Red Squirrel
[H]F Junkie
- Joined
- Nov 29, 2009
- Messages
- 9,211
Been toying with the idea of setting up something where I can block hostnames such as ad servers and privacy infringement related hosts, basically like a host file, but something I can setup on a per vlan bassis. (it can be the same list, I just want to be able to turn it on/off per vlan). I run Pfsense and I also run my own local DNS. There are various sites where these lists are made public, so I'd probably write a parser that goes through once in a while and generates my own local iist for whatever system I'd be using. I'd also want to be able to add my own custom entries.
Is there something on my DNS server I can do for that to work, or something in pfsense? I could make zones for each domain I want to block, but that seems kinda dirty, if I want to block ads.google.com I don't really want to have to make a zone for google.com and then have to put in all the proper A records. I just want to be able to block ads.google.com and then the rest still resolves normally. I'm thinking it would actually be fairly easy to code a program that speaks the DNS protocol but works off a host file style format, but figured there's probably something out there already made so open to suggestions.
This is one of those security/privacy things I should have done a long time ago and never bothered, so looking into it now. I know there are browser ad ons and such but I want to do it more globally while having some level of access to the list too.
Is there something on my DNS server I can do for that to work, or something in pfsense? I could make zones for each domain I want to block, but that seems kinda dirty, if I want to block ads.google.com I don't really want to have to make a zone for google.com and then have to put in all the proper A records. I just want to be able to block ads.google.com and then the rest still resolves normally. I'm thinking it would actually be fairly easy to code a program that speaks the DNS protocol but works off a host file style format, but figured there's probably something out there already made so open to suggestions.
This is one of those security/privacy things I should have done a long time ago and never bothered, so looking into it now. I know there are browser ad ons and such but I want to do it more globally while having some level of access to the list too.