Raspberry pi dns server
Has anybody tried this out, http://blog.figster.net/post/40273124225/raspberry-pi-dns-server-plans-part-3 i can't get the script to run properly, maybe permissions etc 
cd /etc/bind/raspberrydns
sudo ./bind9BadDomains.py
Please note the Python script takes about 10mins to complete on the Raspberry Pi, obviously its much quicker on more meatier processors. Once done you’ll have a nice big juicy file called: named.conf.blocked.new. To get this in the right place and restart Bind9 to take all the above changes into account, just run the Bash script:
sudo ./update.sh
following this from a fresh install... http://blog.figster.net/p...i-dns-server-plans-part-3
I can't get it to work at all, i just keep following the instructions from the link above line for line.
driving me mad
I can't get it to work at all, i just keep following the instructions from the link above line for line.
driving me mad
Make a copy of the interfaces file:
sudo cp /etc/network/interfaces /etc/network/interfaces.orig
Now edit the interfaces file:
sudo nano /etc/network/interfaces
Comment out the line, prefix with a #:
#iface eth0 inet dhcp
Paste the following - note in my network I’m setting my Pi server to 192.168.1.5:
auto eth0
iface eth0 inet static
address 192.168.0.15
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
gateway 192.168.0.254
dns-nameservers 127.0.0.1
dns-search home.lan
dns-domain home.lan
(My router has the IP address of 192.168.1.1, I’m sure the rest is easy to work out from the above. I’ll explain home.lan later..)
Ctrl + x to save, and reboot the Pi.
Using Terminal on your computer ssh into the Pi - follow the instructions as they come up:
ssh pi@192.168.1.5
Raspberry Pi - DNS Server Plans - part 3
Part 3 (which is the final part to this series) covers off installing your home DNS server and configuring it to block iffy websites and adverts in a direct effort to improve security and general internet safety.
Install DNS Service - Bind9
I’m using Bind9 as it’s well used on the internet and there’s plenty of help for it. I want to set it up so all my network devices on my home network use this service to lookup domain names - at this point I can block undesirable addresses. I’ve use this guide as inspiration: http://www.learnlinux.co.uk/E/technical_notes/ln0008.htm
Install bind service on the Pi - just follow the instructions:
sudo apt-get install bind9
Backup everything first:
cd /etc/bind
sudo cp named.conf.options named.conf.options.orig
sudo cp named.conf.local named.conf.local.orig
sudo cp named.conf.default-zones named.conf.default-zones.orig
Create a new database file for HOME.LAN items. This will contain all the fixed IP names on the network - for example my router is at 192.168.1.1 and this Raspberry Pi is at 192.168.1.5.
sudo nano db.home.lan
Paste:
; Use semicolons to add comments.
; Host-to-IP Address DNS Pointers for home.lan
; Note: The extra “.” at the end of the domain names are important.
; The following parameters set when DNS records will expire, etc.
; Importantly, the serial number must always be iterated upward to prevent
; undesirable consequences. A good format to use is YYYYMMDDII where
; the II index is in case you make more that one change in the same day.
home.lan. IN SOA raspberry.home.lan. hostmaster.home.lan. (
2008080902 ; serial
8H ; refresh
4H ; retry
4W ; expire
1D ; minimum
)
; NS indicates that raspberry is the name server on home.lan
; MX indicates that raspberry is (also) the mail server on home.lan
home.lan. IN NS raspberry.home.lan.
home.lan. IN MX 10 raspberry.home.lan.
; Set the address for localhost.home.lan
localhost IN A 127.0.0.1
; Set the hostnames in alphabetical order
raspberry IN A 192.168.0.15
router IN A 192.168.0.254
Now we create a reverse lookup database file for our HOME.LAN fixed IP’s
sudo nano db.rev.0.168.192.in-addr.arpa
Paste:
; IP Address-to-Host DNS Pointers for the 192.168.0 subnet
@ IN SOA raspberry.home.lan. hostmaster.home.lan. (
2008080902 ; serial
8H ; refresh
4H ; retry
4W ; expire
1D ; minimum
)
; define the authoritative name server
IN NS raspberry.home.lan.
