Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/mueller-ma/block-ads-via-dns
Block ads and malware via local DNS server
https://github.com/mueller-ma/block-ads-via-dns
debian-server dns-server malware
Last synced: 2 days ago
JSON representation
Block ads and malware via local DNS server
- Host: GitHub
- URL: https://github.com/mueller-ma/block-ads-via-dns
- Owner: mueller-ma
- License: gpl-3.0
- Created: 2017-02-17T15:24:06.000Z (over 7 years ago)
- Default Branch: master
- Last Pushed: 2022-10-29T09:13:38.000Z (about 2 years ago)
- Last Synced: 2024-08-02T13:35:37.381Z (3 months ago)
- Topics: debian-server, dns-server, malware
- Language: Shell
- Size: 20.5 KB
- Stars: 78
- Watchers: 10
- Forks: 17
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Block ads and malware via local DNS server
# Installation
## Debian, Raspbian & Ubuntu
- Install DNS Server: `sudo apt install bind9`
- Go to the bind directory: `cd /etc/bind/`
- Add this to /etc/bind/named.conf: `include "/etc/bind/named.conf.blocked";`
- Create db.blocked and add this (taken from [here](http://www.deer-run.com/~hal/sysadmin/dns-advert.html)):
````
$TTL 24h
@ IN SOA server.yourdomain.com. hostmaster.yourdomain.com. (
2003052800 86400 300 604800 3600 )
@ IN NS server.yourdomain.com.
@ IN A 0.0.0.0
* IN A 0.0.0.0
````
- Your /etc/bind/named.conf.options should look like this:
````
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
forwarders {
8.8.8.8;
8.8.4.4;
};
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
check-names master ignore;
check-names slave ignore;
check-names response ignore;
};
````
- Replace the forwarders entries with other dns server if you do not want to use Google DNS
- cd to your home directory `cd ~`
- Download generate-zonefile.sh `wget https://raw.githubusercontent.com/mueller-ma/block-ads-via-dns/master/generate-zonefile.sh`
- Make it executable `chmod +x generate-zonefile.sh`
- Run generate-zonefile.sh `./generate-zonefile.sh`
## Router / DHCP Server
- Give your Debian server a static IP
- Change DNS Server in the DHCP settings to the IP of your Debian Server. If you are asked for a second DNS server enter the same IP twice.
## Optional
- Add local blacklist and whitelist
- Create cronjob
- Change the URL to StevenBlack GitHub Hosts in `generate-zonefile.sh`
# Limitations
- The db.blocked will cause some errors on bind start