Admins eHow SysAdmin Tips & Tricks

April 4, 2010

Configure Powerdns to use MVPS.org Hosts file

Filed under: General — Tags: , , , — admin @ 4:20 pm

One of the solutions to increase your PC security and block ads, counters, malwares and etc is to use a HOSTS file on your windows so the DNS address of such sites is resolved to localhost (127.0.0.1) instead of correct address.
Simply using a HOSTS file is not a cure-all against all the dangers on the Internet, but it does provide another very effective “Layer of Protection”.
The original idea is explained on this link : http://www.mvps.org/winhelp2002/hosts.htm
As the above link explains , you can put HOSTS file inside your windows system files and it will do the trick , but this solution has its own complexities and downsides , a better solution is to have a DNS server which uses MVPS HOSTS file to block malware sites and then point your PC DNS entries to it.
like 1 year ago I explained how to install PowerDNS as a caching DNS server – HERE – now I want to explain how you can configure it to use MVPS HOSTS file to block malware site and update it automatically.
Please note you should have perl installed on your server for this script to work.

Go to /etc/powerdns folder and create the following files :

null.zone.file :

; BIND db file for ad servers - point all addresses to localhost
;
; This file comes from:
;
;       http://adminsehow.com

$TTL    86400   ; one day

@       IN      SOA     ns0.example.net.      hostmaster.example.net. (
                        2002061000       ; serial number YYMMDDNN
                        28800   ; refresh  8 hours
                        7200    ; retry    2 hours
                        864000  ; expire  10 days
                        86400 ) ; min ttl  1 day
                NS      ns0.example.net.
                NS      ns1.example.net.

                A       127.0.0.1

*               IN      A       127.0.0.1

auth-zone.pl :

local $/=undef;
open FILE, "hosts.txt" or die "Couldn't open file: $!";
binmode FILE;
$subject = <FILE>;
close FILE;

$a='auth-zones=';

while ($subject =~ m/127\.0\.0\.1[ ]+(([a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,4})/ixg) {
  $a=$a.$1."=null.zone.file,";
}

print "$a";

update-auth-zone :

cd /etc/powerdns
rm -f hosts.txt
wget -q "http://www.mvps.org/winhelp2002/hosts.txt"
perl auth-zone.pl > auth.zone
sed -i "/auth-zones=/d" recursor.conf
cat auth.zone >> recursor.conf
/etc/init.d/pdns-recursor restart > /dev/null 2>&1
rm -f hosts.txt
rm -f auth.zone

make update-auth-zone executable :

chmod +x update-auth-zone

execute update-auth-zone once :

./update-auth-zone

open crontab by “crontab -e” command and add the following line to it :

@weekly /etc/powerdns/update-auth-zone

this cron job will automatically update your powerdns configuration based on MVPS HOSTS file weekly.

Currently I have configured my own DNS server 216.155.148.9 to use MVPS HOSTS file , feel free to use it as your primary DNS Server if you like 🙂

Powered by WordPress