How to Run Your Own Advertisement Blocking DNS Server

A Do-it-Yourself! Guide.

As many users of TopChan.info have noticed, there are several "greedy" Chan Operators out there that load their sites up with nothing but in-your-face ads. This unfortunately makes it impossible to enjoy a good Chan experience.

Fortunately YOU the end user has ultimate control on what is displayed on your computer screen. The following is the most simple way to run your own private or public Advertisement and malware blocking DNS server.

This is intended for users who are technically capable of managing servers. If the following is too difficult to understand, you may want to just use a public ad blocking DNS server ran by one of our users. They can be found in our forums.

Pre-Requisites

In order to setup a DNS server, we need a computer to act as a server. Fortunately DNS doesn't require much power. Any old computer from the last 10 to 15 years will function as a good DNS server. I recommend that you find something with no less than 256 MB of RAM for 1 user. IF you want to make your DNS public, you should definitely find something with at least 1GB.

If you really want to get fancy, try using a Virtual Server. VMWare, VurtualBox, etc... As long as it can run your operating system it doesn't matter.

Secondly we need a good stable operating system. Something that is secure and won't need much maintenance. After all this is suppose to be helping you, not creating more work. We won't be using any Windows OS's mainly because they are to difficult to setup and manage.

The OS of choice is FreeBSD. Yes, FreeBSD not Linux. Remember the goal is simplicity and ease of management. Linux is just as complicated as Windows. Many Linux fans may be disappointed, but Linux requires too much maintenance and too much system resources.

FreeBSD on the other-hand has all the software we need built right in with nothing extra to get in the way. FreeBSD's maintenance is as simple as running one command to apply security and software updates. FreeBSD will also run forever until the hardware dies.

Install the OS

Installing FreeBSD is easy, and the developers have created such an excellent set of instructions that it's not necessary for me to re-write them here. Just follow these instructions to get your server OS installed:
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/bsdinstall.html

We'll be using version 9.0

One thing to note during the installation. When you are asked to create a user account, make sure you add it to the "wheel" group when asked for secondary group membership. This will allow you to escalate to the root user on a remote connection.

Manage your Server

Almost everyone reading this will probably use a Windows PC to manage their brand new FreeBSD server. Likewise, there are several free tools that will make the process a whole lot simpler. You may use Google to find the following programs. For WinSCP I recommend that you stick with the 4.x series. The 5.x series uses the .NET Framework which is evil.

  • WinSCP
  • PuTTY
  • Notepad++

If you are a Macintosh user, you really only need the WinSCP and Notepad++ equivalents since OS X already includes an SSH Terminal client. Again, use Google to find and download these programs. For the Smultron Editor there are two version, the free and the newer paid. The free version is more than enough.

  • Cyberduck
  • Smultron

Linux/Unix Desktop users will find that their operating system already includes everything that is needed. If you are using the Mate Desktop Environment (or GNOME 2.x) the following programs should already be installed on your computer.

  • Terminal
  • Text Editor
  • File Browser

This guide will continue with the Windows based tools. The instructions will be generic enough that they will apply to any operating system. I do recommend that if you are unfamiliar with UNIX OS's that you read that very well written guide on UNIX basics: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/basics.html

Login to the Server

By this point you should already have FreeBSD 9.0 installed. It should be assigned an IP address. Whether it's static or DHCP doesn't matter. Preferably you would want to have a static IP. Refer to the networking setup guide in the FreeBSD manual on how to assign a static IP address to your system: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/config-network-setup.html. 99.9999% of the time, your network card will work out of the box and all you need to do is add the correct configuration value in /etc/rc.conf.

Go ahead and remote into your server from your desktop using the server's IP address and the user account you setup. If you do not know what IP your server has, you can find out by logging into it's local console and typing:

ifconfig | grep inet

The output should be similar to:

   
inet 192.168.0.64 netmask 0xffffff00 broadcast 192.168.0.255
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5
inet 127.0.0.1 netmask 0xff000000

Look for the lines starting with "inet", one of them should contain an IP address that is familiar. Use this IP in your SSH client on your desktop.

Once you have signed in, switch to the root user account.

su 

Your prompt changes from a "$" to a "#". Congratulations, you are now root!

Run the ping command to test out the connection to the internet:

ping www.topchan.info

The reply should be:

PING www.topchan.info (63.247.147.169): 56 data bytes
   64 bytes from 63.247.147.169: icmp_seq=0 ttl=63 time=13.033 ms
   64 bytes from 63.247.147.169: icmp_seq=1 ttl=63 time=5.220 ms

Press CTRL+C on your keyboard to stop the ping command. CTRL+C will stop any running command.

Enable the DNS Service

I did mention that FreeBSD includes a fully functional DNS server. To enable it, we must edit the file named "/etc/rc.conf". In the terminal type in the following to open up the file for editing. Make sure you are signed in as root.

edit /etc/rc.conf

Using the arrow keys on your keyboard, move the cursor down to the bottom of the screen and add in the following line:

named_enable="YES"

Press the ESC key on your keyboard, and once again using your arrow keys select "Leave Editor" press ENTER then choose "Save Changes".

Now that was easy, probably too easy huh? Sorry to disappoint, but that's as difficult as it gets.

Configure the DNS Server

Now we must tell our DNS server to listen for DNS queries on the network. To do this we will once again need to edit a configuration file. While I use the terminal to make the edits, you can certainly use one of the GUI programs. Just keep in mind that you will need to enable root login over SSH in order to edit these files. Information on that can be found here: http://forums.freebsd.org/showthread.php?t=27346

Go ahead and open up the following file to edit:

/var/named/etc/namedb/named.conf

Look for the following line around the top of the file. It should be at about line 22:

listen-on       { 127.0.0.1; };

Change that to:

listen-on       { any; };

Then go all the way to the bottom and add the following line:

include "/etc/namedb/adblock/adblock_include.conf";

Save your changes and close the file.

Next we create a directory on the system to store our advertising blocking information:

mkdir /var/named/etc/namedb/adblock

Our DNS server is almost ready to go live.

Obtain the Ad-Blocking Database Files

This is the part that is most important. The database file that includes all the bad domain names that need to be blocked. TopChan.info and the SpammerSlapper, along with several other partners have created a massive DNS "blacklist" shared amongst multiple ISP and DNS server operators around the world. It is part of a large project that aims to remove the "crap" off the Internet. If you are a regular visitor to TopChan, you may remember I had mentioned something about DNS blacklists in a forum post. I was not bluffing when I said that spammers will suffer severe consequences.

The DNS ad blocking database is regularly updated, and is available free to use for your own personal and or public DNS server. TopChan proudly makes the following DNS configuration files and databases available for download:

To install these files on your server, perform the following commands:

fetch -o /var/named/etc/namedb/working/null.zone.file  http://spammerslapper.com/downloads/null.zone.file
fetch -o /var/named/etc/namedb/adblock/adblock_include.conf http://spammerslapper.com/downloads/adblock_include.conf

The same commands can be used to update the files.

Start the Server and Use it

Now it's time to start your DNS server. Issue the following command to start things up:

service named start

If your updating your database, issue this command

service named restart

Now lets test it:

dig @localhost ad.doubleclick.com

it should return

63.247.147.167

Now, setup your desktop PC to use your DNS server, reboot, clear your cache, and start browsing ad-free!

If you had any trouble or questions at any point during this guide, feel free to post in the forums.

Donate

If you found this guide helpful and want to show you appreciation. Then send me a Bitcoin: 1B6eyXVRPxdEitW5vWrUnzzXUy6o38P9wN