How to Block Domains using RPZ on BIND DNS
Problem:
How we can block large number of domains using RPZ firewall on BIND under CENTOS operating system?
Solution:
Installation via Yum:
1 | yum install bind bind-utils httpd wget |
Creating “Content Blocked” Page
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 | vi /var/www/html/index.html <html> <head> </head> <body bgcolor="Black"> <div align="center"> <font color="RED" face="Arial"> <br> <h2> Web Page Blocked </h2> <img src="gema-youtube-smile.jpg" alt="Content Blocked"> <h2> Category: PG </h2> </font> <font color="White" face="Arial"> <hr> If you are seeing this message, it is because you have visited, or you have been redirected to a site that is known to contain malicious content. If you feel that you have reached this page in error or have any questions, you may contact admin@example.com. <hr> </font> </div> </body> </html> |
Downloading Sample Image File
1 2 | wget http://www.learnacad.com/wp-content/uploads/2018/04/gema-youtube-smile.jpg cp gema-youtube-smile.jpg /var/www/html/ |
Configuring “named.conf” File
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 | vi /etc/named.conf // // ---- Lines Omitted --- // options { listen-on port 53 { any; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { 192.168.10.0/24; localhost; }; response-policy { zone "rpz.example.com"; }; }; // // ---- Lines Omitted --- // zone "rpz.example.com" IN { type master; file "badrpzlarge.db"; allow-query { any; }; }; // // ---- Lines Omitted --- // |
Database File of Bad Domains
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 | vi /var/named/badrpzlarge.db $TTL 86400 @ In SOA rpz.example.com. root.example.com. ( 2018042002 ;Serial 3600 ;Refresh 1800 ;Retry 604800 ;Expire 86400 ;Minimum TTL ) @ IN NS rpz.example.com. @ IN A 192.168.10.4 abctube.com IN CNAME @ *.abctube.com IN CNAME @ abc06.de IN CNAME @ aabc0fotos.g11.com IN CNAME @ abc-0-sx.222tblogs.be IN CNAME @ abc104.biz IN CNAME @ abc104.net IN CNAME @ // // ---- Lines Omitted --- // |
Checking Configuration File for Errors
1 | named-checkconf |
Starting Web and DNS Services
1 2 | systemctl start httpd systemctl start named |
Enabling Web and DNS Services
1 2 | systemctl enable httpd systemctl enable named |
Adding Web and DNS Ports in Centos Firewall
1 2 3 4 | firewall-cmd --permanent --add-port=80/tcp firewall-cmd --permanent --add-port=53/udp firewall-cmd --reload firewall-cmd --list-ports |
Configuring Local DNS for Testing
1 2 | vi /etc/resolve.conf nameserver 127.0.0.1 |
Final Testing on Same System
1 2 3 4 | nslookup google.com nslookup yahoo.com nslookup abc06.de nslookup abctube.com |
Please feel free to comment your success or progress.
