Tim wrote:
On Sun, 2007-04-01 at 17:58 -0400, Bob Goodwin - W2BOD wrote:
The next question is how to insert the zone files into lan.conf?
does
zone "lan.example.com" {
type slave;
file "slaves/lan.example.com.zone";
masters { 192.168.1.2; };
become:
zone "tacoda.net" {
type slave;
file "slaves/tacoda.net.zone";
masters { 192.168.1.2; };
That's the general idea, though now I think I've muddied the waters with
that prior message and yours. Back then, I was talking about setting up
slave zones on a slave server, and the thread digressed. In that case,
each zone was set up like you've typed above, each with their own DNS
zone record files.
The advert blocking was done with a series of master zone
configurations, like this:
zone "adimages.com" { type master; file "dead.zone"; };
zone "admonitor.com" { type master; file "dead.zone"; };
Where they *all* reference the same "dead.zone" DNS zone record file.
Anyway, to try and answer everything in one go regarding blocking of
annoyances on some websites, I'll post a series of files below. But
I'll change one thing: I'll use blocking.conf instead of lan.conf.
Then I can use lan.conf file for configuring local machine addresses
(which could be masters or slaves, depending on what you're doing), and
a separate blocking.conf file just for that purpose. It might make
explanations simpler.
My custom /var/named/chroot/etc/named.conf file:
---------------[begin example]------------------
## LAN:
view lan_resolver {
match-clients { localhost; };
match-destinations { localhost; };
include "/etc/blocking.conf";
include "/etc/rndc.key";
};
include "/etc/named.caching-nameserver.conf";
----------------[end example]-------------------
This is a simple default file, that's easy to replace should it get
borked by a BIND update. The named.conf file will be loaded by default
by BIND, and this one refers to the named.caching-nameserver.conf file
so that function still works, and without altering the supplied conf
file. It includes any other custom files that I want to use, in this
case the blocking.conf file. I'd include a lan.conf file, too, in that
view section, if I was also using it to resolve local addresses (instead
of the hosts file, which is inadequate for certain services).
NB: It'd be a bit less painful without having to use "views", but since
the caching nameserver configuration file does, you're forced into
working the same way.
My custom /var/named/chroot/etc/blocking.conf file:
---------------[begin example]------------------
## advert blocking:
zone "adimages.com" { type master; file "dead.zone"; };
zone "admonitor.com" { type master; file "dead.zone"; };
zone "adsfac.net" { type master; file "dead.zone"; };
----------------[end example]-------------------
That file's a list of any domain that I want to kill off. Just add more
of the same below, as needed. Only use the domain name, it'll kill it
and any sub-domains in one go.
i.e. Using example.com will kill off it and www.example.com and
news.example.com and so on... But if I'd put in www.example.com, then
example.com would be left alone, and it'd be www.example.com and further
subdomains of www.example.com that got blocked (e.g. it'd block ones
like now.www.example.com and then.www.example.com, etc.).
My custom /var/named/chroot/var/named/dead.zone file:
---------------[begin example]------------------
$TTL 86400
@ IN SOA ns.localdomain. hostmaster.mail.localdomain. (
200 ; serial
28800 ; refresh
7200 ; retry
604800 ; expire
86400 ; ttl
)
IN NS ns.localdomain.
----------------[end example]-------------------
That causes all blocked domains to get a null answer, straight away.
Then the problem becomes harvesting the addresses. Is there a way
to get them other than reading them as they flash across the bottom of
the screen in Firefox?
The ones I used were the ones that frequently annoyed me. I never tried
to kill off *all* adverts, that's an endless game. I just picked on
ones that kept on being a pain (e.g. flash or pop-up adverts, and ones
that took ages to load and held everything else back while they did, on
websites that I regularly used), I've only got about twenty of them on
my list. Any website that acts in such inconsiderate ways towards their
viewers deserves the punishment of lost revenue.
Eureka! It works, once I figured out that I had to do 'service named
restart' each time I made a change, added an address to be blocked.
The blocked list still needs refinement but I am very happy with the result.
Thanks Tim.
Bob Goodwin