How to Block a Domain in Bind DNS Server on CentOS

To Block a Domain in Bind DNS Server on CentOS

Domain Name System or DNS is a service that will resolve the host name for the particular IP address. When we search for a domain namely www.google.com in browser, the . (dot) seperating the domain name will search for the root server of namespace. Bind is an open source software that enables the user to publish the Domain Name System (DNS) information on the internet and to resolve the DNS queries for the user. Blocking a domain in DNS server is all about simply redirecting all queries for the domain to a loop back IP address or any false IP address. This tutorial covers the configuration procedure of blocking a domain in Bind DNS server on CentOS.

Configuration procedure

Before beginning the configuration process, install the bind package using install command and press y to continue with the installation procedure. 

[root@ns1 ~]# yum install bind* -y
Loaded plugins: fastestmirror, refresh-packagekit, security
Setting up Install Process
Loading mirror speeds from cached hostfile
 * base: mirrors.viethosting.com
 * extras: ftp.iitm.ac.in
 * updates: ftp.iitm.ac.in
Resolving Dependencies
-->  Running transaction check
--->  Package bind.x86_64 32:9.8.2-0.62.rc1.el6_9.4 will be installed
--->  Package bind-chroot.x86_64 32:9.8.2-0.62.rc1.el6_9.4 will be installed
--->  Package bind-devel.x86_64 32:9.8.2-0.62.rc1.el6_9.4 will be installed
--->  Package bind-dyndb-ldap.x86_64 0:2.3-8.el6 will be installed
--->  Package bind-libs.x86_64 32:9.8.2-0.62.rc1.el6 will be updated
--->  Package bind-libs.x86_64 32:9.8.2-0.62.rc1.el6_9.4 will be an update
--->  Package bind-sdb.x86_64 32:9.8.2-0.62.rc1.el6_9.4 will be installed
.
.
.
Installed:
  bind.x86_64 32:9.8.2-0.62.rc1.el6_9.4  bind-chroot.x86_64 32:9.8.2-0.62.rc1.el6_9.4  bind-devel.x86_64 32:9.8.2-0.62.rc1.el6_9.4  bind-dyndb-ldap.x86_64 0:2.3-8.el6  bind-sdb.x86_64 32:9.8.2-0.62.rc1.el6_9.4
Dependency Installed:
  postgresql-libs.x86_64 0:8.4.20-7.el6                                                                                                                                                                           

Updated:
  bind-libs.x86_64 32:9.8.2-0.62.rc1.el6_9.4                                                              bind-utils.x86_64 32:9.8.2-0.62.rc1.el6_9.4                                                             
Complete!

Next edit the configuration file named.conf file for bind DNS and enter your IP address for that DNS server.

[root@ns1 ~]# vim/etc/named.conf
options {
        listen-on port 53 { 127.0.0.1  192.168.7.222  } 
        listen-on-v6 port 53 { ::1  } 
        directory       " /var/named"  
        dump-file       " /var/named/data/cache_dump.db"  
        statistics-file " /var/named/data/named_stats.txt"  
        memstatistics-file " /var/named/data/named_mem_stats.txt"  
        allow-query     { localhost  } 
        recursion yes 
        dnssec-enable yes 
        dnssec-validation yes 

        /* Path to ISC DLV key */
        bindkeys-file " /etc/named.iscdlv.key"  
        managed-keys-directory " /var/named/dynamic"  
} 

logging {
        channel default_debug {
                file " data/named.run"  
                severity dynamic 
        } 
} 
zone " ."  IN {
        type hint 
        file " named.ca"  
} 

include " /etc/named.rfc1912.zones"  
include " /etc/named.root.key"

Start and enable the named service.

[root@ns1 ~]# service named start
Generating /etc/rndc.key:                                  [  OK  ]
Starting named:                                            [  OK  ]
[root@ns1 ~]# chkconfig named on

Next change the default DNS resolver to this newly installed DNS server’ s IP address in your network configuration file. Save and exit the file. 

[root@ns1 ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE=eth0
TYPE=Ethernet
UUID=36a6e616-74e3-4df5-ad16-ca3b691bc2d8
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=none
HWADDR=00:0C:29:F2:17:C6
IPADDR=192.168.7.222
PREFIX=24
GATEWAY=192.168.7.1
DNS1=192.168.7.222
DEFROUTE=yes
IPV4_FAILURE_FATAL=yes
IPV6INIT=no
NAME=" System eth0"

Restart the network service.

[root@ns1 ~]# service network restart
Shutting down interface eth0:  Device state: 3 (disconnected)
                                                           [  OK  ]
Shutting down loopback interface:                          [  OK  ]
Bringing up loopback interface:                            [  OK  ]
Bringing up interface eth0:  Active connection state: activated
Active connection path: /org/freedesktop/NetworkManager/ActiveConnection/1
                                                           [  OK  ]

Now the basic DNS server is up and ready. Set a domain to be blocked in the DNS. Open named.conf configuration file and make some changes as shown below in order to block a domain. 

[root@ns1 ~]# vim /etc/named.conf
Create a zone as shown below to block facebook domain
zone " facebook.com"  {
type master 
file " block"  
}

Create the forward zone file called “ block” in named.conf file. Enter the following contents in the file and save it. 

[root@ns1 ~]# vim /var/named/block
$TTL 86400
@   IN  SOA     ns1.example.com. root.example.com. (
        2011071001   Serial
        3600         Refresh
        1800         Retry
        604800       Expire
        86400        Minimum TTL
)
@       IN  NS          ns1.example.com.
@       IN  A           192.168.7.222
*       IN  A           192.168.7.222

In that forward zone file enter any IP as fake or loop back IP so that the domain will be redirected to that responsive IP. The IP will be looped back and hence the domain will remain blocked. Restart the named service. 

[root@ns1 ~]# service named restart
Stopping named:                                            [  OK  ]
Starting named:                                            [  OK  ]

Check with nslookup by running the following command. An output will be displayed like shown below if the domain is blocked. 

[root@ns1 ~]# nslookup facebook.com
Server: 192.168.7.222
Address: 192.168.7.222#53

Name: facebook.com
Address: 192.168.7.222

To also check in the browser, type the blocked domain name and hit enter. The domain will remain blocked.

Thus the configuration procedure of Blocking a domain in Bind DNS server on CentOS is done without any glitches.

Tag : CentOS Bind DNS
FAQ
Q
where to edit the configuration file for DNS in centos?
A
Edit the named.conf configuration file using vim editor and enter the following contents in the file. Save and exit the file.
# vim /etc/named.conf
Q
what is the package to be install DNS configuration in centos?
A
use the below command to install the package of DNS
# yum install bind* -y
Q
why we need Block a Domain in Bind DNS Server on CentOS?
A
Domain Name System or DNS is a service that will resolve the host name for the particular IP address. When we search for a domain namely www.google.com in browser, the . (dot) seperating the domain name will search for the root server of namespace. Bind is an open source software that enables the user to publish the Domain Name System (DNS) information on the internet and to resolve the DNS queries for the user. Blocking a domain in DNS server is all about simply redirecting all queries for the domain to a loop back IP address or any false IP address.
Q
Where i can find the log file for Bind DNS on my Centos Machine?
A
The default log file for bind will located in /var/named/data/ directory in the file name of named.run, you can see this log file path in your /etc/named.conf file. And you can configure your
Q
how to install Block a Domain in Bind DNS in webmin?
A
Please refer the link as follow to install Block a Domain in Bind DNS in webmin
"https://www.linuxhelpbkp.revyy.com/how-to-install-and-configure-bind-dns-on-webmin-1/".