Blocking ads by DNS using BIND

Something i have recently setup on my home network is the ability to blacklist domains and ads by DNS. Instead of giving the correct address for the requested ad, my DNS server points the domain name to an internal server hosting a 1x1 pixel gif. This also reduces bandwidth used.

This is all assuming you run your own DNS server on your network.

Heres how to configure BIND


# Download the "pixelserv" script.  This is a really basic webserver written in perl which will provide the 1x1 gif.

You can get it HERE *Note, its hosted on sourceforge.

# You need to make a couple of changes. First, take the .txt off the end of it. Also, change the IP address in the "LocalHost" Sections, from 0.0.0.0 to the IP of the host you are running this on. (im running it directly on my DNS server) Finally, you need to make the script executable, with the following:

[root@dns1 ~]# chmod +x pixelserv.pl

#Next you need to start the script. I've opted to run it in a screen session

[root@dns1 ~]# screen ./pixelserv.pl

#Now we need to get the actual blocklist. Im using the following list from pgl.yoyo.org

[root@dns1 ~]# sudo wget -O /var/named/ad-blacklist 'http://pgl.yoyo.org/adservers/serverlist.php?hostformat=bindconfig&showintro=0&mimetype=plaintext'

#Next we need to tell BIND to include this list.

[root@dns1 ~]# vim /etc/named.conf

#Add in the following:

include "/var/named/ad-blacklist;


# Now we need to setup a zone file for all the ad addresses we are going to block.

[root@dns1 ~]#vim /var/named/null.zone.file  #Add the following.

$TTL    86400   ; one day

@ IN SOA nds.example.com. hostmaster.example.com. (
2002061000 ; serial number YYMMDDNN
28800 ; refresh 8 hours
7200 ; retry 2 hours
864000 ; expire 10 days
86400 ) ; min ttl 1 day
NS nds.example.com

A 192.168.1.100

@ IN A 192.168.1.100
* IN A 192.168.1.100



# Dont forget to change the ip's to your host running pixelserv.

# Now all you need to do is reload bind, though i prefer to restart it.

[root@dns1 ~]# service named restart

Using FreeIPA to authenticate OpenVPN users on pfSense

I have been fiddling with multiple different authentication methods to centralise the authentication across all my devices and services. ...… Continue reading

Zen Internet, IPv6 and pfsense

Published on February 19, 2017

Basic Telegraf, InfluxDB and Grafana setup

Published on January 26, 2017