From owner-freebsd-questions@FreeBSD.ORG Fri Dec 28 00:16:24 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 045F316A417 for ; Fri, 28 Dec 2007 00:16:24 +0000 (UTC) (envelope-from kdk@daleco.biz) Received: from ezekiel.daleco.biz (southernuniform.com [66.76.92.18]) by mx1.freebsd.org (Postfix) with ESMTP id A679813C4EF for ; Fri, 28 Dec 2007 00:16:23 +0000 (UTC) (envelope-from kdk@daleco.biz) Received: from localhost (localhost [127.0.0.1]) by ezekiel.daleco.biz (8.13.8/8.13.8) with ESMTP id lBS0GLBq037484; Thu, 27 Dec 2007 18:16:21 -0600 (CST) (envelope-from kdk@daleco.biz) X-Virus-Scanned: amavisd-new at daleco.biz Received: from ezekiel.daleco.biz ([127.0.0.1]) by localhost (ezekiel.daleco.biz [127.0.0.1]) (amavisd-new, port 10024) with LMTP id PJ1hszqljQDE; Thu, 27 Dec 2007 18:16:17 -0600 (CST) Received: from archangel.daleco.biz (dsl.daleco.biz [209.125.108.70]) by ezekiel.daleco.biz (8.13.8/8.13.8) with ESMTP id lBS0GDtu037479; Thu, 27 Dec 2007 18:16:14 -0600 (CST) (envelope-from kdk@daleco.biz) Message-ID: <47744048.6020202@daleco.biz> Date: Thu, 27 Dec 2007 18:16:08 -0600 From: Kevin Kinsey User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.8.1.2) Gecko/20070418 SeaMonkey/1.1.1 MIME-Version: 1.0 To: Maxim Khitrov References: <26ddd1750712271246j14795cf3wf8e9727f0f7cc148@mail.gmail.com> In-Reply-To: <26ddd1750712271246j14795cf3wf8e9727f0f7cc148@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: User Questions Subject: Re: Blocking undesirable domains using BIND X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Dec 2007 00:16:24 -0000 Maxim Khitrov wrote: > Hello, > > I'm currently setting up a new firewall for my home network using > FreeBSD 7. The firewall will also act as our local name server > (authoritative for the local domain, and caching for everything else). > One of the things I'd like to do with it is use BIND to block various > undesirable domains (ad servers, malicious sites, etc.). The plan is > to have a separate BIND config file which is included in the main one. Just a question, and I'm not trying to cast doubt on your plan; I'm curious why using BIND for this purpose instead of a proxy, which is a more typical application as I understand it? Again, I'm not trying to convince you otherwise or say that using BIND is a bad idea. It's just that I'm curious because we use Squid for this sort of thing, and I was wondering why BIND instead? Kevin Kinsey > In that file I map all the blocked domains to either the empty zone or > perhaps my local web server that's just serving a blank page for any > request. Haven't decided which way is better yet. This file is updated > periodically (once a week maybe) and BIND is then told to reload the > config. That's the plan as it stands now, eventually I hope to add a > web interface to the system for adding and removing blocked domains. > > My question for you guys is if know any _reliable_ sources for getting > that list of domains in the first place? I currently use the hosts > file on all my machines, which is about 2MB in size and hasn't been > updated in several years. I'll definitely import all of those entries > myself, but it would be good if I could periodically pull an updated > list from somewhere else. The following site has a pretty decent > collection of ad servers, though it's a bit short compared to what I > already have: http://pgl.yoyo.org/adservers/. It even provides the > list in a BIND format, meaning that I don't need to do any additional > processing with it. Just fetch the page and reload BIND. This, > however, is not one of my requirements. I'm perfectly happy getting > just a list of the domains (in any format), and then processing them > into a BIND config file myself. Just need good sources. What are your > recommendations? > > - Max -- QOTD: A child of 5 could understand this! Fetch me a child of 5.