From 192df8152fa2003b5f808d891da77f653fba72f2 Mon Sep 17 00:00:00 2001 From: nicholasmanios Date: Wed, 18 Mar 2020 18:54:46 -0400 Subject: [PATCH] Created BIND9 README.md --- aries/bind/README.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 aries/bind/README.md diff --git a/aries/bind/README.md b/aries/bind/README.md new file mode 100644 index 0000000..f650c12 --- /dev/null +++ b/aries/bind/README.md @@ -0,0 +1,12 @@ +# BIND9 +Keeping true with the _router replacement_ this deployment of BIND9 named DNS server was mainly to define local hosts and forward requests to public DNS servers. I opted to use _dns.watch_ for my public resolver due to being uncensored and fast with the added benifit of no logging and DNSSEC availability. It has IPv6 capabilities, but my ISP doesn't support IPv6 well enough yet. + +Some additional features that I included with my BIND9 deployment, is a DNS level ad-blocking function. It works the same way as any normal hostfile block, except it will effect all devices on my network (now you see why my firewall routes all public DNS servers to me). + +In the (near) future I am planning on deploying an nginx config to allow DoT/DoH (DNS over TLS/HTTPS) to my DNS server. + +In the config, you will notice that I server DNS records for 2 zones: +`secmayl.com` +`manios.ca` + +However, the config is extended with `include "/usr/local/etc/namedb/sinkhole.conf";` This config file is dynamic and changes every time my script to get a new set of ad-block domains. The script is kind of half-working (also on my todo list), but works well enough to block ~80% of ads. \ No newline at end of file