Ad-Blocking with BIND9 and NGINX

In my intranet, where hosts are in a subnet and domain names in a domain mydomain, I use BIND9 as DNS, running on host intradns.mydomain , and NGINX as a webserver running on intraweb.mydomain.

I would like to rewrite all subdomains of certain public domains (spammers and trackers) using my intranet DNS to a webserver that answers every request with a 1 x 1 transparent Pixel GIF.

Note: A user has to be fully aware that the result is not the internet according to public DNS anymore but a modified view of it.


Reserving A Private IP Address

I reserve to redirect all unwanted spammers‘ domainnames to. It will be used to serve requests to an address-based virtual host as described below.

A-Record for The IP Address

On intradns.mydomain, I have prepared an A-record for the dedicated IP address in my BIND9’s mydomain zonefile:

; file /var/lib/bin/db.mydomain:
; ... other entries ...

empty IN A

Additional IP Address On The Webserver

I have prepared an additional network interface for IP address on intraweb.mydomain:

# file /etc/network/interfaces
# ... other entries ...

auto eth0:0
iface eth0:0 inet static

I activate the additional interface on intraweb by runnning

ifup eth0:0


From a workstation where this is supposed to take effect, I test that the domain name is pointing to the reachable IP address:

~$ ping empty.mydomain
PING empty.mydomain ( 56(84) bytes of data.
64 bytes from icmp_seq=1 ttl=64 time=0.207 m