The "Right Way" to Block Domains with Bind9

mpapet · 04-21-2018, 10:41 PM

I am a DNS newbie and have set up Bind9 as an adblocking server inside my LAN.

I've seen adblocking zones written as returning localhost and still others returning NXDOMAIN. I basically have an entry for each ad-serving domain, and then point the domain to an internal IP address.

Is one way more "right" than another?

This might be a dumb question: Is there a better way to handle subdomains? For example, hybl9bazbc35.pflexads.com as a domain entry plfexads.com, then the hyb... part as a host?

MensaWater · 04-23-2018, 08:11 AM

I'd say using DNS for this purpose isn't correct.

You should use a firewall instead. Allow the things you want and block everything else.

Security by inclusion of what you know is always better. Trying to exclude the ever changing number of new things on the internet would be an administrative nightmare.

jefro · 04-24-2018, 12:42 PM

Some how to's on web for this. https://charlieharvey.org.uk/page/ad...th_bind_apache

At some point in all this you'll need some list. There are black and white lists that might be used. There are hosts files that could be used too. The list of bad places is pretty large.

Some dns services will help to provide filtering also.