updated BIND's readme
This commit is contained in:
@@ -1,12 +1,14 @@
|
||||
# BIND9
|
||||
Keeping true with the _router replacement_ this deployment of BIND9 named DNS server was mainly to define local hosts and forward requests to public DNS servers. I opted to use _dns.watch_ for my public resolver due to being uncensored and fast with the added benifit of no logging and DNSSEC availability. It has IPv6 capabilities, but my ISP doesn't support IPv6 well enough yet.
|
||||
|
||||
## Ad-Blocking
|
||||
Some additional features that I included with my BIND9 deployment, is a DNS level ad-blocking function. It works the same way as any normal hostfile block, except it will effect all devices on my network (now you see why my firewall routes all public DNS servers to me).
|
||||
|
||||
In the (near) future I am planning on deploying an nginx config to allow DoT/DoH (DNS over TLS/HTTPS) to my DNS server.
|
||||
|
||||
In the config, you will notice that I server DNS records for 2 zones:
|
||||
`secmayl.com`
|
||||
`manios.ca`
|
||||
|
||||
However, the config is extended with `include "/usr/local/etc/namedb/sinkhole.conf";` This config file is dynamic and changes every time my script to get a new set of ad-block domains. The script (blocklist.sh) is kind of half-working (also on my todo list), but works well enough to block ~80% of ads.
|
||||
However, the config is extended with `include "/usr/local/etc/namedb/sinkhole.conf";` This config file is dynamic and changes every time my script to get a new set of ad-block domains. The script (blocklist.sh) is kind of half-working (also on my todo list), but works well enough to block ~80% of ads.
|
||||
|
||||
## TLS over DNS/HTTPS
|
||||
In the (near) future I am planning on deploying an nginx config to allow DoT/DoH (DNS over TLS/HTTPS) to my DNS server. The changes will be part of the nginx config. I shouldn't need to touch BIND, but I may need to add some rules for these lookups.
|
||||
Reference in New Issue
Block a user