Total: $0.00

Block Ads with Linux and Bind9

By IT Dan, 12/30/2015 - 19:18

Learn how to block ads and trackers using a Debian based system and bind9 (DNS caching) service. This is handy if you want to block ads for everyone on your network.


Step 1:

Ensure you have a working bind9 caching DNS service. The following is a guide to do that.


Step 2:

Now that you have the basics ready, we will create our shell script that will download the ad block list** and convert it to bind9 format.

The following commands need to be run as root user, or prefix them with 'sudo'.

Create the shell script file:

vi /etc/bind/make-block-list.sh
#!/usr/bin/env bash
wget -O - http://someonewhocares.org/hosts/zero/hosts | grep '^' | tr "[A-Z]" "[a-z]" | awk '!a[$0]++' | awk '{print "zone \""$2"\" { type master; notify no; file \"/etc/bind/blocked.zone\"; };"}' > /etc/bind/named.conf.blocked
rndc reload


Each part is explained below:

# download the list to STDOUT.
wget -O - http://someonewhocares.org/hosts/zero/hosts
# filter out any lines that don't start with the '', such as comments and empty lines.
grep '^'
# convert to lowercse
tr "[A-Z]" "[a-z]"
# filter out any duplicate lines
awk '!a[$0]++'
# format the line to bind9 style
awk '{print "zone \""$2"\" { type master; notify no; file \"/etc/bind/blocked.zone\"; };"}'
# save the output to /etc/bind/named.conf.blocked
> /etc/bind/named.conf.blocked
# reload the bind9 service
rndc reload


Make the file executable:

chmod +x /etc/bind/make-block-list.sh


Now we need to tell bind9 to load our block list:

vi /etc/bind/named.conf.local


And add this to the end of the file:

include "/etc/bind/named.conf.blocked";


Similar to the video, we will create a new zone that will be used to block URLS:

vi /etc/bind/blocked.zone
$TTL    86400   ; one day
@       IN      SOA     ads.example.com. hostmaster.example.com. (
                NS      my.dns.server.org
@       IN      A
*       IN      A


All that's left is to run the shell script, which will create our list and reload the service:



* I installed this version of Raspbian, the minimal Raspbian unattended netinstaller for Raspberry Pi Model 1B, 1B+ and 2B.

** I'm using the list from here: someonewhocares.org/hosts/zero/