Blocking ads by DNS using BIND

Something i have recently setup on my home network is the ability to blacklist domains and ads by DNS. Instead of giving the correct address for the requested ad, my DNS server points the domain name to an internal server hosting a 1×1 pixel gif. This also reduces bandwidth used.

This is all assuming you run your own DNS server on your network.

Heres how to configure BIND

Download the “pixelserv” script. This is a really basic webserver written in perl which will provide the 1×1 gif.

You can get it Here Note, its hosted on sourceforge.

You need to make a couple of changes. First, take the .txt off the end of it. Also, change the IP address in the “LocalHost” Sections, from 0.0.0.0 to the IP of the host you are running this on. (im running it directly on my DNS server) Finally, you need to make the script executable, with the following:

[root@dns1 ~]# chmod +x pixelserv.pl

Next you need to start the script. I’ve opted to run it in a screen session

[root@dns1 ~]# screen ./pixelserv.pl

Now we need to get the actual blocklist. Im using the following list from Here

[root@dns1 ~]# sudo wget -O 
/var/named/ad-blacklist 
'http://pgl.yoyo.org/adservers/serverlist.php?hostformat=bindconfig&showintro=0&mimetype=plaintext'

Next we need to tell BIND to include this list.

[root@dns1 ~]# vim /etc/named.conf

Add in the following:

include "/var/named/ad-blacklist;

Now we need to setup a zone file for all the ad addresses we are going to block.

[root@dns1 ~]#vim /var/named/null.zone.file

Add the following.

$TTL    86400   ; one day
@       IN      SOA     nds.example.com. hostmaster.example.com. (
            2002061000       ; serial number YYMMDDNN
            28800   ; refresh  8 hours
            7200    ; retry    2 hours
            864000  ; expire  10 days
            86400 ) ; min ttl  1 day
        NS      nds.example.com
        A       192.168.1.100
@               IN      A       192.168.1.100
*               IN      A       192.168.1.100

Dont forget to change the ip’s to your host running pixelserv.

Now all you need to do is reload bind, though i prefer to restart it.

[root@dns1 ~]# service named restart