Admins eHow SysAdmin Tips & Tricks

April 4, 2010

Configure Powerdns to use MVPS.org Hosts file

Filed under: General — Tags: , , , — admin @ 4:20 pm

One of the solutions to increase your PC security and block ads, counters, malwares and etc is to use a HOSTS file on your windows so the DNS address of such sites is resolved to localhost (127.0.0.1) instead of correct address.
Simply using a HOSTS file is not a cure-all against all the dangers on the Internet, but it does provide another very effective “Layer of Protection”.
The original idea is explained on this link : http://www.mvps.org/winhelp2002/hosts.htm
As the above link explains , you can put HOSTS file inside your windows system files and it will do the trick , but this solution has its own complexities and downsides , a better solution is to have a DNS server which uses MVPS HOSTS file to block malware sites and then point your PC DNS entries to it.
like 1 year ago I explained how to install PowerDNS as a caching DNS server – HERE – now I want to explain how you can configure it to use MVPS HOSTS file to block malware site and update it automatically.
Please note you should have perl installed on your server for this script to work.

Go to /etc/powerdns folder and create the following files :

null.zone.file :

; BIND db file for ad servers - point all addresses to localhost
;
; This file comes from:
;
;       http://adminsehow.com

$TTL    86400   ; one day

@       IN      SOA     ns0.example.net.      hostmaster.example.net. (
                        2002061000       ; serial number YYMMDDNN
                        28800   ; refresh  8 hours
                        7200    ; retry    2 hours
                        864000  ; expire  10 days
                        86400 ) ; min ttl  1 day
                NS      ns0.example.net.
                NS      ns1.example.net.

                A       127.0.0.1

*               IN      A       127.0.0.1

auth-zone.pl :

local $/=undef;
open FILE, "hosts.txt" or die "Couldn't open file: $!";
binmode FILE;
$subject = <FILE>;
close FILE;

$a='auth-zones=';

while ($subject =~ m/127\.0\.0\.1[ ]+(([a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,4})/ixg) {
  $a=$a.$1."=null.zone.file,";
}

print "$a";

update-auth-zone :

cd /etc/powerdns
rm -f hosts.txt
wget -q "http://www.mvps.org/winhelp2002/hosts.txt"
perl auth-zone.pl > auth.zone
sed -i "/auth-zones=/d" recursor.conf
cat auth.zone >> recursor.conf
/etc/init.d/pdns-recursor restart > /dev/null 2>&1
rm -f hosts.txt
rm -f auth.zone

make update-auth-zone executable :

chmod +x update-auth-zone

execute update-auth-zone once :

./update-auth-zone

open crontab by “crontab -e” command and add the following line to it :

@weekly /etc/powerdns/update-auth-zone

this cron job will automatically update your powerdns configuration based on MVPS HOSTS file weekly.

Currently I have configured my own DNS server 216.155.148.9 to use MVPS HOSTS file , feel free to use it as your primary DNS Server if you like 🙂

  • Hi. Thanks so much for this post…
    http://www.adminsehow.com/2010/04/configure-powerdns-to-use-mvps-org-hosts-file/

    I’ve been pointing to the DNS server address you list in the article, but it looks like it’s not enforcing the MVPS file at all now.

    Did you disable this, or is there something I’m doing wrong?

  • FiFtHeLeMeNt

    I checked it and it is working fine. may be you have setup something wrong :

    > adbrite.com
    Server: 216.155.148.9.choopa.net
    Address: 216.155.148.9

    Non-authoritative answer:
    Name: adbrite.com
    Address: 127.0.0.1

    as you can see it is resolving adbrite.com to 127.0.0.1

  • I’ve been using this server ( 216.155.148.9 ) for DNS for several months, but now it is no longer responding.

    Did it get disabled? Or did the proper address shift?

  • FiFtHeLeMeNt

    unfortunately , this server is not available anymore.

Powered by WordPress