Building an Ubuntu Router Part 6 - DNS PRZ / Block Bad Sites

Publicado en diciembre 3, 2018

PRZ BLOCK Bad sites.

Configure BIND

1	sudo nano /etc/bind/named.conf.options

Within the options { ... } add new response policy:

1
2
3

response-policy {
	zone "rpz.example.com";
};

At the end of the same file named.conf.options add the rpz zone.

// Bad sites
zone "rpz.badsites.com" {
	type master;
	file "/etc/bind/db.rpz.badsites.com";
	allow-query { none; };
};

Create a zone file for the zone.

1	sudo nano /etc/bind/db.rpz.badsites.com

Add the following content to the zone.

1 2	@ 3600 IN SOA @ admin.badsites.com. 0 86400 7200 2592000 86400 @ 3600 IN NS ns.badsites.com.

Get a list of bad sites with this tool bind-adblock

This tool require python3

1 2	sudo apt-get install python3-pip -y pip3 install dnspython requests

If you can not find python3, edit sources.list and add universe to the end of each source.

1	sudo nano /etc/apt/sources.list

Clone the tool and generate the list of bad sites.

git clone --depth=1 https://github.com/Trellmor/bind-adblock.git

cd bind-adblock/

sudo ./update-zonefile.py /etc/bind/db.rpz.badsites.com rpz.badsites.com

Domains of advertising, malware, tracking … will be blocked, except YouTube advertising.