Off Topic - Block iCloud -
Tim
ignored_mailbox at yahoo.com.au
Wed Apr 10 12:12:09 UTC 2013
Ed Greshko:
>> If so, you could create a "local" zone for icloud.com with a wildcard
>> record that returns a non existing server address.
Bob Goodwin:
> I don't think I know how to do that
If you're using BIND as your DNS server, it's quite easy. That's "easy"
as in it's easy to add zone file to kill off certain queries to an
already configured BIND server. Not so easy if you have to learn how to
set up BIND, first.
You have a named.conf file that lists the domain names you want to kill
off, and they refer to a domain name record file that sends back no
useful information for the query. So the attempt to connect to connect
to them will fail, and very quickly.
You have entries in the /etc/named.conf file like this:
zone "doubleclick.com" { type master; file "dead.zone"; };
zone "adwords.google.com" { type master; file "dead.zone"; };
zone "googlesyndication.com" { type master; file "dead.zone"; };
zone "googleservices.com" { type master; file "dead.zone"; };
zone "googleadservices.com" { type master; file "dead.zone"; };
zone "google-analytics.com" { type master; file "dead.zone"; };
So all queries for those domain names, and any sub-domain (e.g. it'll
apply to www.doubleclick.com or any other prefixes, as well). You just
add more lines, like the above, for anything that you want to answer
with your server. Anything that you don't add custom files for, your
name server will go out on the web and find the answers in the normal
way. e.g. google.com still works, because I have no entry for just
google.com.
And you have a dead.zone DNS record file in /var/named/ like this:
$TTL 86400
@ IN SOA ns.localdomain. hostmaster.mail.localdomain. (
200 ; serial
28800 ; refresh
7200 ; retry
604800 ; expire
86400 ; ttl
)
IN NS ns.localdomain.
Which provides no answers for any queries, it only has the bare-bones
fields that make up the beginning of a zone file, but no IPs or domain
names that any query would ask about. Queries fail with an instant "no
answer" type of response.
If you have a chrooted BIND server, then those filepaths are prefixed
with the chroot filepath.
e.g. If your chroot was to "/var/named/chroot" then they'd be:
"/var/named/chroot/etc/named.conf" and
"/var/named/chroot/var/named/dead.zone"
As that example stands, it'd kill off all queries and connection
attempts to the listed domain names, for all machines on your LAN (I do
this). If you play with split networks on your LAN (trusted machines on
one set of IP addresses, and untrusted machines on another set), you can
even configure your DNS server to respond differently to the different
sub-networks (work normally for the trusted machines, give "no answer"
results to the untrusted machines).
Of course, if you're not using BIND as your DNS server on one of your
computers, then you'd need to learn how to do a similar thing with that
name server. If your DNS server is your router, you're going to be
limited to what it provides. Though, there's nothing stopping you from
configuring your DHCP server (whatever it is) to tell all DHCP clients
to use a DNS server on your computer instead of the router (I do this).
--
[tim at localhost ~]$ uname -rsvp
Linux 3.8.4-102.fc17.x86_64 #1 SMP Sun Mar 24 13:09:09 UTC 2013 x86_64
All mail to my mailbox is automatically deleted, there is no point
trying to privately email me, I will only read messages posted to the
public lists.
My apologies for not including a virus with this message, but I don't
use Windows.
More information about the users
mailing list