Blocking undesirable domains using BIND

Rob bitabyss at
Fri Dec 28 08:28:51 PST 2007

Kevin Kinsey wrote:
> Just a question, and I'm not trying to cast doubt on your plan; I'm 
> curious why using BIND for this purpose instead of a proxy, which is
> a more typical application as I understand it?

I was trying to do something similar.  I didn't research too hard, but figured the only way to use Bind would be to make my server authoritative for all those domains, which meant a huge config file and potential overhead, as well as 
possibly breaking access to desirable servers in the domains.

So hosts seemed easier, but apparently Bind never looks at hosts.  I did find that Squid (which I already had installed and in limited use) has its own DNS resolver, and it does look at hosts first before going to the nameserver.

Then I found this site: and put their list in hosts, and now client PCs get a squid error in place of ad junk.  Works ok for me ;)


More information about the freebsd-questions mailing list