Block Ads with Linux and Bind9

Learn how to block ads and trackers using a Debian based system and bind9 (DNS caching) service. This is handy if you want to block ads for everyone on your network.

Prerequisites:

• A basic understanding of Linux shell commands
• A basic understanding of the Vi text editor
• A Debian based system. In this example a Raspberry Pi running Raspbian*

Step 1:

Ensure you have a working bind9 caching DNS service. The following is a guide to do that.

https://youtu.be/-OQf2IBk-fs

Step 2:

Now that you have the basics ready, we will create our shell script that will download the ad block list** and convert it to bind9 format.

The following commands need to be run as root user, or prefix them with 'sudo'.

Create the shell script file:

vi /etc/bind/make-block-list.sh

#!/usr/bin/env bash
wget -O - http://someonewhocares.org/hosts/zero/hosts | grep '^0.0.0.0' | tr "[A-Z]" "[a-z]" | awk '!a[$0]++' | awk '{print "zone \""$2"\" { type master; notify no; file \"/etc/bind/blocked.zone\"; };"}' > /etc/bind/named.conf.blocked
rndc reload

Each part is explained below:

# download the list to STDOUT.
wget -O - http://someonewhocares.org/hosts/zero/hosts
# filter out any lines that don't start with the '0.0.0.0', such as comments and empty lines.
grep '^0.0.0.0'
# convert to lowercse
tr "[A-Z]" "[a-z]"
# filter out any duplicate lines
awk '!a[$0]++'
# format the line to bind9 style
awk '{print "zone \""$2"\" { type master; notify no; file \"/etc/bind/blocked.zone\"; };"}'
# save the output to /etc/bind/named.conf.blocked
> /etc/bind/named.conf.blocked
# reload the bind9 service
rndc reload

Make the file executable:

chmod +x /etc/bind/make-block-list.sh

Now we need to tell bind9 to load our block list:

vi /etc/bind/named.conf.local

And add this to the end of the file:

include "/etc/bind/named.conf.blocked";

Similar to the video, we will create a new zone that will be used to block URLS:

vi /etc/bind/blocked.zone

$TTL    86400   ; one day
@       IN      SOA     ads.example.com. hostmaster.example.com. (
                        2014090102
                        172800
                        14400
                        3628800
                        604800
                        )
                NS      my.dns.server.org
                A       0.0.0.0
@       IN      A       0.0.0.0
*       IN      A       0.0.0.0

All that's left is to run the shell script, which will create our list and reload the service:

/etc/bind/make-block-list.sh

* I installed this version of Raspbian, the minimal Raspbian unattended netinstaller for Raspberry Pi Model 1B, 1B+ and 2B.

** I'm using the list from here: someonewhocares.org/hosts/zero/