.). The plan is
> to have a separate BIND config file which is included
in the main one.
> In that file I map all the blocked domains to either
the empty zone or
> perhaps my local web server that's just serving a blank
page for any
> request. Haven't decided which way is better yet. This
file is updated
> periodically (once a week maybe) and BIND is then told
to reload the
> config. That's the plan as it stands now, eventually I
hope to add a
> web interface to the system for adding and removing
blocked domains.
>
> My question for you guys is if know any _reliable_
sources for getting
> that list of domains in the first place? I currently
use the hosts
> file on all my machines, which is about 2MB in size and
hasn't been
> updated in several years. I'll definitely import all of
those entries
> myself, but it would be good if I could periodically
pull an updated
> list from somewhere else. The following site has a
pretty decent
> collection of ad servers, though it's a bit short
compared to what I
> already have: http://pgl.yoyo.org/a
dservers/. It even provides the
> list in a BIND format, meaning that I don't need to do
any additional
> processing with it. Just fetch the page and reload
BIND. This,
> however, is not one of my requirements. I'm perfectly
happy getting
> just a list of the domains (in any format), and then
processing them
> into a BIND config file myself. Just need good sources.
What are your
> recommendations?
>
> - Max
> _______________________________________________

You could always try one of those ad-blocking databases for
firefox.
The Ad-Block Plus plugin, I was thinking of specifically.

http://easylist.adblo
ckplus.org

You could grab that file, then parse it and grab the domains
out of it to block.

I know this isn't what you want, but it may come in useful
anyway:
http://www.
okean.com/asianspamblocks.html
_______________________________________________
freebsd-questionsfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-que
stions
To unsubscribe, send any mail to
"freebsd-questions-unsubscribefreebsd.org"

On Dec 27, 2007 1:46 PM, Maxim Khitrov <mkhitrovgmail.com> wrote:
> Hello,
>
> I'm currently setting up a new firewall for my home
network using
> FreeBSD 7. The firewall will also act as our local name
server
> (authoritative for the local domain, and caching for
everything else).
> One of the things I'd like to do with it is use BIND to
block various
> undesirable domains (ad servers, malicious sites,
etc.). The plan is
> to have a separate BIND config file which is included
in the main one.
> In that file I map all the blocked domains to either
the empty zone or
> perhaps my local web server that's just serving a blank
page for any
> request. Haven't decided which way is better yet. This
file is updated
> periodically (once a week maybe) and BIND is then told
to reload the
> config. That's the plan as it stands now, eventually I
hope to add a
> web interface to the system for adding and removing
blocked domains.
>
> My question for you guys is if know any _reliable_
sources for getting
> that list of domains in the first place? I currently
use the hosts
> file on all my machines, which is about 2MB in size and
hasn't been
> updated in several years. I'll definitely import all of
those entries
> myself, but it would be good if I could periodically
pull an updated
> list from somewhere else. The following site has a
pretty decent
> collection of ad servers, though it's a bit short
compared to what I
> already have: http://pgl.yoyo.org/a
dservers/. It even provides the
> list in a BIND format, meaning that I don't need to do
any additional
> processing with it. Just fetch the page and reload
BIND. This,
> however, is not one of my requirements. I'm perfectly
happy getting
> just a list of the domains (in any format), and then
processing them
> into a BIND config file myself. Just need good sources.
What are your
> recommendations?

Look into the Blackhole-DNS project, formerly one of the
BleedingThreats projects hosted at
http://w
ww.bleedingsnort.com/blackhole-dns/.

This project tracks many hostile domains and produces BIND
format
files for this very purpose. It's not a great resource for
ad
blocking, as it focuses mainly on security threats (spyware,
other
malware, etc.)

Since there has been some shuffling and reorganization
happening
around the BleedingThreats project, it's in a state of flux
right now.
The current home of the DNS-BH project is at
http://malwaredomains.com
/.

-- 
Darren Spruell
phatbuckettgmail.com
_______________________________________________
freebsd-questionsfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-que
stions
To unsubscribe, send any mail to
"freebsd-questions-unsubscribefreebsd.org"

Maxim Khitrov wrote:
> into a BIND config file myself. Just need good sources.
What are your
> recommendations?
>   
I keep a small but potent list of undesirables as described
here...
http://
mark.foster.cc/wiki/index.php/Trackers

-- 
Said one park ranger, 'There is considerable overlap between
the 
 intelligence of the smartest bears and the dumbest
tourists.'
Mark D. Foster, CISSP <markfoster.cc>  http://mark.foster.cc/

_______________________________________________
freebsd-questionsfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-que
stions
To unsubscribe, send any mail to
"freebsd-questions-unsubscribefreebsd.org"

Maxim Khitrov wrote:
> Hello,
> 
> I'm currently setting up a new firewall for my home
network using
> FreeBSD 7. The firewall will also act as our local name
server
> (authoritative for the local domain, and caching for
everything else).
> One of the things I'd like to do with it is use BIND to
block various
> undesirable domains (ad servers, malicious sites,
etc.). The plan is
> to have a separate BIND config file which is included
in the main one.

