nicholas/showcase
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
master
showcase/aries/bind
History
nicholasmanios 3698c43760 updated BIND's readme
2020-03-19 09:43:08 -04:00
..
blocklist.sh
Added blocklist.sh
2020-03-18 18:56:15 -04:00
named.conf
Added named.conf
2020-03-18 18:44:08 -04:00
README.md
updated BIND's readme
2020-03-19 09:43:08 -04:00

README.md

BIND9

Keeping true with the router replacement this deployment of BIND9 named DNS server was mainly to define local hosts and forward requests to public DNS servers. I opted to use dns.watch for my public resolver due to being uncensored and fast with the added benifit of no logging and DNSSEC availability. It has IPv6 capabilities, but my ISP doesn't support IPv6 well enough yet.

Ad-Blocking

Some additional features that I included with my BIND9 deployment, is a DNS level ad-blocking function. It works the same way as any normal hostfile block, except it will effect all devices on my network (now you see why my firewall routes all public DNS servers to me).

In the config, you will notice that I server DNS records for 2 zones: secmayl.com manios.ca

However, the config is extended with include "/usr/local/etc/namedb/sinkhole.conf"; This config file is dynamic and changes every time my script to get a new set of ad-block domains. The script (blocklist.sh) is kind of half-working (also on my todo list), but works well enough to block ~80% of ads.

TLS over DNS/HTTPS

In the (near) future I am planning on deploying an nginx config to allow DoT/DoH (DNS over TLS/HTTPS) to my DNS server. The changes will be part of the nginx config. I shouldn't need to touch BIND, but I may need to add some rules for these lookups.

Reference in New Issue View Git Blame Copy Permalink