From 3698c43760dadc5a2b35fadaf6d335c57c4c426c Mon Sep 17 00:00:00 2001 From: nicholasmanios Date: Thu, 19 Mar 2020 09:43:08 -0400 Subject: [PATCH] updated BIND's readme --- aries/bind/README.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/aries/bind/README.md b/aries/bind/README.md index b315e7a..2d78b97 100644 --- a/aries/bind/README.md +++ b/aries/bind/README.md @@ -1,12 +1,14 @@ # BIND9 Keeping true with the _router replacement_ this deployment of BIND9 named DNS server was mainly to define local hosts and forward requests to public DNS servers. I opted to use _dns.watch_ for my public resolver due to being uncensored and fast with the added benifit of no logging and DNSSEC availability. It has IPv6 capabilities, but my ISP doesn't support IPv6 well enough yet. +## Ad-Blocking Some additional features that I included with my BIND9 deployment, is a DNS level ad-blocking function. It works the same way as any normal hostfile block, except it will effect all devices on my network (now you see why my firewall routes all public DNS servers to me). -In the (near) future I am planning on deploying an nginx config to allow DoT/DoH (DNS over TLS/HTTPS) to my DNS server. - In the config, you will notice that I server DNS records for 2 zones: `secmayl.com` `manios.ca` -However, the config is extended with `include "/usr/local/etc/namedb/sinkhole.conf";` This config file is dynamic and changes every time my script to get a new set of ad-block domains. The script (blocklist.sh) is kind of half-working (also on my todo list), but works well enough to block ~80% of ads. \ No newline at end of file +However, the config is extended with `include "/usr/local/etc/namedb/sinkhole.conf";` This config file is dynamic and changes every time my script to get a new set of ad-block domains. The script (blocklist.sh) is kind of half-working (also on my todo list), but works well enough to block ~80% of ads. + +## TLS over DNS/HTTPS +In the (near) future I am planning on deploying an nginx config to allow DoT/DoH (DNS over TLS/HTTPS) to my DNS server. The changes will be part of the nginx config. I shouldn't need to touch BIND, but I may need to add some rules for these lookups. \ No newline at end of file