using bind for blacklist of domains
dhott...@harrisonburg.k12.va.us
like to specifically block access to domains that are spreading
malware. I was grepping around the internet and fell upon this
website http://www.malwaredomains.com/, but dont seem to be able to
get my internal name server to like any of the configs I push on it.
thanks for any advice that might be offered.
ddh
--
Dwayne Hottinger
Network Administrator
Harrisonburg City Public Schools
"Everything should be made as simple as possible, but not simpler."
-- Albert Einstein
"The hottest places in Hell are reserved for those who, in times of moral
crisis, preserved their neutrality."
-- Dante
_______________________________________________
bind-users mailing list
bind-...@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
dhott...@harrisonburg.k12.va.us
> In comp.protocols.dns.bind you write:
>> Has anyone used their internal dns server for blacklisting? I would
>> like to specifically block access to domains that are spreading
>> malware. I was grepping around the internet and fell upon this
>> website http://www.malwaredomains.com/, but dont seem to be able to
>> get my internal name server to like any of the configs I push on it.
>> thanks for any advice that might be offered.
>
> It should be easy enough to take the list, parse it into config line
> items pointing to a single zone file that just maps * to 127.0.0.1 or
> something.
>
> Or you could just use OpenDNS?
>
> (Not that I use them, but thats one of the free features they support).
>
Sounds good and that is what I thought (except for OpenDNS), however I
created a zone file named blacklist.host and added an entry into my
named.conf file that said
zone "00.devoid.us" {
type master;
file "blockeddomains.host";
};
When I restart named I get the following error message in my message logs:
Mar 24 14:14:14.970 dns_master_load: blockeddomains.host:9: no current
owner name
Mar 24 14:14:14.971 zone 00.devoid.us/IN: loading master file
blockeddomains.host: no owner
I actually have 8 existing zones on this server and they each have a
root server listed in their zone files. Do I need to have a root
server in this one?
thanks,
Kevin Darcy
> Quoting Doug McIntyre <mer...@dork.geeks.org>:
>
>> In comp.protocols.dns.bind you write:
>>> like to specifically block access to domains that are spreading
>>> malware. I was grepping around the internet and fell upon this
>>> website http://www.malwaredomains.com/, but dont seem to be able to
>>> get my internal name server to like any of the configs I push on it.
>>> thanks for any advice that might be offered.
>>
>> items pointing to a single zone file that just maps * to 127.0.0.1 or
>> something.
>>
>> Or you could just use OpenDNS?
>>
>> (Not that I use them, but thats one of the free features they support).
>>
>
> Sounds good and that is what I thought (except for OpenDNS), however I
> created a zone file named blacklist.host and added an entry into my
> named.conf file that said
> zone "00.devoid.us" {
> type master;
> file "blockeddomains.host";
> };
>
> When I restart named I get the following error message in my message
> logs:
>
> Mar 24 14:14:14.970 dns_master_load: blockeddomains.host:9: no current
> owner name
> Mar 24 14:14:14.971 zone 00.devoid.us/IN: loading master file
> blockeddomains.host: no owner
> I actually have 8 existing zones on this server and they each have a
> root server listed in their zone files. Do I need to have a root
> server in this one?
>
If you post the contents of the file, up to line 9, we should be able to
spot the syntax error and explain to you how to fix it.
- Kevin
dhott...@harrisonburg.k12.va.us
> dhott...@harrisonburg.k12.va.us wrote:
>> Quoting Doug McIntyre <mer...@dork.geeks.org>:
>>
>>> In comp.protocols.dns.bind you write:
>>>> Has anyone used their internal dns server for blacklisting? I would
>>>> like to specifically block access to domains that are spreading
>>>> malware. I was grepping around the internet and fell upon this
>>>> website http://www.malwaredomains.com/, but dont seem to be able to
>>>> get my internal name server to like any of the configs I push on it.
>>>> thanks for any advice that might be offered.
>>>
>>> It should be easy enough to take the list, parse it into config line
>>> items pointing to a single zone file that just maps * to 127.0.0.1 or
>>> something.
>>>
>>> Or you could just use OpenDNS?
>>>
>>> (Not that I use them, but thats one of the free features they support).