; our hosts, in numeric order
1 IN PTR router.home.lan.
5 IN PTR raspberry.home.lan.
Create a new file to direct all blocked domains. This database file returns an IP address of 127.0.0.1 for all domains directed to it, and thus blocking all web requests.
sudo nano db.blocked
Paste
; BIND db file for ad servers - point all addresses to localhost
$TTL 86400 ; one day
@ IN SOA raspberry.home.lan. hostmaster.home.lan. (
2004061002 ; serial number YYMMDDNN
28800 ; refresh 8 hours
7200 ; retry 2 hours
864000 ; expire 10 days
86400 ) ; min ttl 1 day
NS raspberry.home.lan.
A 127.0.0.1
* IN A 127.0.0.1
We now need to update the main bind config file, just a little configuration changes. Start with the Options file:
sudo nano named.conf.options
Now for me OpenDNS provides the best speeds over Google DNS, but that’s because I’m in the UK. Find the forwarders section and insert the OpenDNS settings:
forwarders {
212.159.6.9;
212.159.6.10;
};
Second Options file tweak is the following, can’t remember for the life of my why, but I read this somewhere and it works well. Ensure these are present in the file:
dnssec-enable no;
dnssec-validation no;
Our two new database home.lan files need to be included in the bind9 system configuration, (This will pick up every home.lan domain request on your network), so edit:
sudo nano named.conf.local
Paste:
zone "home.lan" IN {
type master;
file "/etc/bind/db.home.lan";
};
zone "0.168.192.in-addr.arpa" {
type master;
file "/etc/bind/db.rev.0.168.192.in-addr.arpa";
};
Finally, all the named files need to be brought together, so edit:
sudo nano named.conf
and I just include the following files
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.blocked";
Hang on! What’s this named.conf.blocked file?? Well, I’ve written a Python script to generate this file. It works by downloading lists of iffy domains from two wonderful sources: http://winhelp2002.mvps.org & http://malwaredomains.com. It works by directing all domain requests each iffy website to our db.blocked file. For example:
zone "x0.nl" {type master; file "/etc/bind/db.blocked";};
zone "sp.sk" {type master; file "/etc/bind/db.blocked";};
zone "51.la" {type master; file "/etc/bind/db.blocked";};
Also, I’ve added functionality to the script, to take into account manually specified domains from a local file called: manualDomains.txt. In my file I’ve added the TLDs RU and CN to totally block Russian and Chinese domains from all devices on my network.
This sounds great - how do it get my hands on a copy? I’ve put all the code into a GIT repository, so you’ll need to install git first:
sudo apt-get install git
Pull down all the Python code and files:
cd /etc/bind
sudo git clone https://figsternet@bitbucket.org/figsternet/raspberrydns.git
This creates the directory /etc/bind/raspberrydns which contains one Python script, one Bash script and a few text files.
To re-generate the names.conf.blocked file with the latest information from malwaredomains.com etc, just type the following :
cd /etc/bind/raspberrydns
sudo ./bind9BadDomains.py
Please note the Python script takes about 10mins to complete on the Raspberry Pi, obviously its much quicker on more meatier processors. Once done you’ll have a nice big juicy file called: named.conf.blocked.new. To get this in the right place and restart Bind9 to take all the above changes into account, just run the Bash script:
sudo ./update.sh
And that’s it really for the Pi side of things. Obviously you’ll want to test this, so in a terminal session on a different computer type the following:
dig @192.168.0.15 google.co.uk
You should see a large list of information here, but at the bottom there will be two lines of interest :
;; Query time: 149 msec
;; SERVER: 192.168.1.5#53(192.168.1.5)
it seems to block adverts 
I used to use that when I had a smoothwall firewall running. Back in the bad old days of M$ OS's 
