For anyone interested in blocking nameserver lookups to sites

• Previous message: Bill Unruh: "Re: /tmp filling up with thousands of identical files!"
• Next in thread: Simon Green: "Re: For anyone interested in blocking nameserver lookups to sites"
• Reply: Simon Green: "Re: For anyone interested in blocking nameserver lookups to sites"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Chris Sherlock" <csherlock@optusnet.com.au>
Date: Sat, 9 Feb 2002 14:27:25 -0800

Here is the procedure that I have used. First of all, I am using a BIND
8.2.x series name server and a semi-current version of RedHat Linux.

The first thing that you need to do is setup the start of the named.conf
file (in my case this is /etc/named.conf):

options {
 version "Sorry, not going to give you this";
 directory "/var/named";
 listen-on { 10/8; };
 /*
  * If there is a firewall between you and nameservers you want
  * to talk to, you might need to uncomment the query-source
  * directive below. Previous versions of BIND always asked
  * questions using port 53, but BIND 8.1 uses an unprivileged
  * port by default.
  */
 // query-source address * port 53;
 forwarders { 203.2.75.2; 203.2.75.12; };
 forward first;
};

Setup your forwarders as your primary and secondary name servers (these are
Optus Internet's). What you will want to do is make BIND only listen on the
interface that your internal network is located. In most dialup users case
this will be your network range for eth0, however a quick example may
illustrate what I am trying to say:

I have a bit of a strange setup: I am connected to a network with the
private IP range of 192.168.*.*, and I have made another network with the
private IP range of 10.*.*.* An "ifconfig" shows the following:

eth0 Link encap:Ethernet HWaddr 00:40:05:55:91:3F
          inet addr:10.0.0.1 Bcast:10.255.255.255 Mask:255.0.0.0
          UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
          RX packets:6737 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8296 errors:0 dropped:0 overruns:0 carrier:0
          collisions:92 txqueuelen:100
          Interrupt:10 Base address:0x6000

eth1 Link encap:Ethernet HWaddr 00:A0:C9:D9:A8:07
          inet addr:192.168.1.7 Bcast:192.168.1.255 Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
          RX packets:9134 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6806 errors:90 dropped:0 overruns:0 carrier:87
          collisions:65 txqueuelen:100
          Interrupt:9 Base address:0x210

lo Link encap:Local Loopback
          inet addr:127.0.0.1 Mask:255.0.0.0
          UP LOOPBACK RUNNING MTU:3924 Metric:1
          RX packets:208 errors:0 dropped:0 overruns:0 frame:0
          TX packets:208 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0

My eth0 is the interface I am using for my internal ethernet interface and
my eth1 is my external ethernet interface. Obviously I want to listen in on
my internal interface and not my external interface so I add the "listen-on
{ 10/8; };" statement to my options clause.

Next, setup any zones that you want for your internal network. Then you need
to setup the PTR records for your localhost:

zone "0.0.127.in-addr.arpa" {
 type master;
 file "named.local";
};

Next you add the zones of people who you don't like and would like to block
name server lookups to.

(The following example shows how to block lookups to two sites that have a
great propensity of annoying people - doubleclick.net and x10.com

// block the main offenders
zone "doubleclick.net" in {
 type master;
 file "named.local";
};

zone "x10.com" in {
 type master;
 file "named.local";
};

This works by tricking your name server into thinking that it has the
"authority" to resolve anything within this domain.

Another one that you may want to add a zone for is auto.search.msn.com,
however you can go into Internet Options -> Advanced tab and turn off
auto-searching from the address bar. It's up to you. What I have done is
both - here is the zone I added:

# Adding this because Microsoft Internet Explorer 5.x will
# attempt to use MSN search if auto-search and display site is
# turned on - thus bypassing our DNS blocking

zone "auto.search.msn.com" in {
 type master;
 file "named.local";
};

The next file to setup is the PTR records for 127.0.0.1. In this case the
file will be called /var/named/named.local - you can change the directory
this is located in by changing the "directory" statement in the options
clause at the start of /etc/named.conf

$TTL 3h
@ IN SOA localhost. root.localhost. (
                                      1997022700 ; Serial
                                      28800 ; Refresh
                                      14400 ; Retry
                                      3600000 ; Expire
                                      86400 ) ; Minimum
              IN NS localhost.

1 IN PTR localhost.

OK, now either start/restart named (on RedHat you can just do a
/etc/rc.d/init.d/named start) and this should block domain lookups to sites
you don't like!

I hope that this helps out ppl who are trying to do just this very thing! It
took me a while to figure out how to do this myself - the documentation I
used initially was a little lacking and I feel that this may be a bit
clearer.

If you want to see my full named.conf file you can locate it at
http://members.optusnet.com.au/~csherlock/named.conf It has quite a few
different sites that I have found like to track/annoy me.

Oh, and don't forget to setup your resolvers to point to your new
nameserver! Else this will not work.

Chris

• Next message: John Sage: "Re: Windows More Secure Than Linux?"
• Previous message: Bill Unruh: "Re: /tmp filling up with thousands of identical files!"
• Next in thread: Simon Green: "Re: For anyone interested in blocking nameserver lookups to sites"
• Reply: Simon Green: "Re: For anyone interested in blocking nameserver lookups to sites"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]