In my intranet, where hosts are in a subnet 192.168.2.0/24 and domain names in a domain mydomain, I use BIND9 as DNS, running on host intradns.mydomain , and NGINX as a webserver running on intraweb.mydomain.
I would like to rewrite all subdomains of certain public domains (spammers and trackers) using my intranet DNS to a webserver that answers every request with a 1 x 1 transparent Pixel GIF.
Note: A user has to be fully aware that the result is not the internet according to public DNS anymore but a modified view of it.
Reserving A Private IP Address
I reserve 192.168.2.60 to redirect all unwanted spammers‘ domainnames to. It will be used to serve requests to an address-based virtual host as described below.
A-Record for The IP Address
On intradns.mydomain, I have prepared an A-record for the dedicated IP address in my BIND9’s mydomain zonefile:
; file /var/lib/bin/db.mydomain: ; ... other entries ... empty IN A 192.168.2.60
Additional IP Address On The Webserver
I have prepared an additional network interface for IP address 192.168.2.60 on intraweb.mydomain:
# file /etc/network/interfaces # ... other entries ... auto eth0:0 iface eth0:0 inet static address 192.168.2.60 netmask 255.255.255.0
I activate the additional interface on intraweb by runnning
From a workstation where this is supposed to take effect, I test that the domain name is pointing to the reachable IP address:
~$ ping empty.mydomain PING empty.mydomain (192.168.2.60) 56(84) bytes of data. 64 bytes from 192.168.2.60: icmp_seq=1 ttl=64 time=0.207 m