Browser performance -- blocking adware in DNS

[richb at pioneer.ci.net (Rich Braun)]

I finally got fed up with seeing "waiting for ad.doubleclick.net" or the like
at the bottom of my browser window:  I've noticed this month that a lot of the
adware sites seem to have sluggish performance.  So even if you have one of
those snazzy 6-megabit cable modem connections, you're still crawling along at
256K DSL performance so much of the time.

I did a little searching and came up with a solution that works for all the
PCs in my household (be they Linux or Windows or whatever).  Thought I'd share
it with y'all and invite comments; thought I got ideas for this via Google, I
didn't find an exact match for what I wanted to accomplish, despite how widely
useful this technique is.

If you're not running a local DNS (BIND 9), you can set one up easily enough
by setting up a named.conf file with the lines I've included below. 
(References to files like named.root and db.127 I'll leave as an exercise for
the reader.)

My strategy to block adware is to create a local DNS zone for each nefarious
domain, pointing it (and all subdomains) at the loopback address 127.0.0.1. 
That will block sites at the local PC:  your browser will not generate ANY
network traffic to those sites, and therefore won't hang around waiting for
some sluggish banner server to come up.

I don't yet have a strategy for maintaining the list of domains that need to
be blocked, though; that's where I could use suggestions.

-rich

---- /etc/named.conf
// ACL defining list of legitimate user IP's on local LAN
// We use this to prevent anyone from hacking our DNS from outside
// regardless of firewall configuration
acl lan-users { 127.0.0.1; 192.168.2.1; 192.168.2.2; 192.168.2.3; };
options {
        directory "/etc/named.dir";
        transfer-format one-answer;
        allow-query { lan-users; };
};
acl can_query { any; };

zone "." {
        type hint;
        file "named.root";
};

zone "2.168.192.in-addr.arpa" {
        type master;
        file "db.192.168.2";
        allow-query { lan-users; };
        allow-transfer { lan-users; };
};
zone "127.in-addr.arpa" {
        type master;
        file "db.127";
        allow-query { lan-users; };
        allow-transfer { lan-users; };
};
include "blocked-zones.conf";


---- /etc/named.dir/blocked-zones.conf
// Zones we want to block for browsing performance reasons
// $Id: blocked-zones.conf,v 1.1 2005/10/03 01:04:23 richb Exp richb $

zone "advertising.com" { type master; file "dummy-block";
     allow-query { lan-users; }; };
zone "ar.atwola.com" { type master; file "dummy-block";
     allow-query { lan-users; }; };
zone "ad.doubleclick.net" { type master; file "dummy-block";
     allow-query { lan-users; }; };
zone "ad.doubleclick.com" { type master; file "dummy-block";
     allow-query { lan-users; }; };
zone "www.activesearch.com" { type master; file "dummy-block";
     allow-query { lan-users; }; };
zone "www.actualnames.com" { type master; file "dummy-block";
     allow-query { lan-users; }; };
zone "www.ad-up.com" { type master; file "dummy-block";
     allow-query { lan-users; }; };
zone "www.adminder.com" { type master; file "dummy-block";
     allow-query { lan-users; }; };
zone "adwords.google.com" { type master; file "dummy-block";
     allow-query { lan-users; }; };
zone "hitbox.com" { type master; file "dummy-block";
     allow-query { lan-users; }; };


---- /etc/named.dir/dummy-block
; $Id: dummy-block,v 1.1 2005/10/03 01:04:53 richb Exp $

; $TTL 24h

; Change the SOA record to match your server name and admin address
@       IN SOA envoy.ci.net. admin.pioneer.ci.net. (
                  2005100200  86400  300  604800  3600 )

@       IN      NS   envoy-e0.ci.net.
@       IN      A    127.0.0.1
*       IN      A    127.0.0.1