In my intranet, where hosts are in a subnet 192.168.2.0/24 and domain names in a domain mydomain, I use BIND9 as DNS, running on host intradns.mydomain , and NGINX as a webserver running on intraweb.mydomain.

I would like to rewrite all subdomains of certain public domains (spammers and trackers) using my intranet DNS to a webserver that answers every request with a 1 x 1 transparent Pixel GIF.

Note: A user has to be fully aware that the result is not the internet according to public DNS anymore but a modified view of it.

Preparations

Reserving A Private IP Address

I reserve 192.168.2.60 to redirect all unwanted spammers‘ domainnames to. It will be used to serve requests to an address-based virtual host as described below.

A-Record for The IP Address

On intradns.mydomain, I have prepared an A-record for the dedicated IP address in my BIND9’s mydomain zonefile:

; file /var/lib/bin/db.mydomain:
; ... other entries ...

empty IN A 192.168.2.60

Additional IP Address On The Webserver

I have prepared an additional network interface for IP address 192.168.2.60 on intraweb.mydomain:

# file /etc/network/interfaces
# ... other entries ...

auto eth0:0
iface eth0:0 inet static
    address 192.168.2.60
    netmask 255.255.255.0

I activate the additional interface on intraweb by runnning

ifup eth0:0

Test

From a workstation where this is supposed to take effect, I test that the domain name is pointing to the reachable IP address:

~$ ping empty.mydomain
PING empty.mydomain (192.168.2.60) 56(84) bytes of data.
64 bytes from 192.168.2.60: icmp_seq=1 ttl=64 time=0.207 m