Differences

This shows you the differences between two versions of the page.

--- redhat:ip-address-services-redhat:configure-bind-with-adblocking-redhat [2017/09/29 15:21] – [Let's Get Started!] michael
+++ redhat:ip-address-services-redhat:configure-bind-with-adblocking-redhat [2018/05/16 11:08] (current) – [Let's Get Started!] michael
@@ Line 23: / Line 23: @@
 # vim /etc/named.conf</code>
-<sxh bash>acl "trusted" {
+<sxh bash highlight: [2, 16, 29-30, 48-51]>acl "trusted" {
 .16.1.0/24;
 };
@@ Line 86: / Line 86: @@
   - **Lastly**, you will need to ''**update the "zone" config**'', which is set to domain.local. Using blitz.home as an example, it should look like this:
-<sxh bash;>zone "blitz.home" IN {
+<sxh bash;>zone "blackgate.home" IN {
     type master;
-    file "blitz.home.zone";
+    file "blackgate.home.zone";
 };</sxh>
 </WRAP>
-==== Installation von Updates und Voraussetzungen ====
 <WRAP center  box 100%>
-==== Installation von Updates und Voraussetzungen ====
+==== Erstellen der ad-block Zone ====
+<code># vim /var/named/null.zone.file</code>
+<sxh bash; highlight: [2, 9];>$TTL 86400
+@   IN  SOA dns01.domain.local. hostmaster.domain.local. (
+            2016010100  ; serial
+       ; refresh after 6 hours
+        ; retry after 1 hour
+      ; expire after 1 week
+   )   ; minimum TTL of 1 day
+        IN  NS  dns01.domain.local.
+@       IN  A   127.0.0.1
+*       IN  A   127.0.0.1
+</sxh>
+''Above is the zone file that is used to redirect ad requests. <wrap em>Again, you need to make changes for your environment.</wrap>''
+  - In the second line, you will need to update to your domain. As example, you would want to set it to: ''@   IN  SOA dns01.blackgate.home.   hostmaster.blackgate.home. ('' Leave hostmaster as is!
+  - Then you will need to change dns01.domain.local to the domain name of this server (dns01, in my example) you will need to update line 9 as well, to someting like: ''IN  NS  dns01.blackgate.home.''
-<code># yum -y update && yum -y install bind httpd wget</code>
 </WRAP>
+<WRAP center  box 100%>
+==== Erstellen der DNS lokalen Forward Zone ====
+''When creating the next file, **replace domain.local.zone** <wrap em>with your domain name as specified in the named config in step #2;</wrap> i.e. blackgate.home.zone. Otherwise, named will not be able to find this file and start the service.''
+<code># vim /var/named/domain.local.zone    # CHANGE THE FILE NAME AS DIRECTED ABOVE</code>
+<sxh bash; highlight: [2, 9, 11-12]>$TTL 86400
+@   IN  SOA dns01.domain.local. hostmaster.domain.local. (
+            2015122100  ; serial
+       ; refresh after 6 hours
+        ; retry after 1 hour
+      ; expire after 1 week
+   )   ; minimum TTL of 1 day
+        IN  NS  dns01.domain.local.
+dns01       IN  A   172.16.1.101
+fw01        IN  A   172.16.1.254
+dns         IN  CNAME   dns01
+</sxh>
+''Just like in the ad-block zone file, you will need to **update line 2** and **line 9** with your relevant domain info.''
+Down toward the end of the file I have two examples of how to manually add DNS records (A records). Just use this same format if you want to add any of your own. The bottom line is for creating a CNAME record for dns, and pointing it to my server named dns01. If this server is not named dns01 for you, replace dns01 with the correct name.
+Now if you ever go back and update this file (which is normal), update the serial (line 3) so named will know to reread this file since it's been updated.
+The serial is 10 digits, and is best used in a date format ''(i.e., YYYYMMDDVV, where Y=Year, M=Month, D=Day, V=Version)''. Just restart the named service after changes have bene made.
+</WRAP>
+<WRAP center  box 100%>
+==== Herunterladen des AD-Blacklist Zonen Files ====
+''Here we are just making a directory, and downloading a pre-configured zone file with over 2000 ad domains listed, and renamining the file to ads.''
+<code># mkdir -p /var/named/blacklists
+# wget -O /var/named/blacklists/ads 'http://pgl.yoyo.org/adservers/serverlist.php?hostformat=bindconfig&showintro=0&mimetype=plaintext'</code>
+</WRAP>
+<WRAP center  box 100%>
+==== Konfiguration des DNS lokalen HTTPD ====
+<code># wget -O /var/www/html/a.gif 'http://probablyprogramming.com/wp-content/uploads/2009/03/tinytrans.gif'</code>
+Above we downloaded the 1x1 transparent gif file that we'll serve up instead of ads. Next we need to update the httpd config with rewrite rules to know when/how to serve the file. We need to open the file for editing, and just add in a few lines inside the <Directory "/var/www"> section.
+<code># vim /etc/httpd/conf/httpd.conf</code>
+<sxh bash;><FilesMatch "a.gif$">
+    Header set Cache-Control "max-age=290304000, public"
+</FilesMatch>
+    RewriteEngine On
+    RewriteBase /
+    RewriteCond %{REQUEST_FILENAME} !-f
+    RewriteCond %{REQUEST_FILENAME} !-d
+    RewriteCond %{REQUEST_FILENAME} !-l
+    RewriteRule ^(.*)$ http://localhost/a.gif
+</sxh>
+</WRAP>
+<WRAP center  box 100%>
+==== Konfiguration Firewalld, sowie Starten und enablen der Services ====
+<code># systemctl enable named.service && systemctl enable httpd.service   # Enable services
+# firewall-cmd --permanent --add-port=53/tcp
+# firewall-cmd --permanent --add-port=53/udp
+# firewall-cmd --permanent --add-service=http
+# firewall-cmd --reload
+# systemctl reboot
+</code>
+From here you just need to configure your client computer to use this server as it's DNS server, and you should then be ad free! If it's not working right, or you're having problem, just me know and I'd be glad to help out!
+</WRAP>
+----
+''Hilfreicher Link zum DNS-Server:'' [[https://www.techinformant.in/dns-server-configuration-on-rhelcentos-7/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+techinformant%2Ffeeds+%28Tech+Informant%29]]