using bind for blacklist of domains
Kevin Darcy
kcd at chrysler.com
Tue Mar 24 21:40:47 UTC 2009
dhottinger at harrisonburg.k12.va.us wrote:
> Quoting Doug McIntyre <merlyn at dork.geeks.org>:
>
>> In comp.protocols.dns.bind you write:
>>> Has anyone used their internal dns server for blacklisting? I would
>>> like to specifically block access to domains that are spreading
>>> malware. I was grepping around the internet and fell upon this
>>> website http://www.malwaredomains.com/, but dont seem to be able to
>>> get my internal name server to like any of the configs I push on it.
>>> thanks for any advice that might be offered.
>>
>> It should be easy enough to take the list, parse it into config line
>> items pointing to a single zone file that just maps * to 127.0.0.1 or
>> something.
>>
>> Or you could just use OpenDNS?
>>
>> (Not that I use them, but thats one of the free features they support).
>>
>
> Sounds good and that is what I thought (except for OpenDNS), however I
> created a zone file named blacklist.host and added an entry into my
> named.conf file that said
> zone "00.devoid.us" {
> type master;
> file "blockeddomains.host";
> };
>
> When I restart named I get the following error message in my message
> logs:
>
> Mar 24 14:14:14.970 dns_master_load: blockeddomains.host:9: no current
> owner name
> Mar 24 14:14:14.971 zone 00.devoid.us/IN: loading master file
> blockeddomains.host: no owner
> I actually have 8 existing zones on this server and they each have a
> root server listed in their zone files. Do I need to have a root
> server in this one?
>
This isn't an architecture problem, it's a syntax error in the zone file.
If you post the contents of the file, up to line 9, we should be able to
spot the syntax error and explain to you how to fix it.
- Kevin
More information about the bind-users
mailing list