Re: using bind for blacklist of domains

Tue, 24 Mar 2009 15:13:35 -0700 

Quoting Kevin Darcy <k...@chrysler.com>:


dhottin...@harrisonburg.k12.va.us wrote:

Quoting Doug McIntyre <mer...@dork.geeks.org>:


In comp.protocols.dns.bind you write:

Has anyone used their internal dns server for blacklisting? I would
like to specifically block access to domains that are spreading
malware. I was grepping around the internet and fell upon this
website http://www.malwaredomains.com/, but dont seem to be able to
get my internal name server to like any of the configs I push on it.
thanks for any advice that might be offered.


It should be easy enough to take the list, parse it into config line
items pointing to a single zone file that just maps * to 127.0.0.1 or
something.

Or you could just use OpenDNS?

(Not that I use them, but thats one of the free features they support).
Sounds good and that is what I thought (except for OpenDNS), however I created a zone file named blacklist.host and added an entry into my named.conf file that said 
zone "00.devoid.us" {
type master;
file "blockeddomains.host";
};

When I restart named I get the following error message in my message logs:
Mar 24 14:14:14.970 dns_master_load: blockeddomains.host:9: no current owner name Mar 24 14:14:14.971 zone 00.devoid.us/IN: loading master file blockeddomains.host: no owner I actually have 8 existing zones on this server and they each have a root server listed in their zone files. Do I need to have a root server in this one? 


This isn't an architecture problem, it's a syntax error in the zone file.

If you post the contents of the file, up to line 9, we should be able
to spot the syntax error and explain to you how to fix it.

- Kevin

_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users


Contents of blockeddomains.host:
  $TTL    86400   ; one day

  @       IN      SOA     ns.hhs.harrisonburg.k12.va.us
                         (
                          2004061000       ; serial number 09032401
                          28800   ; refresh  8 hours
                          7200    ; retry    2 hours
                          864000  ; expire  10 days
                          86400 ) ; min ttl  1 day
                  NS      ns1.harrisonburg.k12.va.us.
                  NS      ns2.harrisonburg.k12.va.us.

                  A       0.0.0.0

  *               IN      A       0.0.0.0


thanks,

ddh


--
Dwayne Hottinger
Network Administrator
Harrisonburg City Public Schools

"Everything should be made as simple as possible, but not simpler."
-- Albert Einstein

"The hottest places in Hell are reserved for those who, in times of moral
crisis, preserved their neutrality."
-- Dante

_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to