Re: Off Topic - Block iCloud -

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Ed Greshko:
>> If so, you could create a "local" zone for icloud.com with a wildcard
>> record that returns a non existing server address.


Bob Goodwin:
> I don't think I know how to do that

If you're using BIND as your DNS server, it's quite easy.  That's "easy"
as in it's easy to add zone file to kill off certain queries to an
already configured BIND server.  Not so easy if you have to learn how to
set up BIND, first.

You have a named.conf file that lists the domain names you want to kill
off, and they refer to a domain name record file that sends back no
useful information for the query.  So the attempt to connect to connect
to them will fail, and very quickly.

You have entries in the /etc/named.conf file like this:

zone "doubleclick.com"          { type master; file  "dead.zone"; };
zone "adwords.google.com"       { type master; file  "dead.zone"; };
zone "googlesyndication.com"    { type master; file  "dead.zone"; };
zone "googleservices.com"       { type master; file  "dead.zone"; };
zone "googleadservices.com"     { type master; file  "dead.zone"; };
zone "google-analytics.com"     { type master; file  "dead.zone"; };

So all queries for those domain names, and any sub-domain (e.g. it'll
apply to www.doubleclick.com or any other prefixes, as well).  You just
add more lines, like the above, for anything that you want to answer
with your server.  Anything that you don't add custom files for, your
name server will go out on the web and find the answers in the normal
way.  e.g. google.com still works, because I have no entry for just
google.com.

And you have a dead.zone DNS record file in /var/named/ like this:

$TTL 86400
@       IN      SOA     ns.localdomain.  hostmaster.mail.localdomain. (
                        200 ; serial
                        28800 ; refresh
                        7200 ; retry
                        604800 ; expire 
                        86400 ; ttl
                        )


        IN      NS      ns.localdomain.

Which provides no answers for any queries, it only has the bare-bones
fields that make up the beginning of a zone file, but no IPs or domain
names that any query would ask about.  Queries fail with an instant "no
answer" type of response.

If you have a chrooted BIND server, then those filepaths are prefixed
with the chroot filepath.  

e.g. If your chroot was to "/var/named/chroot" then they'd be:
     "/var/named/chroot/etc/named.conf"  and
     "/var/named/chroot/var/named/dead.zone"

As that example stands, it'd kill off all queries and connection
attempts to the listed domain names, for all machines on your LAN (I do
this).  If you play with split networks on your LAN (trusted machines on
one set of IP addresses, and untrusted machines on another set), you can
even configure your DNS server to respond differently to the different
sub-networks (work normally for the trusted machines, give "no answer"
results to the untrusted machines).

Of course, if you're not using BIND as your DNS server on one of your
computers, then you'd need to learn how to do a similar thing with that
name server.  If your DNS server is your router, you're going to be
limited to what it provides.  Though, there's nothing stopping you from
configuring your DHCP server (whatever it is) to tell all DHCP clients
to use a DNS server on your computer instead of the router (I do this).

-- 
[tim@localhost ~]$ uname -rsvp
Linux 3.8.4-102.fc17.x86_64 #1 SMP Sun Mar 24 13:09:09 UTC 2013 x86_64

All mail to my mailbox is automatically deleted, there is no point
trying to privately email me, I will only read messages posted to the
public lists.

My apologies for not including a virus with this message, but I don't
use Windows.



-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org




[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux