bsdzone BSDZone - FreeBSD help, how-to guides, and articles.

  [ Home ]   [ Current News ]   [ Howto Archive ]   [ Books ]   [ Search ]   [ Links ]   [ Contact ]  [ About ]  


A little spyware protection.
General Admin - 19 Feb 07

A little spyware protection.

I’m probably not the only person out there who has Windows XP on their network(gasp).
Trying to get my wife to use FreeBSD is not worth the effort.

Besides using FreeBSD as a firewall for my entire home network, I also use it as our DNS server.
In comes Blackhole DNS. The basic idea is to not resolve any sites that are known to be associated with malware.

FreeBSD already comes with BIND installed so we just have to activate it and work on the config files to get this to work.

First add this to /etc/rc.conf
named_enable=”YES”

# cd /etc/namedb
# wget http://www.bleedingsnort.com/blackhole-dns/files/blockeddomain.hosts
# wget http://www.bleedingsnort.com/blackhole-dns/files/spywaredomains.zones
# wget http://www.bleedingsnort.com/blackhole-dns/files/update.sh
# chmod 755 update.sh
# cp /etc/namedb/named.conf /etc/namedb/named.bak

Add this to /etc/named.conf
include “/etc/namedb/spywaredomains.zones”;

I don’t use my DNS server for anything but a local caching server and my firewall doesn’t allow lookups from anywhere but my local network. If you have a different situation then your will have to worry about recursion and numerous other things in your named.conf. Here is what my named.conf looks like after the changes.

Restart or start BIND
# /etc/rc.d/named restart

Now test your nameserver
# nslookup
> server localhost
Default server: localhost
Address: ::1#53
Default server: localhost
Address: 127.0.0.1#53
> google.com
Server: localhost
Address: 127.0.0.1#53

Non-authoritative answer:
Name: google.com
Address: 72.14.207.99
Name: google.com
Address: 64.233.167.99
Name: google.com
Address: 64.233.187.99
> scenicreflections.com
Server: localhost
Address: 127.0.0.1#53

Name: scenicreflections.com
Address: 127.0.0.1
> exit

As you can see scenicreflections.com which was listed as a bad domain now resolves to 127.0.0.1.

Change the interpretor in update.sh to the correct location, which is /usr/local/bin/bash then update the options to make the script work.

admin=”youremail@address.com”
stopBind=”/etc/rc.d/named stop”
startBind=”/etc/rc.d/named start”
killBind=”/etc/rc.d/named zap”

Test to make sure that the update.sh script works
# /etc/namedb/update.sh

Finally point your Windows machines to your new DNS server, and surf away.
You should start to notice missing ads in pages.

If everything is okay add this to your /etc/crontab to update the domains everyday.
1 2 * * * root /etc/namedb/update.sh

Leave a Reply