Forwarder DNS-BH using malwaredomains.com
-
Here is a way to use the malwaredomains.com DNS blackhole bind file with dnsmasq.
First you need a copy of the bind zone file from malwaredomains. Open the bind file in an editor with search and replace functionality. Remove the comments section from the beginning of the file. Using the search and replace function replace zone " with address=/. Then replace " {type master; file "/etc/namedb/blockeddomain.hosts";}; with /. Save file as spywaredomains.conf or a name of your choice. Upload this file to your pfSense computer and put it into a folder that will not be overwritten or changed on upgrade or reboot.
Next we need to add a line into the Services > DNS Forwarder configuration. Under advanced add conf-file= <file>where <file>is the full path to the file or conf-dir=/path/to/dir,*.conf if you want to use a directory with multiple files. Click save button to save and restart dnsmasq.
Use a DNS lookup tool like host or nslookup and do a test search on a domain in the spywaredomains file. It should reply back with a not found reply. I realize this could be more automated but it works.</file></file>
-
Just an FYI, but you can also do this and more with pfBlockerNG w/ DNSBL…
https://forum.pfsense.org/index.php?topic=102470.0 -
I just use a cron to grab a list
/usr/local/bin/curl -sS -L --compressed "http://pgl.yoyo.org/adservers/serverlist.php?hostformat=unbound;showintro=0" | sed -e 's/<[^>]*>//g' | sed -e 's/^Ad.*//g' > /etc/unbound_ad_serversThen restart the unbound service with another cron couple minutes after that runs.
and then just in unbound advanced box just include that file
server:
include: /etc/unbound_ad_serversworks better since it actually returns a redirected 127.0.0.1
;; QUESTION SECTION:
;zmedia.com. IN A;; ANSWER SECTION:
zmedia.com. 3600 IN A 127.0.0.1But agreed the pfblocker package has this stuff built in so someone that doesn't know how to do it themselves can just use that package.
-
JPBlocker
?? hehe :) -
I guess ;) This is easier to turn off then what your doing with your package.. BBcan177, your doing some great stuff there. I just don't have use for all the stuff your doing in the one package.
All I have to do to disable it is just comment out the lines in the advanced unbound box and restart unbound.
-
I guess ;) This is easier to turn off then what your doing with your package.. BBcan177, your doing some great stuff there. I just don't have use for all the stuff your doing in the one package.
Thanks… I think I will add an option to the package so users can use 127.0.0.1 and nxdomain the blocked domains which will stop the alerting and widget statistics, but there might be some that would want that...
If your just using one list like "yoyo" its fine, but by itself it doesn't do Advert/malicious domain blocking any justice... my 2cents...
1221110 total 726473 BBC_DGA.txt 311315 hpHosts.txt 46508 hpHosts_ads.txt 25236 IPRepDomain.txt 20180 MPatrol.txt 16125 MDS.txt 15239 Cameleon.txt 12820 MS_2.txt 9868 PhishTank.txt 7783 SWC.txt 5492 spam404.txt 4618 hpHosts_partial.txt 3440 dShield_SD.txt 3303 EasyList.txt 2480 Snort.txt 2422 yoyo.txt 2177 Spamhaus.txt 1970 EasyPrivacy.txt 875 MDL.txt 798 OpenPhish.txt 776 MVPS.txt 368 MPatrol.ip 301 GJTech.txt 204 malc0de.txt 125 Adaway.txt 107 PhishTank.ip 55 Malicious_custom.txt 23 EasyList.ip 14 EasyPrivacy.ip 8 BBC_DGA.ip 3 Ads_custom.txt 2 OpenPhish.ip 1 hpHosts.ip 1 Snort.ipAll I have to do to disable it is just comment out the lines in the advanced unbound box and restart unbound.
Actually can do the same with the pkg… Just remove/comment-out the "Server: Include" line and restart Unbound to allow unfiltered DNS requests... However the cron task will re-add the line on next cron run, unless you disable DNSBL...
-
very true you have a very extensive listing… Now that I moved to 2.3 maybe I will give the package another look see ;)
