Fwd: Re: [Pdns-users] Use recursor to block phishing
Bert, Follow the recursor.conf: # Drop uid setuid=nobody # Drop gid setgid=nobody # Don't log queries quiet=on # Local IP address to bind to local-address=10.1.1.140 # Local port to bind to local-port=53 # Change root for safety chroot=/var/lib/powerdns # Bloqueia malware auth-zones=malware=/etc/powerdns/malware And... follow the log: Jul 30 07:17:53 [pdns_recursor] PowerDNS recursor 3.1.7 (C) 2001-2008 PowerDNS.COM BV (Jul 20 2008, 23:16:13, gcc 4.2.2 (Gentoo 4.2.2 p1.0)) starting up Jul 30 07:17:53 [pdns_recursor] PowerDNS comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it according to the terms of the GPL version 2. Jul 30 07:17:53 [pdns_recursor] Operating in 64 bits mode Jul 30 07:17:53 [pdns_recursor] Reading random entropy from '/dev/urandom' Jul 30 07:17:53 [pdns_recursor] Only allowing queries from: 127.0.0.0/8, 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, ::1/128, fe80::/10 Jul 30 07:17:53 [pdns_recursor] Will not send queries to: 127.0.0.0/8, 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, ::1/128, fe80::/10 Jul 30 07:17:53 [pdns_recursor] Parsing authoritative data for zone 'malware.' from file '/etc/powerdns/malware' Jul 30 07:17:53 [pdns_recursor] Inserting rfc 1918 private space zones Jul 30 07:17:53 [pdns_recursor] Listening for UDP queries on 10.1.1.140:53 Jul 30 07:17:53 [pdns_recursor] Not decreasing socket buffer size from 65536 to 65000 Jul 30 07:17:53 [pdns_recursor] Listening for TCP queries on 10.1.1.140:53 Jul 30 07:17:53 [pdns_recursor] Done priming cache with root hints Jul 30 07:17:53 [pdns_recursor] Calling daemonize, going to background Jul 30 07:17:53 [pdns_recursor] Enabled 'epoll' multiplexer Jul 30 10:17:53 [pdns_recursor] Set effective group id to 65534 Jul 30 10:17:53 [pdns_recursor] Set effective user id to 65534 Jul 30 10:18:01 [pdns_recursor] Refreshed . records Regards, Marlon ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Use recursor to block phishing
On Mon, Jul 28, 2008 at 10:39:04PM -0300, sysadmin wrote: Regular zonefile format, with the exception of wildcards. I setup recursor to load zone file as follow * IN A 127.0.0.1 A * is a wildcard - which sadly does not work yet in the powerdns recursor auth server. However.. arwen powerdns # cat zone.malware zone zonadelafrontera.cl in { type master ; file malware ; } ; This should simply be: zonadelafrontera.cl=malware Which should blank out the domain just fine. Bert -- http://www.PowerDNS.com Open source, database driven DNS Software http://netherlabs.nl Open and Closed source services ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Use recursor to block phishing
This should simply be: zonadelafrontera.cl=malware this format doesn't work too, the result still the same: arwen powerdns # dig query zonadelafrontera.cl +short 164.77.228.194 Should I change the format of malware file ? Do not use the wildcard * ? Regards, Marlon ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Use recursor to block phishing
On Tue, Jul 29, 2008 at 07:30:13AM -0300, sysadmin wrote: This should simply be: zonadelafrontera.cl=malware this format doesn't work too, the result still the same: Marlon, Please show your entire recursor configuration - I wonder if your file is actually being loaded! Bert -- http://www.PowerDNS.com Open source, database driven DNS Software http://netherlabs.nl Open and Closed source services ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Use recursor to block phishing
Hi, Regular zonefile format, with the exception of wildcards. Bert I setup recursor to load zone file as follow recursor.conf: auth-zones=malware=/etc/powerdns/malware arwen powerdns # cat malware $TTL900 @ IN SOA zone.malware. hostmaster.zone.malware. ( 2006102601 10800 3600 604800 86400 ) * IN A 127.0.0.1 arwen powerdns # cat zone.malware zone zonadelafrontera.cl in { type master ; file malware ; } ; but doesn't worked, when I do arwen powerdns # dig query zonadelafrontera.cl +short 164.77.228.194 ...should be resolved as 127.0.0.1, right ? Regards, Marlon ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Use recursor to block phishing
