Here’s how I created a DNS blacklist using bind 9.3.4. I used and as resources.
Set up the blackhole IP address
I didn’t want to redirect everyone to 127.0.0.1
or some invalid address. I wanted to display some message that the domain in question had been blacklisted.
So, I set up an Apache config file:
NameVirtualHost 192.168.0.20:80
<VirtualHost 192.168.0.20:80>
ServerName blocked.mydomain.com
AliasMatch "^/(.*)" "/var/www/blocked/blocked.cgi"
</VirtualHost>
<Directory "/var/www/blocked">
Options +ExecCGI
AllowOverride None
Order allow,deny
Allow from all
</Directory>
The CGI file is rather simple. It outputs a message saying that the URL you’re trying to access has been blocked.
Set up bind
At the end of named.conf
, I included two files:
// blocked due to local policy
include "/etc/blocked-local.conf";
// wget -O blocked-malware.conf 'http://www.malware.com.br/cgi/submit?action=list_bind'
// sed -i 's,mbl.zone.file,zones/blocked,' blocked-malware.conf
include "/etc/blocked-malware.conf";
Each file has lines of the form:
zone "a.amg777.com" { type master; notify no; file "zones/blocked"; };
The file zones/blocked
looks like:
$TTL 600 ; 10 minutes
@ SOA server.mydomain.com. root.mydomain.com. (
42 ; serial
900 ; refresh (15 minutes)
60 ; retry (1 minute)
604800 ; expire (1 week)
43200 ; minimum (12 hours)
)
NS server.mydomain.com.
MX 1 server.mydomain.com.
$TTL 302400 ; 3 days 12 hours
@ IN A 192.168.0.20
* IN A 192.168.0.20