Network wide site block with Amahi hosts file?

[iRobie]

I'm trying to block some sites on a network wide level. I know I can do this with OpenDNS, but I'm going for a large number of sites.

I've tried editing /etc/hosts on Amahi but the clients aren't reading the changes. Here's an example:

On Amahi:

Code: Select all

[root@cnbc7 ~]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 10.0.1.3 cnbc7.com

On Amahi:

Code: Select all

[root@cnbc7 ~]# ping cnbc7.com PING cnbc7.com (10.0.1.3) 56(84) bytes of data. 64 bytes from cnbc7.com (10.0.1.3): icmp_req=1 ttl=64 time=0.077 ms

Which is correct - hosts file for cnbc7.com makes Amahi ping the hosts entry of a local address.

On a Windows client:

Code: Select all

Windows IP Configuration Successfully flushed the DNS Resolver Cache. Pinging cnbc7.com [208.73.210.76] with 32 bytes of data: Reply from 208.73.210.76: bytes=32 time=38ms TTL=241 Reply from 208.73.210.76: bytes=32 time=41ms TTL=241 Reply from 208.73.210.76: bytes=32 time=43ms TTL=241 Reply from 208.73.210.76: bytes=32 time=76ms TTL=241

From nsswitch.conf:

Code: Select all

#hosts: db files nisplus nis dns hosts: files dns

I have a feeling I'm missing something pretty basic, but just don't know what it is. Thanks for any help!


Edit:
To add verification that I'm using Amahi as the DNS server for the Windows machine (sorry, the thing I'm missing isn't that basic ): (10.0.1.3 is my Amahi server)

Code: Select all

nslookup cnbc7.com Server: hda.home.com Address: 10.0.1.3 Non-authoritative answer: Name: cnbc7.com Address: 208.73.210.76

[hemminger]

DNS Server doesn't work that way. Most machines look to an internal file the hosts file for name resolution then to a DNS server. So it makes sense it works on the server you changed the hosts file on, but the DNS server running on that host has a different file it's using for the DNS resolution. Bind uses a file in /var I believe by default and it's going to have a name like home.com.db. In there if you change the address of the site you want it'll point all the clients using it for DNS to the IP you specify. Hosts files are only for lookup with out DNS local to the machine itself. I'm not positive of the .db file location as it has been a long time since I've edited a DNS server on Fedora and I am currently at work and can't look on my server.

[iRobie]

Ah, I missed that Amahi uses Bind. Knew I missed something basic! Dnsmasq works the way I mentioned, just wasn't working when it wasn't called

I've managed to do this - setup a network wide site block / ad blocker - by doing the following:

Created /etc/adblock.zones (not the best place):

Code: Select all

[root@cnbc7 ~]# cat /etc/adblock.zones $TTL 24h @ IN SOA localhost. root.localhost. ( 2003052800 86400 300 604800 3600 ) @ IN NS localhost. @ IN A 127.0.0.1 * IN A 127.0.0.1

(Be sure to have the extra space at the bottom!)

Added the following to /etc/namemd.conf:

Code: Select all

zone "1.0.10.in-addr.arpa" IN { type master; notify no; file "dynamic/hda-a2n.conf"; allow-update { key ddnskey; }; check-names ignore; }; ## CUSTOM EDIT HERE zone "cnbc7.com" { type master; notify no; file "/etc/adblock.zones"; }; ## END CUSTOM EDIT # NOTE, you can create a file /etc/named.conf.local and it will be automatically included here! # WARNING - you better not break the format though! };

To make this an adblocker, I just copied and pasted the file from the following link to the "CUSTOM EDIT" location above. Search and replace the default file location (null.zone.file) with the custom one (/etc/adblock.zones): http://pgl.yoyo.org/as/serverlist.php?h ... =plaintext

After that, service named restart. And voila! Ads-b-gone.

[matt2819]

Hi. Please don't mind my posting to a thread that's a bit old.

I very much appreciate iRobie posting this solution, but unfortunately, even though I've followed these instructions exactly, I'm still seeing ads etc.

So now it's me asking if I'm missing something basic?

Thanks for any help anyone can offer.