Rick Coloccia<[email protected]> wrote:
add this line to /etc/named.confinclude "locallyblockeddomains.zones"; contents of locallyblockeddomains.zones: // This bind zone is intended to be included in a running dns server f a local net // // It will return a 127.0.0.1 for the domains listed as malware // // This is for locally determined domains we want blocked // // zone "r.im" {type master; file "/etc/namedb/blockeddomain.hosts";}; <snipped many more out> zone "emailupgrader.clan.su" {type master;file "/etc/named/blockeddomain.hosts";}; this is the /etc/namedb/blockeddomain.hosts file: $TTL 86400 ; one day @ IN SOA ns1.geneseo.edu coloccia.geneseo.edu ( 2007112601 ; serial 28800 ; refresh 8 hours 7200 ; retry 2 hours 864000 ; expire 10 days 86400 ) ; min ttl 1 day IN NS ns1.geneseo.edu. A 127.0.0.1 * IN A 127.0.0.1 * IN AAAA ::1 ; This zone will kill all traffic to a listed domain Done. Add domains you want blocked to the locallyblockeddomains.zones file.
In my previous job, the cyber-security created a list of domains from various sources. They tested the file on a test BIND server before loading the file into the AFS shared file system. I had a cron on my DNS servers that ran every 10 minutes that checked for a new file, and if it saw one, it copied the file to the local disk and ran "rndc" to reload the new config file. --Barry Finkel _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/bind-users
