From owner-freebsd-questions@FreeBSD.ORG  Fri Dec 28 16:28:51 2007
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 634E916A420
	for <freebsd-questions@freebsd.org>;
	Fri, 28 Dec 2007 16:28:51 +0000 (UTC)
	(envelope-from bitabyss@gmail.com)
Received: from cartman.xxiii.com (cartman.xxiii.com [208.62.177.45])
	by mx1.freebsd.org (Postfix) with ESMTP id 08B8913C4E5
	for <freebsd-questions@freebsd.org>;
	Fri, 28 Dec 2007 16:28:50 +0000 (UTC)
	(envelope-from bitabyss@gmail.com)
Received: from [172.23.23.190] (lan23.xxiii.com [208.62.177.50])
	by cartman.xxiii.com (8.13.8/8.13.8) with ESMTP id lBSGSnNU013644;
	Fri, 28 Dec 2007 11:28:49 -0500 (EST)
	(envelope-from bitabyss@gmail.com)
Message-ID: <47752446.8090908@gmail.com>
Date: Fri, 28 Dec 2007 11:28:54 -0500
From: Rob <bitabyss@gmail.com>
User-Agent: Thunderbird 1.5.0.14 (Windows/20071210)
MIME-Version: 1.0
To: Maxim Khitrov <mkhitrov@gmail.com>
References: <26ddd1750712271246j14795cf3wf8e9727f0f7cc148@mail.gmail.com>
	<47744048.6020202@daleco.biz>
In-Reply-To: <47744048.6020202@daleco.biz>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: User Questions <freebsd-questions@freebsd.org>
Subject: Re: Blocking undesirable domains using BIND
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Dec 2007 16:28:51 -0000

Kevin Kinsey wrote:
> Just a question, and I'm not trying to cast doubt on your plan; I'm 
> curious why using BIND for this purpose instead of a proxy, which is
> a more typical application as I understand it?

I was trying to do something similar.  I didn't research too hard, but figured the only way to use Bind would be to make my server authoritative for all those domains, which meant a huge config file and potential overhead, as well as 
possibly breaking access to desirable servers in the domains.

So hosts seemed easier, but apparently Bind never looks at hosts.  I did find that Squid (which I already had installed and in limited use) has its own DNS resolver, and it does look at hosts first before going to the nameserver.

Then I found this site:  http://everythingisnt.com/hosts.html and put their list in hosts, and now client PCs get a squid error in place of ad junk.  Works ok for me ;)

  -Rob