Help with BIND DNS for Content Blocking

[person287]

Hi,
For the LAN I want to redirect blocked domains to a block page on my local server, on a local IP of 192.168.1.104. I've got the server (Apache) setup to handle wildcard requests so that they go to the block page, but I'm a bit lost as to what to do with the DNS. Currently in 'named.conf' I've got at the bottom the domains I want block, so for example

zone "blockeddomain.com" in { type master ; file "block.bind" ; } ;

which I'm pretty sure is fine since it's blocking it, but as for the 'block.bind' file I'm not really sure what to do in regard to wildcards. Currently it's like this;

@ IN SOA ( ns1.domain.com. hostmaster.domain.com.
           1 10800 3600 86400 21600 )
  IN NS  ns1.domain.com.

*	IN	A	192.168.1.104

But I know that's wrong. Anybody have any ideas?
Thanks

 

[Noway2]

Welcome to Tek-Tips

Just a word of caution, blocking domains by creating a zone file for them tends to become unwieldy and if you have too many of them will create a memory hog that will ultimately cause Bind to crash. Instead I might suggest looking into a proxy application like Squid (Linux) or Bluecoat (windows).

The DNS approach also has the problem of being easily subverted. Simply go to the site without requiring name resolution or obfuscate the IP by using hex codes for example. If you have IP addresses or IP ranges that you don't want to be accessed, you likely want to cut them off at the firewall or switch level.

 

[person287]

Thanks. I've set up Polipo on my Ubuntu Box and I've got them to block domains/ips, but the page is just a generic Forbidden thing. How could I go about editing that?