Nameserver Problem Revisited -

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Tim wrote:


The advert blocking was done with a series of master zone
configurations, like this:

  zone "adimages.com"   { type master; file  "dead.zone"; };
  zone "admonitor.com"  { type master; file  "dead.zone"; };

Where they *all* reference the same "dead.zone" DNS zone record file.

Anyway, to try and answer everything in one go regarding blocking of
annoyances on some websites, I'll post a series of files below.  But
I'll change one thing:  I'll use blocking.conf instead of lan.conf.
Then I can use lan.conf file for configuring local machine addresses
(which could be masters or slaves, depending on what you're doing), and
a separate blocking.conf file just for that purpose.  It might make
explanations simpler.

My custom /var/named/chroot/etc/named.conf file:

---------------[begin example]------------------
## LAN:

view  lan_resolver {
        match-clients      { localhost; };
        match-destinations { localhost; };
        include "/etc/blocking.conf";
        include "/etc/rndc.key";
};

include "/etc/named.caching-nameserver.conf";
----------------[end example]-------------------

This is a simple default file, that's easy to replace should it get
borked by a BIND update.  The named.conf file will be loaded by default
by BIND, and this one refers to the named.caching-nameserver.conf file
so that function still works, and without altering the supplied conf
file.  It includes any other custom files that I want to use, in this
case the blocking.conf file.  I'd include a lan.conf file, too, in that
view section, if I was also using it to resolve local addresses (instead
of the hosts file, which is inadequate for certain services).

NB:  It'd be a bit less painful without having to use "views", but since
the caching nameserver configuration file does, you're forced into
working the same way.

My custom /var/named/chroot/etc/blocking.conf file:

---------------[begin example]------------------
## advert blocking:

zone "adimages.com"             { type master; file  "dead.zone"; };
zone "admonitor.com"            { type master; file  "dead.zone"; };
zone "adsfac.net"               { type master; file  "dead.zone"; };
----------------[end example]-------------------

That file's a list of any domain that I want to kill off.  Just add more
of the same below, as needed.  Only use the domain name, it'll kill it
and any sub-domains in one go.

i.e. Using example.com will kill off it and www.example.com and
news.example.com and so on...  But if I'd put in www.example.com, then
example.com would be left alone, and it'd be www.example.com and further
subdomains of www.example.com that got blocked (e.g. it'd block ones
like now.www.example.com and then.www.example.com, etc.).

My custom /var/named/chroot/var/named/dead.zone file:

---------------[begin example]------------------
$TTL 86400
@       IN      SOA     ns.localdomain.  hostmaster.mail.localdomain. (
                        200 ; serial
                        28800 ; refresh
                        7200 ; retry
604800 ; expire 86400 ; ttl
                        )


        IN      NS      ns.localdomain.
----------------[end example]-------------------

That causes all blocked domains to get a null answer, straight away.



This scheme worked nicely until this morning!

Suddenly things have returned to the earlier state where the browser downloads each ad again, requiring about a minute to bring up a news article instead of the few seconds that were required after making the suggested changes to /var/named/chroot/etc/blocked.conf and dead.zone, etc. None of those files appear to have changed but, something has just this morning.

This mornings updates include:

Apr 07 03:32:53 Updated: ImageMagick.i386 6.2.8.0-4.fc6
Apr 07 03:32:53 Updated: ImageMagick-c++.i386 6.2.8.0-4.fc6
Apr 07 03:32:56 Updated: selinux-policy.noarch 2.4.6-49.fc6
Apr 07 03:33:05 Updated: selinux-policy-targeted.noarch 2.4.6-49.fc6
Apr 07 03:33:06 Updated: ImageMagick-perl.i386 6.2.8.0-4.fc6

selinux is disabled and the rest don't appear suspect.

And I don't know where to look next?

Bob Goodwin



[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux