From owner-freebsd-questions@FreeBSD.ORG Thu Dec 27 21:27:06 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3CFA716A418 for ; Thu, 27 Dec 2007 21:27:06 +0000 (UTC) (envelope-from schiz0phrenic21@gmail.com) Received: from wa-out-1112.google.com (wa-out-1112.google.com [209.85.146.179]) by mx1.freebsd.org (Postfix) with ESMTP id 1E45D13C45D for ; Thu, 27 Dec 2007 21:27:06 +0000 (UTC) (envelope-from schiz0phrenic21@gmail.com) Received: by wa-out-1112.google.com with SMTP id k17so5309411waf.3 for ; Thu, 27 Dec 2007 13:27:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=OOxDi2nVjC3wzNwSYHCHG7T98iMx3Kd3wurr5mBIMno=; b=weQAeEt4a5DJ7z9ulkF0fnowgKm9fF631JWoQSvsGSdBFby24eN8VgFqGASa2uAHIeTlTUDzaywfTZLa6XDIQjmdIgKP2u+dePZNtUJTJoM/PFKlwCVzHsYBlwi/veLBopiABvnGuLFFi3E3Dnur7vwpQlJYy6609HPg5IHcJL0= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=O3RIFuM9+sivAxAoNVnsaVXvtocWs015jsl3ZUWi7l2ffwE6gWLmF+gL+U3zFllffxAYLDh6hqAiacfOJsKTAlD8xMs6J2MkOphgrVvOPXftji+8n7LXz/xRDf08N6KirDwp0HKe8A6aAmYI4DgNj/HAD9LXp2xBNrFGOJuL37M= Received: by 10.115.75.1 with SMTP id c1mr8225484wal.84.1198790825368; Thu, 27 Dec 2007 13:27:05 -0800 (PST) Received: by 10.114.52.14 with HTTP; Thu, 27 Dec 2007 13:27:05 -0800 (PST) Message-ID: <8d23ec860712271327g6859748evc09d25ab78fdfbf1@mail.gmail.com> Date: Thu, 27 Dec 2007 16:27:05 -0500 From: Schiz0 To: "Maxim Khitrov" In-Reply-To: <26ddd1750712271246j14795cf3wf8e9727f0f7cc148@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <26ddd1750712271246j14795cf3wf8e9727f0f7cc148@mail.gmail.com> Cc: User Questions Subject: Re: Blocking undesirable domains using BIND X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Dec 2007 21:27:06 -0000 On Dec 27, 2007 3:46 PM, Maxim Khitrov wrote: > Hello, > > I'm currently setting up a new firewall for my home network using > FreeBSD 7. The firewall will also act as our local name server > (authoritative for the local domain, and caching for everything else). > One of the things I'd like to do with it is use BIND to block various > undesirable domains (ad servers, malicious sites, etc.). The plan is > to have a separate BIND config file which is included in the main one. > In that file I map all the blocked domains to either the empty zone or > perhaps my local web server that's just serving a blank page for any > request. Haven't decided which way is better yet. This file is updated > periodically (once a week maybe) and BIND is then told to reload the > config. That's the plan as it stands now, eventually I hope to add a > web interface to the system for adding and removing blocked domains. > > My question for you guys is if know any _reliable_ sources for getting > that list of domains in the first place? I currently use the hosts > file on all my machines, which is about 2MB in size and hasn't been > updated in several years. I'll definitely import all of those entries > myself, but it would be good if I could periodically pull an updated > list from somewhere else. The following site has a pretty decent > collection of ad servers, though it's a bit short compared to what I > already have: http://pgl.yoyo.org/adservers/. It even provides the > list in a BIND format, meaning that I don't need to do any additional > processing with it. Just fetch the page and reload BIND. This, > however, is not one of my requirements. I'm perfectly happy getting > just a list of the domains (in any format), and then processing them > into a BIND config file myself. Just need good sources. What are your > recommendations? > > - Max > _______________________________________________ You could always try one of those ad-blocking databases for firefox. The Ad-Block Plus plugin, I was thinking of specifically. http://easylist.adblockplus.org You could grab that file, then parse it and grab the domains out of it to block. I know this isn't what you want, but it may come in useful anyway: http://www.okean.com/asianspamblocks.html