2012-09-01

using bind to block domains

Is this bind usage a good way to block domains on a local network ?

root@gwen:/etc/bind# tail -2 named.conf.local
zone "facebook.com" { type master; file "/etc/bind/db.block"; };
zone "twitter.com" { type master; file "/etc/bind/db.block"; };

root@gwen:/etc/bind# cat db.block
$TTL 24h
@       IN SOA ns1.antwerp.local. paul.cobbaut.gmail.com. (
                  2012082800  86400  300  604800  3600 )
@       IN      NS   ns1.antwerp.local.
@       IN      A    127.0.0.1
*       IN      A    127.0.0.1

Or is there an obvious better solution ?
at

4 comments:

  1. NiobosSunday, September 02, 2012 10:45:00 AM

    returning 127.0.0.1 will either yield a timeout in the browser, or the user will see his own webserver; none of them indicates the real problem (i.e. this site is blocked).
    I would set up a simple webserver serving a page "Not allowed" for every request, and point the DNS-records there.

    Note that this only works if the users are using this particular DNS-server, but you probably knew that already.

    Just a side-note: Your SOA-line should probably read:
    @ IN SOA ns1.antwerp.local. paul\.cobbaut.gmail.com. (...)

    Unless you really are paul@cobbaut.gmail.com. Note the backslash in the email-address, and see RFC1035 for details.

    ReplyDelete
  2. Paul CobbautSunday, September 02, 2012 10:55:00 AM

    Thanks for both tips!

    ReplyDelete
  3. wouter verhelstSunday, September 02, 2012 12:49:00 PM

    If you really (really) want to block certain sites, the best way is a combination of a firewall and a proxyserver with a blacklist. DNS tricks can be worked around; to do the same with firewalls is hard.

    ReplyDelete
  4. Paul CobbautSunday, September 02, 2012 7:13:00 PM

    @Wouter: I know, thanks anyway.

    When will you make another move ? (or just surrender and I 'll open with 1. b3)

    ReplyDelete