Ad blocking/filtering via BIND DNS named.conf or local hosts file.

This post is about… (You guessed it) blocking ads from showing up while web browsing. I’ve wanted to do this for a very long time but wasn’t positive about how I was going to go about it. I’ve done a lot of reading to get to where I finally decided the route to take to satisfy my objective for such a blog post.

I’ve known you could do it via SQUID web caching proxy server as a filter from some of the Google results while doing my homework on the subject but really didn’t want to go that way. I especially didn’t want to go through the trouble to setup SQUID since I haven’t had that server setup for awhile because I really don’t see a performance benefit in my network.

After figuring out I could just add an entry in one of my DNS’s that was dedicated for my girlfriends kids to use so I can filter their browsing if/when need be. I created a separate DNS server using FreeBSD OS as a VM in xVM after I figured out on what was in the beginning the only local DNS to block sites I can just create an entry in BIND for the domain I don’t want anyone to access by entering as the IP of the domain to be blocked. I don’t run a dedicated DNS for them anymore. If I want to prevent them from going somewhere I’ll just edit their local hosts file.

I’ve started to read a lot and when I say that I mean TONS of reading on lately probably upwards of between 20 – 40 pages a day for the last week. I’ve been using the tablet (ASUS Transformer Prime) for the convenience of just reading and I got so sick of the advertisements taking a chunk out of the paragraphs and displacing the text and the annoyance of some of them being flash based and completely distracting that I finally said enough is enough and dedicated a few hours that night to investigating an easy way to block ads via DNS but seeing if there was a simpler way of creating a mass amount of entries in one fell swoop that would take seconds to implement rather than an eternity compiling a list in the named.conf file. I decided to share what I’ve discovered & learned on my own with you via this post.

Starting out by doing some Google searching I came upon ( {You should read this site!} This page is dedicated to explaining different techniques to keeping ads away. This site was very helpful in validating my hypothesis of the possibility to block ads simply by having bogus DNS entries. You can also do so by adding the compiled ad domains in the hosts file he provides for download to your own local hosts file. The fastest and easiest way to turn your DNS into an ad blocking server is listed as follows.

Go to;hostformat=hosts to get a copy of the list. The only way I’ve been able to do a (select all) to copy to the clipboard is to load the page in IE and then you can right click anywhere on the page and (select all) in the menu and then (copy). Then go to and paste the list minus the commented out area explaining where the list came from.

I did this by copying the whole thing into the area you’re suppose to copy to and then just highlighting the commented out text and deleting it leaving only the ip’s and domain’s (make sure you add to the list) I have no idea why he left out such an obvious advertising offender when he clearly even talks about that domain in his page.

I had to figure out on my own after configuring my DNS as I’ve instructed here that I was still seeing tons of ads, no thanks to him not having omitted from his own list of offenders he graciously provides us. Once I figured out he didn’t have listed and added it myself the ads have significantly dropped again. I only see one once in a while, usually flashed based. I decided to re-enable my “adblock & adblock plus” extensions in Chrome. I turned them off when I wanted to test the effectiveness of the DNS method. I will continue to look into seeing what it will take to get the rest of the ads still slipping through to be blocked. I would say the DNS / hosts file method blocks a good realistically 80% of the ads.

Once you generate the BIND named.conf data all you have to do is copy and append into your existing named.conf. THEN click on the example link in the [Download id not defined] on the page that compiles that named.conf entries and copy the bogus zone contents of the example file into a new file in your /etc that should be named & change the entries to

If you leave the you’ll get tons of unnecessary log entries from BIND every time an ad domain tries to resolve and the DNS catches that the domain entry’s resolutions are bogus. We know they’re bogus and point nowhere, we don’t need tons of entries logged wasting space for something we already know since we deliberately created these nowhere entries manually.

After you’ve inserted the additional zone entries into your named.conf and have created the you’ll need to restart BIND. I typically will have it shutdown then start the service back up to make sure it’s completely cleared out of RAM and will read the config file again as I expect.

Category(s): FreeBSD
Tags: ,

Comments are closed.