2012-09-01

using bind to block domains

Is this bind usage a good way to block domains on a local network ?

root@gwen:/etc/bind# tail -2 named.conf.local
zone "facebook.com" { type master; file "/etc/bind/db.block"; };
zone "twitter.com" { type master; file "/etc/bind/db.block"; };

root@gwen:/etc/bind# cat db.block
$TTL 24h
@       IN SOA ns1.antwerp.local. paul.cobbaut.gmail.com. (
                  2012082800  86400  300  604800  3600 )
@       IN      NS   ns1.antwerp.local.
@       IN      A    127.0.0.1
*       IN      A    127.0.0.1

Or is there an obvious better solution ?

4 comments:

Niobos said...

returning 127.0.0.1 will either yield a timeout in the browser, or the user will see his own webserver; none of them indicates the real problem (i.e. this site is blocked).
I would set up a simple webserver serving a page "Not allowed" for every request, and point the DNS-records there.

Note that this only works if the users are using this particular DNS-server, but you probably knew that already.

Just a side-note: Your SOA-line should probably read:
@ IN SOA ns1.antwerp.local. paul\.cobbaut.gmail.com. (...)

Unless you really are paul@cobbaut.gmail.com. Note the backslash in the email-address, and see RFC1035 for details.

Paul Cobbaut said...

Thanks for both tips!

wouter verhelst said...

If you really (really) want to block certain sites, the best way is a combination of a firewall and a proxyserver with a blacklist. DNS tricks can be worked around; to do the same with firewalls is hard.

Paul Cobbaut said...

@Wouter: I know, thanks anyway.

When will you make another move ? (or just surrender and I 'll open with 1. b3)