Black Listing By Domain Name Using MaraDNS

I was reading through some of the Linux documentation on initial RAM filesystems (very well written, by the way, by Rob Landley; it's found in the distribution at Documentation/filesystems/ramfs-rootfs-initramfs.txt), when I came across some links. I tried one of the links, http://www.tldp.org/HOWTO/From-PowerUp-To-Bash-Prompt-HOWTO.html, and in the "Hardware" section, I noticed this link to some related work by Eric S. Raymond:

http://www.linuxdoc.org/HOWTO/Unix-and-Internet-Fundamentals-HOWTO.html

I clicked on that link. However, instead of taking me to the work that I expected to see, I hit some rather awful search page; a bit of investigation showed that searchportal.information.com was involved in this. Employing the useful "Live HTTP Headers" module in Firefox, I noticed that I was getting routed to various unpleasant places, and these folks were all leaving the URL intact, thus appearing to be the correct page though of course they looked nothing like what I was expecting. (A more correct URL would appear to be http://en.tldp.org/HOWTO/Unix-and-Internet-Fundamentals-HOWTO/.)

Somewhat peeved by this misdirection, I considered for few minutes reconfiguring my djbdns setup to add an authoritative blackhole for these folks. I had set up MaraDNS before to do exactly that, and it was superbly easy to do. I couldn't think of an elegant way in djbdns to do it, so I decided to recreate my MaraDNS solution on this Fedora 11 box.

I started by doing a yum install of MaraDNS:

somedir# yum install maradns

Next, I stopped djbdns, and added MaraDNS to the boot:

somedir# chkconfig maradns on

Now, I added the following lines to /etc/mararc:

# cat >> /etc/mararc <<-HERE
csv2["."] = "db.nogoodniks"
HERE

I then created the file /etc/maradns/db.nogoodniks with some domains to be blacklisted:

somedir# cat > /etc/maradns/db.nogoodniks <<-HERE
*.information.com.	A	127.0.0.1
*.trafficz.com.		A	127.0.0.1
*.searchnut.com.	A	127.0.0.1
*.parklogic.com.	A	127.0.0.1
*.ndparking.com.	A	127.0.0.1
*.cn.			A	127.0.0.1
HERE

Now a quick start of MaraDNS, and a check that I haven't flubbed the syntax:

somedir# /etc/init.d/maradns start
Starting all MaraDNS processes: /etc/mararc                [  OK  ]
somedir# tail /var/log/messages
Oct  2 14:09:01 localhost /usr/sbin/maradns: Using ICANN nameservers for root_servers["."]
Oct  2 14:09:01 localhost /usr/sbin/maradns:  Log: Root directory changed
Oct  2 14:09:01 localhost /usr/sbin/maradns:  Log: Binding to address 127.0.0.1
Oct  2 14:09:01 localhost /usr/sbin/maradns:  Log: Socket opened on UDP port 53
Oct  2 14:09:01 localhost /usr/sbin/maradns:  Log: Root privileges dropped
Oct  2 14:09:01 localhost /usr/sbin/maradns: Processing zone . right now.
Oct  2 14:09:01 localhost /usr/sbin/maradns: Filename: db.nogoodniks
Oct  2 14:09:01 localhost /usr/sbin/maradns: MaraDNS proudly serves you 6 DNS records
Oct  2 14:09:01 localhost /usr/sbin/maradns: MaraDNS maximum memory allocation set to 1613243392 bytes
Oct  2 14:09:01 localhost /usr/sbin/maradns:  Log: All RRs have been loaded

And now some testing:

somedir# dig www.google.cn

; <<>> DiG 9.6.1-P1-RedHat-9.6.1-6.P1.fc11 <<>> www.google.cn
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28517
;; flags: qr; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.google.cn.			IN	A

;; ANSWER SECTION:
www.google.cn.		86400	IN	A	127.0.0.1

;; Query time: 54 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Oct  2 14:13:42 2009
;; MSG SIZE  rcvd: 47

somedir# dig searchportal.information.com

; <<>> DiG 9.6.1-P1-RedHat-9.6.1-6.P1.fc11 <<>> searchportal.information.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64322
;; flags: qr; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;searchportal.information.com.	IN	A

;; ANSWER SECTION:
searchportal.information.com. 86400 IN	A	127.0.0.1

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Oct  2 14:13:57 2009
;; MSG SIZE  rcvd: 62

somedir# ping -c 1 www.google.cn
PING www.google.cn (127.0.0.1) 56(84) bytes of data.
64 bytes from localhost.localdomain (127.0.0.1): icmp_seq=1 ttl=64 time=0.074 ms

--- www.google.cn ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.074/0.074/0.074/0.000 ms
somedir# ping -c 1 www.information.com
PING www.information.com (127.0.0.1) 56(84) bytes of data.
64 bytes from localhost.localdomain (127.0.0.1): icmp_seq=1 ttl=64 time=0.044 ms

--- www.information.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.044/0.044/0.044/0.000 ms