Blocking undesirable domains using BIND

Darren Spruell phatbuckett at
Thu Dec 27 13:38:46 PST 2007

On Dec 27, 2007 1:46 PM, Maxim Khitrov <mkhitrov at> wrote:
> Hello,
> I'm currently setting up a new firewall for my home network using
> FreeBSD 7. The firewall will also act as our local name server
> (authoritative for the local domain, and caching for everything else).
> One of the things I'd like to do with it is use BIND to block various
> undesirable domains (ad servers, malicious sites, etc.). The plan is
> to have a separate BIND config file which is included in the main one.
> In that file I map all the blocked domains to either the empty zone or
> perhaps my local web server that's just serving a blank page for any
> request. Haven't decided which way is better yet. This file is updated
> periodically (once a week maybe) and BIND is then told to reload the
> config. That's the plan as it stands now, eventually I hope to add a
> web interface to the system for adding and removing blocked domains.
> My question for you guys is if know any _reliable_ sources for getting
> that list of domains in the first place? I currently use the hosts
> file on all my machines, which is about 2MB in size and hasn't been
> updated in several years. I'll definitely import all of those entries
> myself, but it would be good if I could periodically pull an updated
> list from somewhere else. The following site has a pretty decent
> collection of ad servers, though it's a bit short compared to what I
> already have: It even provides the
> list in a BIND format, meaning that I don't need to do any additional
> processing with it. Just fetch the page and reload BIND. This,
> however, is not one of my requirements. I'm perfectly happy getting
> just a list of the domains (in any format), and then processing them
> into a BIND config file myself. Just need good sources. What are your
> recommendations?

Look into the Blackhole-DNS project, formerly one of the
BleedingThreats projects hosted at

This project tracks many hostile domains and produces BIND format
files for this very purpose. It's not a great resource for ad
blocking, as it focuses mainly on security threats (spyware, other
malware, etc.)

Since there has been some shuffling and reorganization happening
around the BleedingThreats project, it's in a state of flux right now.
The current home of the DNS-BH project is at

Darren Spruell
phatbuckett at

More information about the freebsd-questions mailing list