Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Browser performance -- blocking adware in DNS



How does this solution affect websites that require the doubleclick  
cookies or whatever to function properly? Some websites refuse to  
work unless you have their ad provider's cookies.

-Josh

On Oct 3, 2005, at 12:53 PM, Rich Braun wrote:

> I finally got fed up with seeing "waiting for ad.doubleclick.net"  
> or the like
> at the bottom of my browser window:  I've noticed this month that a  
> lot of the
> adware sites seem to have sluggish performance.  So even if you  
> have one of
> those snazzy 6-megabit cable modem connections, you're still  
> crawling along at
> 256K DSL performance so much of the time.
>
> I did a little searching and came up with a solution that works for  
> all the
> PCs in my household (be they Linux or Windows or whatever).   
> Thought I'd share
> it with y'all and invite comments; thought I got ideas for this via  
> Google, I
> didn't find an exact match for what I wanted to accomplish, despite  
> how widely
> useful this technique is.
>
> If you're not running a local DNS (BIND 9), you can set one up  
> easily enough
> by setting up a named.conf file with the lines I've included below.
> (References to files like named.root and db.127 I'll leave as an  
> exercise for
> the reader.)
>
> My strategy to block adware is to create a local DNS zone for each  
> nefarious
> domain, pointing it (and all subdomains) at the loopback address  
> 127.0.0.1.
> That will block sites at the local PC:  your browser will not  
> generate ANY
> network traffic to those sites, and therefore won't hang around  
> waiting for
> some sluggish banner server to come up.
>
> I don't yet have a strategy for maintaining the list of domains  
> that need to
> be blocked, though; that's where I could use suggestions.
>
> -rich
>
> ---- /etc/named.conf
> // ACL defining list of legitimate user IP's on local LAN
> // We use this to prevent anyone from hacking our DNS from outside
> // regardless of firewall configuration
> acl lan-users { 127.0.0.1; 192.168.2.1; 192.168.2.2; 192.168.2.3; };
> options {
>         directory "/etc/named.dir";
>         transfer-format one-answer;
>         allow-query { lan-users; };
> };
> acl can_query { any; };
>
> zone "." {
>         type hint;
>         file "named.root";
> };
>
> zone "2.168.192.in-addr.arpa" {
>         type master;
>         file "db.192.168.2";
>         allow-query { lan-users; };
>         allow-transfer { lan-users; };
> };
> zone "127.in-addr.arpa" {
>         type master;
>         file "db.127";
>         allow-query { lan-users; };
>         allow-transfer { lan-users; };
> };
> include "blocked-zones.conf";
>
>
> ---- /etc/named.dir/blocked-zones.conf
> // Zones we want to block for browsing performance reasons
> // $Id: blocked-zones.conf,v 1.1 2005/10/03 01:04:23 richb Exp richb $
>
> zone "advertising.com" { type master; file "dummy-block";
>      allow-query { lan-users; }; };
> zone "ar.atwola.com" { type master; file "dummy-block";
>      allow-query { lan-users; }; };
> zone "ad.doubleclick.net" { type master; file "dummy-block";
>      allow-query { lan-users; }; };
> zone "ad.doubleclick.com" { type master; file "dummy-block";
>      allow-query { lan-users; }; };
> zone "www.activesearch.com" { type master; file "dummy-block";
>      allow-query { lan-users; }; };
> zone "www.actualnames.com" { type master; file "dummy-block";
>      allow-query { lan-users; }; };
> zone "www.ad-up.com" { type master; file "dummy-block";
>      allow-query { lan-users; }; };
> zone "www.adminder.com" { type master; file "dummy-block";
>      allow-query { lan-users; }; };
> zone "adwords.google.com" { type master; file "dummy-block";
>      allow-query { lan-users; }; };
> zone "hitbox.com" { type master; file "dummy-block";
>      allow-query { lan-users; }; };
>
>
> ---- /etc/named.dir/dummy-block
> ; $Id: dummy-block,v 1.1 2005/10/03 01:04:53 richb Exp $
>
> ; $TTL 24h
>
> ; Change the SOA record to match your server name and admin address
> @       IN SOA envoy.ci.net. admin.pioneer.ci.net. (
>                   2005100200  86400  300  604800  3600 )
>
> @       IN      NS   envoy-e0.ci.net.
> @       IN      A    127.0.0.1
> *       IN      A    127.0.0.1
>
> _______________________________________________
> Discuss mailing list
> Discuss at blu.org
> http://olduvai.blu.org/mailman/listinfo/discuss
>





BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org