Blocking undesirable domains using BIND

Maxim Khitrov mkhitrov at
Thu Dec 27 20:42:26 PST 2007

On Dec 27, 2007 4:27 PM, Schiz0 <schiz0phrenic21 at> wrote:
> On Dec 27, 2007 3:46 PM, Maxim Khitrov <mkhitrov at> wrote:
> > Hello,
> >
> > I'm currently setting up a new firewall for my home network using
> > FreeBSD 7. The firewall will also act as our local name server
> > (authoritative for the local domain, and caching for everything else).
> > One of the things I'd like to do with it is use BIND to block various
> > undesirable domains (ad servers, malicious sites, etc.). The plan is
> > to have a separate BIND config file which is included in the main one.
> > In that file I map all the blocked domains to either the empty zone or
> > perhaps my local web server that's just serving a blank page for any
> > request. Haven't decided which way is better yet. This file is updated
> > periodically (once a week maybe) and BIND is then told to reload the
> > config. That's the plan as it stands now, eventually I hope to add a
> > web interface to the system for adding and removing blocked domains.
> >
> > My question for you guys is if know any _reliable_ sources for getting
> > that list of domains in the first place? I currently use the hosts
> > file on all my machines, which is about 2MB in size and hasn't been
> > updated in several years. I'll definitely import all of those entries
> > myself, but it would be good if I could periodically pull an updated
> > list from somewhere else. The following site has a pretty decent
> > collection of ad servers, though it's a bit short compared to what I
> > already have: It even provides the
> > list in a BIND format, meaning that I don't need to do any additional
> > processing with it. Just fetch the page and reload BIND. This,
> > however, is not one of my requirements. I'm perfectly happy getting
> > just a list of the domains (in any format), and then processing them
> > into a BIND config file myself. Just need good sources. What are your
> > recommendations?
> >
> > - Max
> > _______________________________________________
> You could always try one of those ad-blocking databases for firefox.
> The Ad-Block Plus plugin, I was thinking of specifically.
> You could grab that file, then parse it and grab the domains out of it to block.
> I know this isn't what you want, but it may come in useful anyway:

The problem with adblock is that it uses regular expressions in its
file format. No easy way of pulling out all the domains. That IP block
info will come in handy when setting up pf, so thanks for that.

- Max

More information about the freebsd-questions mailing list