Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
I finally got fed up with seeing "waiting for ad.doubleclick.net" or the like at the bottom of my browser window: I've noticed this month that a lot of the adware sites seem to have sluggish performance. So even if you have one of those snazzy 6-megabit cable modem connections, you're still crawling along at 256K DSL performance so much of the time. I did a little searching and came up with a solution that works for all the PCs in my household (be they Linux or Windows or whatever). Thought I'd share it with y'all and invite comments; thought I got ideas for this via Google, I didn't find an exact match for what I wanted to accomplish, despite how widely useful this technique is. If you're not running a local DNS (BIND 9), you can set one up easily enough by setting up a named.conf file with the lines I've included below. (References to files like named.root and db.127 I'll leave as an exercise for the reader.) My strategy to block adware is to create a local DNS zone for each nefarious domain, pointing it (and all subdomains) at the loopback address 127.0.0.1. That will block sites at the local PC: your browser will not generate ANY network traffic to those sites, and therefore won't hang around waiting for some sluggish banner server to come up. I don't yet have a strategy for maintaining the list of domains that need to be blocked, though; that's where I could use suggestions. -rich ---- /etc/named.conf // ACL defining list of legitimate user IP's on local LAN // We use this to prevent anyone from hacking our DNS from outside // regardless of firewall configuration acl lan-users { 127.0.0.1; 192.168.2.1; 192.168.2.2; 192.168.2.3; }; options { directory "/etc/named.dir"; transfer-format one-answer; allow-query { lan-users; }; }; acl can_query { any; }; zone "." { type hint; file "named.root"; }; zone "2.168.192.in-addr.arpa" { type master; file "db.192.168.2"; allow-query { lan-users; }; allow-transfer { lan-users; }; }; zone "127.in-addr.arpa" { type master; file "db.127"; allow-query { lan-users; }; allow-transfer { lan-users; }; }; include "blocked-zones.conf"; ---- /etc/named.dir/blocked-zones.conf // Zones we want to block for browsing performance reasons // $Id: blocked-zones.conf,v 1.1 2005/10/03 01:04:23 richb Exp richb $ zone "advertising.com" { type master; file "dummy-block"; allow-query { lan-users; }; }; zone "ar.atwola.com" { type master; file "dummy-block"; allow-query { lan-users; }; }; zone "ad.doubleclick.net" { type master; file "dummy-block"; allow-query { lan-users; }; }; zone "ad.doubleclick.com" { type master; file "dummy-block"; allow-query { lan-users; }; }; zone "www.activesearch.com" { type master; file "dummy-block"; allow-query { lan-users; }; }; zone "www.actualnames.com" { type master; file "dummy-block"; allow-query { lan-users; }; }; zone "www.ad-up.com" { type master; file "dummy-block"; allow-query { lan-users; }; }; zone "www.adminder.com" { type master; file "dummy-block"; allow-query { lan-users; }; }; zone "adwords.google.com" { type master; file "dummy-block"; allow-query { lan-users; }; }; zone "hitbox.com" { type master; file "dummy-block"; allow-query { lan-users; }; }; ---- /etc/named.dir/dummy-block ; $Id: dummy-block,v 1.1 2005/10/03 01:04:53 richb Exp $ ; $TTL 24h ; Change the SOA record to match your server name and admin address @ IN SOA envoy.ci.net. admin.pioneer.ci.net. ( 2005100200 86400 300 604800 3600 ) @ IN NS envoy-e0.ci.net. @ IN A 127.0.0.1 * IN A 127.0.0.1
BLU is a member of BostonUserGroups | |
We also thank MIT for the use of their facilities. |