From owner-freebsd-questions@FreeBSD.ORG Thu Dec 27 20:46:18 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 459A916A419 for ; Thu, 27 Dec 2007 20:46:18 +0000 (UTC) (envelope-from mkhitrov@gmail.com) Received: from rv-out-0910.google.com (rv-out-0910.google.com [209.85.198.190]) by mx1.freebsd.org (Postfix) with ESMTP id 281D513C455 for ; Thu, 27 Dec 2007 20:46:18 +0000 (UTC) (envelope-from mkhitrov@gmail.com) Received: by rv-out-0910.google.com with SMTP id l15so3557075rvb.43 for ; Thu, 27 Dec 2007 12:46:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; bh=TsO71+7rzQRJ4PvoxfrNBXZb27CP+UnlWTbCkYvYPvM=; b=laKeayLYhi72zlBdGtDnjGxL5dA4PdRadL+A2g7zbcuhJls0gVbRFsDdSPyUD5re17ed4phYdswNtanB2hQI8o+wrddCY1MdzmB7YtaX8qrVDWdPPqSb3L3xyc43iRieYHog4G4sJFw0Enc1V5yhs1EaAMzQ7n/T7kOOvbYqzwo= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=UQx1ECEAPCUdfDR03sZhy0JOldDmwtS1+xHcq7UDyqznSRyy6SAXhFEhE5FIgp/dcwL2PBT+aK/WurMRr4OMZuhj+jjJQUGBJyc3zSpHXWfuLf7FE8NVyfQmeDuNXkjqOAovRXbLAbv16yBQykNBd+Rq4JWQmJNVGNUU0sXBRz4= Received: by 10.142.142.16 with SMTP id p16mr2721643wfd.119.1198788376977; Thu, 27 Dec 2007 12:46:16 -0800 (PST) Received: by 10.142.242.11 with HTTP; Thu, 27 Dec 2007 12:46:16 -0800 (PST) Message-ID: <26ddd1750712271246j14795cf3wf8e9727f0f7cc148@mail.gmail.com> Date: Thu, 27 Dec 2007 15:46:16 -0500 From: "Maxim Khitrov" To: "User Questions" MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Content-Disposition: inline Subject: Blocking undesirable domains using BIND X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Dec 2007 20:46:18 -0000 Hello, I'm currently setting up a new firewall for my home network using FreeBSD 7. The firewall will also act as our local name server (authoritative for the local domain, and caching for everything else). One of the things I'd like to do with it is use BIND to block various undesirable domains (ad servers, malicious sites, etc.). The plan is to have a separate BIND config file which is included in the main one. In that file I map all the blocked domains to either the empty zone or perhaps my local web server that's just serving a blank page for any request. Haven't decided which way is better yet. This file is updated periodically (once a week maybe) and BIND is then told to reload the config. That's the plan as it stands now, eventually I hope to add a web interface to the system for adding and removing blocked domains. My question for you guys is if know any _reliable_ sources for getting that list of domains in the first place? I currently use the hosts file on all my machines, which is about 2MB in size and hasn't been updated in several years. I'll definitely import all of those entries myself, but it would be good if I could periodically pull an updated list from somewhere else. The following site has a pretty decent collection of ad servers, though it's a bit short compared to what I already have: http://pgl.yoyo.org/adservers/. It even provides the list in a BIND format, meaning that I don't need to do any additional processing with it. Just fetch the page and reload BIND. This, however, is not one of my requirements. I'm perfectly happy getting just a list of the domains (in any format), and then processing them into a BIND config file myself. Just need good sources. What are your recommendations? - Max