For Gentoo Linux:
emerge bindYou can also choose to use bind's own zones directories, but I prefer to keep things separate.
sudo mkdir /etc/bind/zones$TTL 6h
@ IN SOA ns.home.lan. hostmaster.home.lan. (
2015060501
10800
3600
604800
86400 )
@ NS ns.home.lan.
; Resolve domain and wildcard subdomains
@ IN A 0.0.0.0
* IN A 0.0.0.0121a122,124
> # Update /etc/bind/zones/adware-plus-malware.zones using the most recent data.
> wget -O - https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts | grep '^0.0.0.0' | tr "[A-Z]" "[a-z]" | awk '!a[$0]++' | awk '{print "zone \""$2"\" { type master; notify no; file \"/etc/bind/zones/blackhole.zone\"; };"}' > /etc/bind/zones/adware-plus-malware.zones
>This will create / update adware-plus-malware.zones before bind is started, based on Steven Black's frequently updated adware + malware hosts file. As it is based on multiple aggregated well-known block lists it should capture most of the crapware out there.
25a26
> 192.168.2.0/24;
37c38
< listen-on { 127.0.0.1; };
---
> listen-on { 127.0.0.1; 192.168.2.1; };
77d77
< /*
84,85c84,87
< 8.8.8.8; // Google Open DNS
< 8.8.4.4; // Google Open DNS
---
> // 8.8.8.8; // Google Open DNS
> // 8.8.4.4; // Google Open DNS
> 1.1.1.1; // Cloudflare DNS #1
> 1.0.0.1; // Cloudflare DNS #2
88,89d89
< */
<
166a167,170
>
> // Block adware and malware
> include "/etc/bind/zones/adware-plus-malware.zones";Note that I am using Cloudflare DNS as it is supposedly more privacy-focused and even faster than Google's.
Make sure your dhcp daemon to give out your bind server's ip adress. For example in /etc/dhcp/dhcpd.conf:
option domain-name-servers 192.168.2.1;