Re: For anyone interested in blocking nameserver lookups to sites

• Previous message: Alan W. Frame: "Re: --state ESTABLISHED,RELATED"
• In reply to: Chris Sherlock: "For anyone interested in blocking nameserver lookups to sites"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: Simon Green <spammenot@nowhere.org>
Date: Sat, 09 Feb 2002 10:13:23 GMT

Clever idea!

hris Sherlock wrote:

> Here is the procedure that I have used. First of all, I am using a BIND
> 8.2.x series name server and a semi-current version of RedHat Linux.
>
> The first thing that you need to do is setup the start of the named.conf
> file (in my case this is /etc/named.conf):
>
> options {
> version "Sorry, not going to give you this";
> directory "/var/named";
> listen-on { 10/8; };
> /*
> * If there is a firewall between you and nameservers you want
> * to talk to, you might need to uncomment the query-source
> * directive below. Previous versions of BIND always asked
> * questions using port 53, but BIND 8.1 uses an unprivileged
> * port by default.
> */
> // query-source address * port 53;
> forwarders { 203.2.75.2; 203.2.75.12; };
> forward first;
> };
>
> Setup your forwarders as your primary and secondary name servers (these
> are Optus Internet's). What you will want to do is make BIND only listen
> on the interface that your internal network is located. In most dialup
> users case this will be your network range for eth0, however a quick
> example may illustrate what I am trying to say:
>
> I have a bit of a strange setup: I am connected to a network with the
> private IP range of 192.168.*.*, and I have made another network with the
> private IP range of 10.*.*.* An "ifconfig" shows the following:
>
> eth0 Link encap:Ethernet HWaddr 00:40:05:55:91:3F
> inet addr:10.0.0.1 Bcast:10.255.255.255 Mask:255.0.0.0
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:6737 errors:0 dropped:0 overruns:0 frame:0
> TX packets:8296 errors:0 dropped:0 overruns:0 carrier:0
> collisions:92 txqueuelen:100
> Interrupt:10 Base address:0x6000
>
> eth1 Link encap:Ethernet HWaddr 00:A0:C9:D9:A8:07
> inet addr:192.168.1.7 Bcast:192.168.1.255 Mask:255.255.255.0
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:9134 errors:0 dropped:0 overruns:0 frame:0
> TX packets:6806 errors:90 dropped:0 overruns:0 carrier:87
> collisions:65 txqueuelen:100
> Interrupt:9 Base address:0x210
>
> lo Link encap:Local Loopback
> inet addr:127.0.0.1 Mask:255.0.0.0
> UP LOOPBACK RUNNING MTU:3924 Metric:1
> RX packets:208 errors:0 dropped:0 overruns:0 frame:0
> TX packets:208 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0
>
> My eth0 is the interface I am using for my internal ethernet interface and
> my eth1 is my external ethernet interface. Obviously I want to listen in
> on my internal interface and not my external interface so I add the
> "listen-on
> { 10/8; };" statement to my options clause.
>
> Next, setup any zones that you want for your internal network. Then you
> need to setup the PTR records for your localhost:
>
> zone "0.0.127.in-addr.arpa" {
> type master;
> file "named.local";
> };
>
> Next you add the zones of people who you don't like and would like to
> block name server lookups to.
>
> (The following example shows how to block lookups to two sites that have a
> great propensity of annoying people - doubleclick.net and x10.com
>
> // block the main offenders
> zone "doubleclick.net" in {
> type master;
> file "named.local";
> };
>
> zone "x10.com" in {
> type master;
> file "named.local";
> };
>
> This works by tricking your name server into thinking that it has the
> "authority" to resolve anything within this domain.
>
> Another one that you may want to add a zone for is auto.search.msn.com,
> however you can go into Internet Options -> Advanced tab and turn off
> auto-searching from the address bar. It's up to you. What I have done is
> both - here is the zone I added:
>
> # Adding this because Microsoft Internet Explorer 5.x will
> # attempt to use MSN search if auto-search and display site is
> # turned on - thus bypassing our DNS blocking
>
> zone "auto.search.msn.com" in {
> type master;
> file "named.local";
> };
>
> The next file to setup is the PTR records for 127.0.0.1. In this case the
> file will be called /var/named/named.local - you can change the directory
> this is located in by changing the "directory" statement in the options
> clause at the start of /etc/named.conf
>
> $TTL 3h
> @ IN SOA localhost. root.localhost. (
> 1997022700 ; Serial
> 28800 ; Refresh
> 14400 ; Retry
> 3600000 ; Expire
> 86400 ) ; Minimum
> IN NS localhost.
>
> 1 IN PTR localhost.
>
> OK, now either start/restart named (on RedHat you can just do a
> /etc/rc.d/init.d/named start) and this should block domain lookups to
> sites you don't like!
>
> I hope that this helps out ppl who are trying to do just this very thing!
> It took me a while to figure out how to do this myself - the documentation
> I used initially was a little lacking and I feel that this may be a bit
> clearer.
>
> If you want to see my full named.conf file you can locate it at
> http://members.optusnet.com.au/~csherlock/named.conf It has quite a few
> different sites that I have found like to track/annoy me.
>
> Oh, and don't forget to setup your resolvers to point to your new
> nameserver! Else this will not work.
>
> Chris

• Next message: Glen: "can opening up port 6346 for gnutella compromise my box?"
• Previous message: Alan W. Frame: "Re: --state ESTABLISHED,RELATED"
• In reply to: Chris Sherlock: "For anyone interested in blocking nameserver lookups to sites"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]