# No Ad DNS Project?



## Mun (May 22, 2013)

At my work as of late I have been nulling Ad networks via DNS, and I was thinking of setting up one for everyone and I wanted to know your thoughts, concerns etc.

Basically I will take doubleclick.net and point is at 127.0.0.1 and other networks as well. 

Other possibilities is to null bad/spam/virus infected networks.

Thanks for feedback if any.


----------



## Pmadd (May 22, 2013)

It's a neat idea, I won't mind seeing you impliment it, but as always there may be abuse (I'm not sure if/how you can abuse dns... As I'm still trying to figure it out.)


----------



## NodeBytes (May 22, 2013)

That sounds really cool!

Also, if you want to add any servers to the cluster let me know.


----------



## Mun (May 22, 2013)

Thanks for the feed back, we might add some mirrors, but lets first get it off the ground.


----------



## D. Strout (May 22, 2013)

Mun said:


> Basically I will take doubleclick.net and point is at 127.0.0.1 and other networks as well.


Where would you get your list of networks to redirect? And what would you redirect them to? Then there's the issue of trust - you could take Bankofamerica.com and point it somewhere nasty. Not that I'm saying you would, but it's something one has to consider.


----------



## Mun (May 22, 2013)

D. Strout said:


> Where would you get your list of networks to redirect? And what would you redirect them to? Then there's the issue of trust - you could take Bankofamerica.com and point it somewhere nasty. Not that I'm saying you would, but it's something one has to consider.



Correct, and that is always a point of contention that can happen. I mean google could as well. (theoretically)

The best way for that to not happen is to be open, to show problems, and three to setup a compare Web App.

(I would love to have vigil people and call me out if I did something that "Stupid")


----------



## NodeBytes (May 23, 2013)

Keep a list of all the active bind records on a website possibly? Just throwing out ideas.


----------



## drmike (May 23, 2013)

I do exactly this for various projects, clients, etc.

Maintaining the lists and blocks is a problem and "false" positives.

Lots of unsavory companies are mixing real legitimate services with things that should be blocked on the same domain.   Google for instance comes to mind 

There's a niche for this sort of thing certainly.


----------



## acd (May 23, 2013)

A quick google search says someone already does this...


http://pgl.yoyo.org/as/


----------



## Mun (May 23, 2013)

acd said:


> A quick google search says someone already does this...
> 
> http://pgl.yoyo.org/as/



That is the host file and not a DNS server. A host file is great, but I think a Dns server might be better in certain cases



buffalooed said:


> I do exactly this for various projects, clients, etc.
> 
> Maintaining the lists and blocks is a problem and "false" positives.
> 
> ...


yeah.... I know :\



bcarlsonmedia said:


> Keep a list of all the active bind records on a website possibly? Just throwing out ideas.



We will. 

So all in all I have a few people liking it?

.


----------



## drmike (May 23, 2013)

Sure, I like the idea and should be generally easy enough to do.

In addition to blocking ad networks, I highly advise the different but associated stuff like Google Analytics being blocked too.

My approach has been to inspect slow loading pages I frequent and pull apart the many requests and identify what things are.  Anything monitoring, behavioral, or related, I ban.


----------



## NodeBytes (May 23, 2013)

Just make sure not to block any cdns that carry the css.


----------



## acd (May 23, 2013)

Edit: I determined this post does not add value to this thread and have blanked its contents. Instead, I suggest writing a script that converts hosts files to nameserver format for loading.


----------



## Mun (May 23, 2013)

So the next question is are there other things we should try and implement as well?


----------



## NodeBytes (May 23, 2013)

@acd - those already exist.


----------



## Mun (May 23, 2013)

Indeed there is already host files out there, but I don't really wish to fully use them as I don't know the context of the block.


----------



## titanicsaled (May 23, 2013)

Great idea! You could use to block access to suspected nasty sites as well 

Although forwarding to 127.0.0.1 could cause problems for people running their own webserver.


----------



## Mun (May 23, 2013)

titanicsaled said:


> Great idea! You could use to block access to suspected nasty sites as well
> 
> Although forwarding to 127.0.0.1 could cause problems for people running their own webserver.


Yes, I was planning on doing nasty sites 

Yeahh..... I wonder if there is a better address? 127.0.0.2?


----------



## Chronic (May 23, 2013)

Doesn't OpenDNS do something similar?


----------



## Mun (May 23, 2013)

Chronic said:


> Doesn't OpenDNS do something similar?


I think they "blacklist bad sites" but don't do anything with ads. However, I may be mistaken.


----------



## tallship (May 26, 2013)

acd said:


> A quick google search says someone already does this...
> 
> http://pgl.yoyo.org/as/


Another decent resource for using /etc/hosts is HERE, but that's using "files" (from /etc/nsswitch.conf) for resolution of IPs, which in most cases should come before DNS and NIS in that file anyway.

When you consider layers of redundancy, and the fact that a correctly configured nsswitch.conf file reduces the burden on your DNS server by being referenced first for those IPs you always want blocked (after your null routing tables for blackholes and iptables in your firewall and /etc/hosts.deny in your tcpwrappers), maintaining a list of  *standard* IPs in your hosts file is a good thing.

For fun, I like to setup an IP based virtual host with the default index.html page being something like THIS and point those /etc/hosts entries to that IP 

But whre DNS is concerned, here's a couple of good reads that should bring you up to speed pretty quick on some crafty solutions using your DNS servers as firewalls on yet another layer:

ftp://ftp.isc.org/isc/dnsrpz/isc-tn-2010-1.txt

and...

http://www.circleid.com/posts/20120103_dns_firewalls_in_action_rpz_vs_spam/

I hope that helps 

Kindest regards,


----------

