Blocking Malicious Websites with DNS

Original article here:

Using bind we can block malicious websites.

apt-get install bind9
vi /etc/resolv.conf
make localhost your name server
vi /etc/bind/named.conf.options
set up your dns forwarders (usually ISP DNS servers)

vi /etc/bind/named.conf.local
add the line
include “/etc/bind/spywaredomains.zones”;
vi /etc/namedb/blockeddomain.hosts

; This zone will kill all traffic to a listed domain
; Replace xxxnameserver.net with your nameserver
;

$TTL 86400 ; one day

@ IN SOA ns1.yourdomain.com. yourdomain.com. (
1
28800 ; refresh 8 hours
7200 ; retry 2 hours
864000 ; expire 10 days
86400 ) ; min ttl 1 day
NS ns1.yourdomain.com
A 127.0.0.1

* IN A 127.0.0.1

vi /root/update-spyware-domains.sh

#!/bin/sh

cd /etc/bind
wget -O spywaredomains.zones.new http://www.malwaredomains.com/files/spywaredomains.zones
ERROR=$?
if [ “$ERROR” -eq “0” ]; then
/etc/init.d/bind9 stop
mv spywaredomains.zones spywaredomains.zones.old
mv spywaredomains.zones.new spywaredomains.zones
sleep 15
/etc/init.d/bind9 start
else
echo “problem with wget error’”. $ERROR .”‘”

fi

make the script execute, run it…

chmod 700 /root/update-spyware-domains.sh
/root/update-spyware-domains.sh

add it to the cron, for updates

crontab -e

40 22 * * 1-5 /root/update-spyware-domains.sh

Bad Behavior has blocked 149 access attempts in the last 7 days.