# [HOWTO] Adblock with apache2 and bind9

## john.newman

Ok this is quick, i will have to go and review later.  Any suggestions for better ways or improvements are welcome.   :Idea: 

Normally you can use the /etc/hosts file to add entries to direct "some.domain" to some ip. This is fine if you're the only machine on your network.  If you're that fortunate, you can probably skip this and just visit  http://winhelp2002.mvps.org/hosts.htm

I hope all of you are already familiar with that and have not been getting spammed with ads for years   :Very Happy: 

--

But if you have other machines on your network, you'll need to replicate the hosts file, let everyone get spammed, or setup a dns server to act as this hosts file for everyone. 

In this quick example, we will be setting up bind9 to listen for dns requests.  We will set bind9 to direct any requests for some advertisement BS server to a local apache server that always returns a blank document.  It's fast, and filters out all the useless http traffic and annoyances.

bind9 is a enterprise level dns server.  The details of config are out of the scope of this post.  Install it, get it running with the defaults.   Adjust commands as you would..

```
$ emerge -pv bind9

# emerge -v bind9

# /etc/init.d/named start

# rc-update add named default

# telnet localhost 53
```

To enable others on your lan to use it, you have to change the listen address to also bind to your LAN IP, and add anyone on your lan to the trusted group. In my case, my lan is 192.168.0.0 and this machine is .2.  Also tell this dns server to forward up through the gateway (and then ISP) for any dns requests not handled.  Finally, add the "adblock" zone which we will get to in a minute.

# vim /etc/bind/named.conf

```
acl "trusted" {

        127.0.0.1/16;

        192.168.0.0/16;

};

options {

        directory "/var/bind";

        pid-file "/var/run/named/named.pid";

        /* https://www.isc.org/solutions/dlv >=bind-9.7.x only */

        //bindkeys-file "/etc/bind/bind.keys";

        listen-on {

                192.168.0.2;

                127.0.0.1;

        };

...

   forwarders  {

      192.168.0.1;

   }

 zone "adblock"  {

        type master;

        file "pri/adblock.zone";

        allow-query { trusted; };

};
```

Any other machines on the lan need to use this one as their primary dns server.  

```
(other machine) # vim /etc/resolv.conf.head

nameserver 192.168.0.2
```

(or add that in the windows property box, whichever)

Next is to configure the apache2 on the server to handle all of these requests.  In my case, this is a VM running inside of .2, as .13 .  We want apache to respond with an empty 200 to any request    :Laughing: 

$ ssh vadblock   # .13

$ emerge -pv apache2

# emerge -v apache2

# /etc/init.d/apache2 start

# telnet localhost 80

# rc-update add apache2 default

# vim /etc/apache2/vhosts.d/default_vhost_include

```

<Directory "/var/www/localhost/htdocs">

        RewriteEngine on

        RedirectMatch 200 (.*)$

        ErrorDocument 200 " "

```

$ wget http://vadblock/some/random/crap

<empty response>  

Almost done, next point all of these adserver urls to our new apache server.  Back on the dns server, edit a new zone file

# vim /etc/bind/pri/adblock.zone

```
@  1        IN      SOA  localhost.your.domain.net.   root.localhost. (1000 7200 120 1209600 3600)

@  259200   IN      NS   localhost.your.domain.net.

*  259200   IN      A    192.168.0.13

@  2        IN      A    192.168.0.13
```

again, .13 is the new apache server, could be any machine. 

Finally, we need to add rules to block all this crap

$ wget http://winhelp2002.mvps.org/hosts.txt

<delete the first few lines of this file until it starts with the ad servers .. yes there is a simple command, but its late, just delete> 

# cat hosts.txt | awk '!/^#.*/ { printf("zone \"%s\" { type master;notify no; file \"/etc/bind/pri/adblock.zone\";};\n", $2); } ' >> /etc/bind/named.conf

# /etc/init.d/named restart

# ping ad.doubleclick.net

# 64 bytes from 192.168.0.13

visit site with lots of ads, note the whitespace and the traffic on the new apache server    :Idea: 

Again this was a quick and dirty guide, i'll probably clean it up tomorrow.

----------

## genterminl

If you're using Firefox or Chromium, why not just use the AdBlock extension?  Yes, you have to set it up for each user, but it's pretty easy, and you don't need either apache or bind.

----------

