Introduction
DNSmasq
Debian Etch
Install DNSmasq from testing because it has a newer version with integrated tftpd server.
apt-get -t testing install dnsmasq
Debian Lenny and Ubuntu
aptitude install dnsmasq
Configure DNSmasq
I prefer to keep my DNSmasq configuration outside the distributed .conf file, it makes upgrades much less of a headache.
Edit '/etc/dnsmasq.conf'
nano /etc/dnsmasq.conf
Add the following to the last line of the file...
conf-file=/etc/dnsmasq.intranet.conf
Now I need to setup my DNSmasq configuration.
Sample
# The following two options make you a better netizen, since they # tell dnsmasq to filter out queries which the public DNS cannot # answer, and which load the servers (especially the root servers) # uneccessarily. If you have a dial-on-demand link they also stop # these requests from bringing up the link uneccessarily. # Never forward plain names (without a dot or domain part) domain-needed # Never forward addresses in the non-routed address spaces. bogus-priv # By default, dnsmasq will send queries to any of the upstream # servers it knows about and tries to favour servers to are known # to be up. Uncommenting this forces dnsmasq to try each query # with each server strictly in the order they appear in # /etc/resolv.conf strict-order # Set this (and domain: see below) if you want to have a domain # automatically added to simple names in a hosts-file. expand-hosts # Set the domain for dnsmasq. this is optional, but if it is set, it # does the following things. # 1) Allows DHCP hosts to have fully qualified domain names, as long # as the domain part matches this setting. # 2) Sets the "domain" DHCP option thereby potentially setting the # domain of all systems configured by DHCP # 3) Provides the domain part for "expand-hosts" domain=example.org # Uncomment this to enable the integrated DHCP server, you need # to supply the range of addresses available for lease and optionally # a lease time. If you have more than one network, you will need to # repeat this for each network on which you want to supply DHCP # service. dhcp-range=192.168.1.100,192.168.1.199,12h # Override the default route supplied by dnsmasq, which assumes the # router is the same machine as the one running dnsmasq. #dhcp-option=3,1.2.3.4 # Do the same thing, but using the option name dhcp-option=option:router,192. 168.1.1 dhcp-option=option:dns-server, 192.168.1.77,192.168.1.1 dhcp-option=option:domain- name,example.org # Send RFC-3397 DNS domain search DHCP option. WARNING: Your DHCP client # probably doesn't support this...... dhcp-option=option:domain- search,example.org
Configure /etc/resolv.conf
We have configured DNSmasq to query the DNS servers in the order they appear in '/etc/resolv.conf'. I have done this because I use OpenDNS and failover to my ISPs DNS server in the unlikely eventOpenDNS is not available.
nano /etc/resolv.conf
Add the following and save the file.
search example.org #OpenDNS Servers nameserver 208.67.222.222 nameserver 208.67.220.220 #Your ISPs DNS Servers nameserver 212.159.13.49 nameserver 212.159.13.50 nameserver 212.159.6.9
Configure hosts
Here is an example hosts file for your DNSmasq server.
nano /etc/hosts
Add the following and save the file.
192.168.1.1 router.example.org router 192.168.1.10 server-a.example.org server-a 192.168.1.11 server-b.example.org server-bRestart DNSmasq
/etc/init.d/dnsmasq restart
Ad Blocking
We need a couple of supporting utilities to complete DNSmasq's ad blocking duties.
Enable adblocking configuration
nano /etc/dnsmasq.conf
Add the following to the last line of the file...
conf-file=/etc/dnsmasq.adblock.conf
Get Ad Block List
First we need to create a simple script to get the ad block list.
nano /usr/local/bin/get-ad-block-list.sh
#!/bin/sh # Down the DNSmasq formatted ad block list wget "http://pgl.yoyo.org/adservers/serverlist.php? hostformat=dnsmasq&showintro= 0&mimetype=plaintext" -O /tmp/adblock.tmp # Replace all occurrences of 127.0.0.1 with the IP address our ad block server is listening on. cat /tmp/adblock.tmp | sed 's/127.0.0.1/192.168.1.78/g' | sed 's/googleadservices/ ggggggadservices/' | sed 's/tradedoubler.com/ tttttdoubler.com/'> /etc/dnsmasq.adblock.conf # Restart DNSmasq /etc/init.d/dnsmasq restart
Now we will setup a cron job to run that on a weekly basis.
ln -s /usr/local/bin/get-ad-block-list.sh /etc/cron.weekly/get-ad-block- list
Create a pixel server
Pixelserv is a super minimal webserver, it's one and only purpose is serving a 1x1 pixel transparent gif file. We will redirect web requests, for adverts, to pixelserv.
wget http://proxytunnel.sourceforge.net/files/ pixelserv.pl.txt -O /usr/local/bin/pixelserv.pl chmod 755 pixelserv.pl
We will now edit pixelserv.pl and change the IP address it listen on.
nano /usr/local/bin/pixelserv.pl
Change...
$sock = new IO::Socket::INET ( LocalHost => '0.0.0.0',
...to...
$sock = new IO::Socket::INET ( LocalHost => '192.168.1.78',
We need a simple init script for starting/stopping pixelserv.pl.
vi /etc/init.d/pixelserv
#! /bin/sh # /etc/init.d/pixelserv # # Carry out specific functions when asked to by the system case "$1" in start) echo "Starting pixelserv " /usr/local/bin/pixelserv.pl & ;; stop) echo "Stopping script pixelserv" killall pixelserv.pl ;; *) echo "Usage: /etc/init.d/pixelserv {start|stop}" exit 1 ;; esac exit 0
chmod 755 /etc/init.d/pixelserv
Test that the pixelserv init script work correctly by running '/etc/init.d/pixelserv start' and checking that the 'pixelserv.pl' process is running. Now run '/etc/init.d/pixelserv stop' and check the the 'pixelserve.pl' process is no longer running. If everything works correctly, add the pixelserv init script to startupshutdown sequences...
update-rc.d pixelserv defaults
Testing the Ad Blocking
Go and visit some websites which have adverts in their pages and check if they are removed :-)
References
- http://pgl.yoyo.org/adservers/
- http://proxytunnel.
sourceforge.net/pixelserv.php - http://www.debian-
administration.org/articles/ 535 - http://www.debian-
administration.org/articles/28