On 8/30/2012 10:33 AM, Rick Coloccia wrote:
add this line to /etc/named.conf
include "locallyblockeddomains.zones";
contents of locallyblockeddomains.zones:
// This bind zone is intended to be included in a running dns server
for a local net
//
// It will return a 127.0.0.1 for the domains listed as malware
//
// This is for locally determined domains we want blocked
//
//
zone "r.im" {type master; file "/etc/namedb/blockeddomain.hosts";};
<snipped many more out>
zone "emailupgrader.clan.su" {type master;file
"/etc/named/blockeddomain.hosts";};
this is the /etc/namedb/blockeddomain.hosts file:
$TTL 86400 ; one day
@ IN SOA ns1.geneseo.edu coloccia.geneseo.edu (
2007112601 ; serial
28800 ; refresh 8 hours
7200 ; retry 2 hours
864000 ; expire 10 days
86400 ) ; min ttl 1 day
IN NS ns1.geneseo.edu.
A 127.0.0.1
* IN A 127.0.0.1
* IN AAAA ::1
; This zone will kill all traffic to a listed domain
Done.
Add domains you want blocked to the locallyblockeddomains.zones file.
The null or "unspecified" address -- "0.0.0.0" in IPv4, "::" in IPv6 --
is generally considered the more polite and "proper" way to express
"don't ever try to connect to this".
If you put a loopback address in there, a poorly-coded app might end up
spinning, connecting to itself. But the unspecified address gets stopped
cold at the OS level so it's the preferred choice.
- Kevin
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
