Setting Up The DNS Override

BIND9 Configuration

On intradns.mydomain, I extend the named.conf.local file of BIND9 as follows:

# file /etc/bind/named.conf.local:
# ... other entries

include "/etc/bind/zones.adblock";

I create a new file db.adblock, which is a BIND9 zonefile (note the use of the local domain names intradns.mydomain and mydomain which will differ in your setup):

# file /etc/bind/db.adblock:
$TTL     86400   ; one day
@ IN SOA intradns.mydomain. root.mydomain. (
    2015082801   ; serial number YYMMDDNN
         28800   ; refresh 8 hours
          7200   ; retry 2 hours
        864000   ; expire 10 days
         86400 ) ; min ttl 1 day
     NS intradns.mydomain.
@ IN A  192.168.2.60 # address for domain itself, e.g. stupid-cdn.net
* IN A  192.168.2.60 # address for all subdomains, e.g. foo177.baz.stupid-cdn.net

Finally, I create a new configuration file zones.adblock which will override the unwanted domains from public DNS by assuming master for them and using the zonefile db.adblock for all of them:

# file /etc/bind/zones.adblock:
/* redirect everything in this domain to 192.168.2.60 (empty.mydomain) */
zone "stupid-cdn.net" IN { type master; notify no; file "/etc/bind/db.adblock"; };
zone "spam-4-you.biz" IN { type master; notify no; file "/etc/bind/db.adblock"; };

As you see, I simply repeat the same zone-IN for every domain I want to override.

I reload BIND9:

~# rndc reload
server reload successful

Test

On a workstation where this is supposed to work, I repeat the test from the previous section, only that this time I use the public domains that should be overridden; I test with an arbitrary subdomain of such a domain:

~# curl -IL http://foobar.baz.stupid-cdn.net/whatever 
HTTP/1.1 200 OK
Server: nginx/1.9.2
Date: Fri, 28 Aug 2015 05:18:38 GMT
Content-Type: image/gif
Content-Length: 43
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Connection: keep-alive