Just a question, and I'm not trying to cast doubt on your
plan; I'm 
curious why using BIND for this purpose instead of a proxy,
which is
a more typical application as I understand it?

Again, I'm not trying to convince you otherwise or say that
using
BIND is a bad idea.  It's just that I'm curious because we
use
Squid for this sort of thing, and I was wondering why BIND
instead?

Kevin Kinsey

> In that file I map all the blocked domains to either
the empty zone or
> perhaps my local web server that's just serving a blank
page for any
> request. Haven't decided which way is better yet. This
file is updated
> periodically (once a week maybe) and BIND is then told
to reload the
> config. That's the plan as it stands now, eventually I
hope to add a
> web interface to the system for adding and removing
blocked domains.
> 
> My question for you guys is if know any _reliable_
sources for getting
> that list of domains in the first place? I currently
use the hosts
> file on all my machines, which is about 2MB in size and
hasn't been
> updated in several years. I'll definitely import all of
those entries
> myself, but it would be good if I could periodically
pull an updated
> list from somewhere else. The following site has a
pretty decent
> collection of ad servers, though it's a bit short
compared to what I
> already have: http://pgl.yoyo.org/a
dservers/. It even provides the
> list in a BIND format, meaning that I don't need to do
any additional
> processing with it. Just fetch the page and reload
BIND. This,
> however, is not one of my requirements. I'm perfectly
happy getting
> just a list of the domains (in any format), and then
processing them
> into a BIND config file myself. Just need good sources.
What are your
> recommendations?
> 
> - Max


-- 
QOTD:
	A child of 5 could understand this! Fetch me a child of 5.
_______________________________________________
freebsd-questionsfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-que
stions
To unsubscribe, send any mail to
"freebsd-questions-unsubscribefreebsd.org"

Hi,

I use hosts to block unwanted content but on per machine
base.

I use currentlu this as a starting point and add private
preferences to 
hosts.

http://www.
mvps.org/winhelp2002/hosts.txt

Has bind a visible advantage in the response time?

Erich

Maxim Khitrov wrote:
> Hello,
> 
> I'm currently setting up a new firewall for my home
network using
> FreeBSD 7. The firewall will also act as our local name
server
> (authoritative for the local domain, and caching for
everything else).
> One of the things I'd like to do with it is use BIND to
block various
> undesirable domains (ad servers, malicious sites,
etc.). The plan is
> to have a separate BIND config file which is included
in the main one.
> In that file I map all the blocked domains to either
the empty zone or
> perhaps my local web server that's just serving a blank
page for any
> request. Haven't decided which way is better yet. This
file is updated
> periodically (once a week maybe) and BIND is then told
to reload the
> config. That's the plan as it stands now, eventually I
hope to add a
> web interface to the system for adding and removing
blocked domains.
> 
> My question for you guys is if know any _reliable_
sources for getting
> that list of domains in the first place? I currently
use the hosts
> file on all my machines, which is about 2MB in size and
hasn't been
> updated in several years. I'll definitely import all of
those entries
> myself, but it would be good if I could periodically
pull an updated
> list from somewhere else. The following site has a
pretty decent
> collection of ad servers, though it's a bit short
compared to what I
> already have: http://pgl.yoyo.org/a
dservers/. It even provides the
> list in a BIND format, meaning that I don't need to do
any additional
> processing with it. Just fetch the page and reload
BIND. This,
> however, is not one of my requirements. I'm perfectly
happy getting
> just a list of the domains (in any format), and then
processing them
> into a BIND config file myself. Just need good sources.
What are your
> recommendations?
> 
> - Max
> _______________________________________________
> freebsd-questionsfreebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-que
stions
> To unsubscribe, send any mail to
"freebsd-questions-unsubscribefreebsd.org"
> 
_______________________________________________
freebsd-questionsfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-que
stions
To unsubscribe, send any mail to
"freebsd-questions-unsubscribefreebsd.org"

> Has bind a visible advantage in the response time?

Maybe not in response time, but certainly in centralisation:
you only
maintain one DNS instead of every machine.

