Posts Tagged ‘blacklist’

Set up a DNS blacklist using ISC bind

In Uncategorized on January 19, 2010 at 2:47 pm

Here’s how I created a DNS blacklist using bind 9.3.4. I used 1 and 2 as resources.

Set up the blackhole IP address

I didn’t want to redirect everyone to or some invalid address. I wanted to display some message that the domain in question had been blacklisted.

So, I set up an Apache config file:

    AliasMatch "^/(.*)" "/var/www/blocked/blocked.cgi"
<Directory "/var/www/blocked">
    Options +ExecCGI
    AllowOverride None
    Order allow,deny
    Allow from all

The CGI file is rather simple. It outputs a message saying that the URL you’re trying to access has been blocked.

Set up bind

At the end of named.conf, I included two files:

// blocked due to local policy
include "/etc/blocked-local.conf";

// wget -O blocked-malware.conf ''
// sed -i 's,,zones/blocked,' blocked-malware.conf
include "/etc/blocked-malware.conf";

Each file has lines of the form:

zone "" { type master; notify no; file "zones/blocked"; };

The file zones/blocked looks like:

$TTL 600        ; 10 minutes
@                       SOA (
                                42         ; serial
                                900        ; refresh (15 minutes)
                                60         ; retry (1 minute)
                                604800     ; expire (1 week)
                                43200      ; minimum (12 hours)
                        MX      1
$TTL 302400     ; 3 days 12 hours
@               IN      A
*               IN      A