Browser performance -- blocking adware in DNS

Josh ChaitinPollak josh at offthehill.org
Mon Oct 3 13:17:54 EDT 2005 

How does this solution affect websites that require the doubleclick  
cookies or whatever to function properly? Some websites refuse to  
work unless you have their ad provider's cookies.

-Josh

On Oct 3, 2005, at 12:53 PM, Rich Braun wrote:

> I finally got fed up with seeing "waiting for ad.doubleclick.net"  
> or the like
> at the bottom of my browser window:  I've noticed this month that a  
> lot of the
> adware sites seem to have sluggish performance.  So even if you  
> have one of
> those snazzy 6-megabit cable modem connections, you're still  
> crawling along at
> 256K DSL performance so much of the time.
>
> I did a little searching and came up with a solution that works for  
> all the
> PCs in my household (be they Linux or Windows or whatever).   
> Thought I'd share
> it with y'all and invite comments; thought I got ideas for this via  
> Google, I
> didn't find an exact match for what I wanted to accomplish, despite  
> how widely
> useful this technique is.
>
> If you're not running a local DNS (BIND 9), you can set one up  
> easily enough
> by setting up a named.conf file with the lines I've included below.
> (References to files like named.root and db.127 I'll leave as an  
> exercise for
> the reader.)
>
> My strategy to block adware is to create a local DNS zone for each  
> nefarious
> domain, pointing it (and all subdomains) at the loopback address  
> 127.0.0.1.
> That will block sites at the local PC:  your browser will not  
> generate ANY
> network traffic to those sites, and therefore won't hang around  
> waiting for
> some sluggish banner server to come up.
>
> I don't yet have a strategy for maintaining the list of domains  
> that need to
> be blocked, though; that's where I could use suggestions.
>
> -rich
>
> ---- /etc/named.conf
> // ACL defining list of legitimate user IP's on local LAN
> // We use this to prevent anyone from hacking our DNS from outside
> // regardless of firewall configuration
> acl lan-users { 127.0.0.1; 192.168.2.1; 192.168.2.2; 192.168.2.3; };
> options {
>         directory "/etc/named.dir";
>         transfer-format one-answer;
>         allow-query { lan-users; };
> };
> acl can_query { any; };
>
> zone "." {
>         type hint;
>         file "named.root";
> };
>
> zone "2.168.192.in-addr.arpa" {
>         type master;
>         file "db.192.168.2";
>         allow-query { lan-users; };
>         allow-transfer { lan-users; };
> };
> zone "127.in-addr.arpa" {
>         type master;
>         file "db.127";
>         allow-query { lan-users; };
>         allow-transfer { lan-users; };
> };
> include "blocked-zones.conf";
>
>
> ---- /etc/named.dir/blocked-zones.conf
> // Zones we want to block for browsing performance reasons
> // $Id: blocked-zones.conf,v 1.1 2005/10/03 01:04:23 richb Exp richb $
>
> zone "advertising.com" { type master; file "dummy-block";
>      allow-query { lan-users; }; };
> zone "ar.atwola.com" { type master; file "dummy-block";
>      allow-query { lan-users; }; };
> zone "ad.doubleclick.net" { type master; file "dummy-block";
>      allow-query { lan-users; }; };
> zone "ad.doubleclick.com" { type master; file "dummy-block";
>      allow-query { lan-users; }; };
> zone "www.activesearch.com" { type master; file "dummy-block";
>      allow-query { lan-users; }; };
> zone "www.actualnames.com" { type master; file "dummy-block";
>      allow-query { lan-users; }; };
> zone "www.ad-up.com" { type master; file "dummy-block";
>      allow-query { lan-users; }; };
> zone "www.adminder.com" { type master; file "dummy-block";
>      allow-query { lan-users; }; };
> zone "adwords.google.com" { type master; file "dummy-block";
>      allow-query { lan-users; }; };
> zone "hitbox.com" { type master; file "dummy-block";
>      allow-query { lan-users; }; };
>
>
> ---- /etc/named.dir/dummy-block
> ; $Id: dummy-block,v 1.1 2005/10/03 01:04:53 richb Exp $
>
> ; $TTL 24h
>
> ; Change the SOA record to match your server name and admin address
> @       IN SOA envoy.ci.net. admin.pioneer.ci.net. (
>                   2005100200  86400  300  604800  3600 )
>
> @       IN      NS   envoy-e0.ci.net.
> @       IN      A    127.0.0.1
> *       IN      A    127.0.0.1
>
> _______________________________________________
> Discuss mailing list
> Discuss at blu.org
> http://olduvai.blu.org/mailman/listinfo/discuss
>

More information about the Discuss mailing list