You can use my NoMoreAds for that. http://www.fredan.org/os/ Hi, How I create a zone on recursor to block phishing sites ? eg.: point the phishing.com domain to my loopback interface 127.0.0.1 zone file exemple a1964.g.akamai.net. 127.0.0.1 abakos.com.es.127.0.0.1 abisource.com.127.0.0.1 abrarsignage.com. 127.0.0.1 absi2008.netfirms.com.127.0.0.1 abssair.no.sapo.pt. 127.0.0.1 academico.cefetpi.br. 127.0.0.1 acces-direct.net. 127.0.0.1 acceso.masminutos.com.127.0.0.1 acecoti.com.ar. 127.0.0.1 ad.uu500.com. 127.0.0.1 -- //fredan ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Use recursor to block phishing
On Fri, Jul 25, 2008 at 09:47:56AM -0300, Marlon wrote: How I create a zone on recursor to block phishing sites ? The other solution that was emailed works as well, but in addition, you can use the 'auth-zones' in the configuration file to point these domains to a zone containing nothing but a 127.0.0.1 record. Good luck! eg.: point the phishing.com domain to my loopback interface 127.0.0.1 zone file exemple a1964.g.akamai.net. 127.0.0.1 abakos.com.es.127.0.0.1 abisource.com.127.0.0.1 abrarsignage.com. 127.0.0.1 absi2008.netfirms.com.127.0.0.1 abssair.no.sapo.pt. 127.0.0.1 academico.cefetpi.br. 127.0.0.1 acces-direct.net. 127.0.0.1 acceso.masminutos.com.127.0.0.1 acecoti.com.ar. 127.0.0.1 ad.uu500.com. 127.0.0.1 ... regards, Marlon ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users !DSPAM:4889cc4944895702515455! -- http://www.PowerDNS.com Open source, database driven DNS Software http://netherlabs.nl Open and Closed source services ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Use recursor to block phishing
([EMAIL PROTECTED]) References: [EMAIL PROTECTED] ([EMAIL PROTECTED]) Message-ID: [EMAIL PROTECTED] X-Sender: [EMAIL PROTECTED] User-Agent: RoundCube Webmail/0.1-rc1 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Thank you Fredrik, I will try NoMoreAds. On Fri, 25 Jul 2008 14:56:53 +0200, fredrik danerklint [EMAIL PROTECTED] wrote: You can use my NoMoreAds for that. http://www.fredan.org/os/ Hi, How I create a zone on recursor to block phishing sites ? eg.: point the phishing.com domain to my loopback interface 127.0.0.1 zone file exemple a1964.g.akamai.net. 127.0.0.1 abakos.com.es. 127.0.0.1 abisource.com. 127.0.0.1 abrarsignage.com.127.0.0.1 absi2008.netfirms.com. 127.0.0.1 abssair.no.sapo.pt. 127.0.0.1 academico.cefetpi.br.127.0.0.1 acces-direct.net.127.0.0.1 acceso.masminutos.com. 127.0.0.1 acecoti.com.ar. 127.0.0.1 ad.uu500.com.127.0.0.1 -- //fredan ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Use recursor to block phishing
([EMAIL PROTECTED]) References: [EMAIL PROTECTED] ([EMAIL PROTECTED]) Message-ID: [EMAIL PROTECTED] X-Sender: [EMAIL PROTECTED] User-Agent: RoundCube Webmail/0.1-rc1 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Hi Bert, The other solution that was emailed works as well, but in addition, you can use the 'auth-zones' in the configuration file to point these domains to a zone containing nothing but a 127.0.0.1 record. Sorry for the newbie question, but what is the format of zone file that recursor accept ? I couldn´t find an example on doc.powerdns.com website Regards, Marlon ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Use recursor to block phishing
On Fri, Jul 25, 2008 at 01:14:33PM -0300, Marlon wrote: Sorry for the newbie question, but what is the format of zone file that recursor accept ? Regular zonefile format, with the exception of wildcards. Bert -- http://www.PowerDNS.com Open source, database driven DNS Software http://netherlabs.nl Open and Closed source services ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users