Olivier
_______________________________________________
freebsd-questionsfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-que
stions
To unsubscribe, send any mail to
"freebsd-questions-unsubscribefreebsd.org"

On Dec 27, 2007 7:16 PM, Kevin Kinsey <kdkdaleco.biz> wrote:
> Maxim Khitrov wrote:
> > Hello,
> >
> > I'm currently setting up a new firewall for my
home network using
> > FreeBSD 7. The firewall will also act as our local
name server
> > (authoritative for the local domain, and caching
for everything else).
> > One of the things I'd like to do with it is use
BIND to block various
> > undesirable domains (ad servers, malicious sites,
etc.). The plan is
> > to have a separate BIND config file which is
included in the main one.
>
> Just a question, and I'm not trying to cast doubt on
your plan; I'm
> curious why using BIND for this purpose instead of a
proxy, which is
> a more typical application as I understand it?
>
> Again, I'm not trying to convince you otherwise or say
that using
> BIND is a bad idea.  It's just that I'm curious because
we use
> Squid for this sort of thing, and I was wondering why
BIND instead?
>
> Kevin Kinsey

I also need a local name server for my domain. That's the
primary
function, and this filtering stuff is just an added bonus.
It'll also
be nice to bypass the ISP name servers, which haven't been
very
reliable lately.

- Max
_______________________________________________
freebsd-questionsfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-que
stions
To unsubscribe, send any mail to
"freebsd-questions-unsubscribefreebsd.org"

On Dec 27, 2007 4:27 PM, Schiz0 <schiz0phrenic21gmail.com> wrote:
>
> On Dec 27, 2007 3:46 PM, Maxim Khitrov <mkhitrovgmail.com> wrote:
> > Hello,
> >
> > I'm currently setting up a new firewall for my
home network using
> > FreeBSD 7. The firewall will also act as our local
name server
> > (authoritative for the local domain, and caching
for everything else).
> > One of the things I'd like to do with it is use
BIND to block various
> > undesirable domains (ad servers, malicious sites,
etc.). The plan is
> > to have a separate BIND config file which is
included in the main one.
> > In that file I map all the blocked domains to
either the empty zone or
> > perhaps my local web server that's just serving a
blank page for any
> > request. Haven't decided which way is better yet.
This file is updated
> > periodically (once a week maybe) and BIND is then
told to reload the
> > config. That's the plan as it stands now,
eventually I hope to add a
> > web interface to the system for adding and
removing blocked domains.
> >
> > My question for you guys is if know any _reliable_
sources for getting
> > that list of domains in the first place? I
currently use the hosts
> > file on all my machines, which is about 2MB in
size and hasn't been
> > updated in several years. I'll definitely import
all of those entries
> > myself, but it would be good if I could
periodically pull an updated
> > list from somewhere else. The following site has a
pretty decent
> > collection of ad servers, though it's a bit short
compared to what I
> > already have: http://pgl.yoyo.org/a
dservers/. It even provides the
> > list in a BIND format, meaning that I don't need
to do any additional
> > processing with it. Just fetch the page and reload
BIND. This,
> > however, is not one of my requirements. I'm
perfectly happy getting
> > just a list of the domains (in any format), and
then processing them
> > into a BIND config file myself. Just need good
sources. What are your
> > recommendations?
> >
> > - Max
> > _______________________________________________
>
> You could always try one of those ad-blocking databases
for firefox.
> The Ad-Block Plus plugin, I was thinking of
specifically.
>
> http://easylist.adblo
ckplus.org
>
> You could grab that file, then parse it and grab the
domains out of it to block.
>
> I know this isn't what you want, but it may come in
useful anyway:
> http://www.
okean.com/asianspamblocks.html
>

The problem with adblock is that it uses regular expressions
in its
file format. No easy way of pulling out all the domains.
That IP block
info will come in handy when setting up pf, so thanks for
that.

- Max
_______________________________________________
freebsd-questionsfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-que
stions
To unsubscribe, send any mail to
"freebsd-questions-unsubscribefreebsd.org"

> Again, I'm not trying to convince you otherwise or say
that using
> BIND is a bad idea.  It's just that I'm curious because
we use
> Squid for this sort of thing, and I was wondering why
BIND instead?

I think another issue is that Squid will only filter
HTTP/FTP
connections, while DNS would allow to filter any type of
traffic that
would try to go to places with a bad name.

Olivier
_______________________________________________
freebsd-questionsfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-que
stions
To unsubscribe, send any mail to
"freebsd-questions-unsubscribefreebsd.org"