>>>
>>
>> Sounds good and that is what I thought (except for OpenDNS),
>> however I created a zone file named blacklist.host and added an
>> entry into my named.conf file that said
>> zone "00.devoid.us" {
>> type master;
>> file "blockeddomains.host";
>> };
>>
>> When I restart named I get the following error message in my message logs:
>>
>> Mar 24 14:14:14.970 dns_master_load: blockeddomains.host:9: no
>> current owner name
>> Mar 24 14:14:14.971 zone 00.devoid.us/IN: loading master file
>> blockeddomains.host: no owner
>> I actually have 8 existing zones on this server and they each have
>> a root server listed in their zone files. Do I need to have a root
>> server in this one?
>>
> This isn't an architecture problem, it's a syntax error in the zone file.
>
> If you post the contents of the file, up to line 9, we should be able
> to spot the syntax error and explain to you how to fix it.
>
> - Kevin
>
> _______________________________________________
> bind-users mailing list
> bind-...@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
Contents of blockeddomains.host:
$TTL 86400 ; one day
@ IN SOA ns.hhs.harrisonburg.k12.va.us
(
2004061000 ; serial number 09032401
28800 ; refresh 8 hours
7200 ; retry 2 hours
864000 ; expire 10 days
86400 ) ; min ttl 1 day
NS ns1.harrisonburg.k12.va.us.
NS ns2.harrisonburg.k12.va.us.
A 0.0.0.0
* IN A 0.0.0.0
thanks,
Jeremy C. Reed
> (
> 2004061000 ; serial number 09032401
> 28800 ; refresh 8 hours
> 7200 ; retry 2 hours
> 864000 ; expire 10 days
> 86400 ) ; min ttl 1 day
SOA is broken two ways. Needs both machine name and contact name. And the
"(" (open parenthesis) should be on same line to start the continuation
not on a line by itself.
If you have "no current owner name" onm first line could be caused by
indenting $TTL line too.
It seems like you would have seen:
4: unknown RR type '28800'
Kevin Darcy
> Quoting Kevin Darcy <k...@chrysler.com>:
>
>> dhott...@harrisonburg.k12.va.us wrote:
>>> Quoting Doug McIntyre <mer...@dork.geeks.org>:
>>>
>>>> In comp.protocols.dns.bind you write:
>>>>> like to specifically block access to domains that are spreading
>>>>> malware. I was grepping around the internet and fell upon this
>>>>> website http://www.malwaredomains.com/, but dont seem to be able to
>>>>> get my internal name server to like any of the configs I push on it.
>>>>> thanks for any advice that might be offered.
>>>>
>> bind-users mailing list
>> bind-...@lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
>
> $TTL 86400 ; one day
>
> (
> 2004061000 ; serial number 09032401
> 28800 ; refresh 8 hours
> 7200 ; retry 2 hours
> 864000 ; expire 10 days
> 86400 ) ; min ttl 1 day
and an RNAME field. MNAME (which you have) should be the name of the
primary master; but if you fully-qualify the name you should
dot-terminate it, to avoid the zone origin ("00.devoid.us") from being
appended. RNAME is a standard SMTP contact email address for the zone,
e.g. ad...@harrisonbug.k12.va.us, with the @ in the email address
replaced with a dot. As with MNAME, make sure to dot-terminate RNAME too
if the domain part of the email address is fully-qualified. Your SOA
should have total of 7 fields, you're only showing 6; RNAME is missing.
A syntactically-better SOA might look like
@ IN SOA ns.hhs.harrisonburg.k12.va.us. admin.harrisonbug.k12.va.us. (
2004061000
28800
7200
864000
86400
)
Beyond that, I can't really tell because of the way email gets
reformatted, but if you have any whitespace before "@" or "*", that's
going to be a problem; the opening parenthesis should also be on the
first SOA line.
Last and least, the "min ttl" comment is misleading. The last field of
the SOA record is now used as the "negative caching TTL", not "minimum"
in any sense of the word. The comment should probably reflect that.
Note that you can use the named-checkzone utility -- included in the
BIND distribution -- to check a zone file for syntax errors, without
actually trying to get named to load the file.
- Kevin
dhott...@harrisonburg.k12.va.us
> bind-users mailing list
> bind-...@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
Thanks, its been a while since I did a zone file. I new there was a
way to check the file for errors, but couldnt remember it. I
appreciate all the help.
take care,
Jeremy C. Reed
> SOA record is now used as the "negative caching TTL", not "minimum" in any
> sense of the word. The comment should probably reflect that.
off-list .... now to get BIND's generated outputs to say the same thing
:)