Block web sites on Windows
Here is how to make your windows computer (Not Server) to become a DNS server. Why should you do that?
Avoid webpages to redirect you to anoying sites, publicity you don't need, or if you want to restrict access so some pages without having a proxy server or software.
There are a vast number of web pages that when you click on something, they open a new window and connect you to a different web site, this other web sites may contain only unuseful content or dangerous content.
Ways to avoid it:
a) Include your URLs in your web browser restriction access list.
Limitations: It is needed to configure a per communication protocol domain restriction list, I find it not very flexible.
b) Configure your windows C:\Windows\System32\drivers\etc\hosts file .
This method overcomes option a) by adding only one line per web site protocol connection (ftp, http, https, etc), so you have to configure only one line to avoid whatever the type of connection is.
Limitations: You have to configure a line per domain, host of the domain and other subdomains, for example:
If you want to restrict access to the web site annoyinsales.com you have to write the following line:
127.0.0.1 annoyingsales.com
While trying to connect to this site, you won't connect, because you will be trying to connect you your own computer, so is a way of restriction, but if you want to be redirected to www.google.com, pick up one of their IP addresses and replace the 127.0.0.1 for it.
#173.194.37.115 is one direction of www.google.com
173.194.37.115 annoyingsales.com
But if you get redirected to www.annoyingsales.com the line you added is useless, you will be redirected to this site unless you add the following lines:
173.194.37.115 annoyingsales.com
173.194.37.115 www.annoyingsales.com
This will be enough, but if there is other web sites where only the first word changes, you have to add a line per word:
173.194.37.115 annoyingsales.com
173.194.37.115 www.annoyingsales.com
173.194.37.115 ftp.annoyingsales.com
173.194.37.115 images.annoyingsales.com
173.194.37.115 etc.annoyingsales.com
Also if there is a subdomain like www.subdomain.annoyingsales.com, guess what? You have to create all the previous paragraph for that subdomain too.
The way to avoid writting for every subdomain or host in a domain, is by using a wildcard register, this is writting only the line *.annoyingsales.com to block all the possibilties to the left of this domain.
Unhappily I haven't found a way to do this with windows hosts file.
This is quite frustrating, but there is another option.
c) Let your computer be a DNS server, so you could use this magical wildcard register to avoid the infinity possibilities for every annoying domain.
Looking in the services of a windows computer client, I didn't find one called DNS server, so there isn't.
Therefore, let's pick up a well known, trusted and free DNS server software, BIND, the ISC development, working in Linux enviroments.
With this software you will block at your desire.
The following lines describe how to do it, but in addition, how to improve a little with some windows batch scripts.
Requirements:
Globally you will see:
1.- Install DNS service on your computer, using BIND.
2.-Configure named.conf file as I suggest to you.
3.- Create a file named "zones.txt".
4.- Run the script I made to automate domain configuration.
5.- Run the script required to restart the DNS service.
6.- Test it.
7.- Repeat the test.
8.- Enjoy.
1.- Install DNS service on your computer, using BIND.I Don't deserve the glory of how to download or make the first configuration since I didn't do it alone, please follow the steps of this article and come back for the automation of the procedures. Why am I reposting? I don't, I'm improving what I saw to make things faster.
How to install and make the first configuration of BIND in windows:
http://alex.charrett.com/bind-on-windows
2.- Configure named.conf (If you already know it just copy and paste the script from step 3 )
Open the file named.conf and write the following:
Create a file named zones.txt in the zones directory (This should be the same that appears in the Step 2) , and write down the domains you want to avoid conecction, for example my file have the following content:
yourdomain.com
manxtreme.com
n-mobile.net
entertainment-factory.com
clkmon.com
vube.com
bet365.com
fastdist.net
Is important not to leave empty any line of this file, since I haven't written any validation sentence in the script to overcome special lines,
neither put special characters or lines different like the example above, it is not a secure software that is done to avoid a particular hacking,
is just a script to help. In addition you are smart enough to understand what I mean.
4.- Run the script I made to automate domain configuration.
Create a file with the extension .bat in the zones directory (This should be the same that appears in the Step 2) , let it be named zone_creation.bat, open this file with a notepad, I prefer notepad++ (Is better) and write down the following sentences:
C:\named\etc\named.conf is the location of the named.conf file
User_Zones=zones.txt is the file where you wrote the zones you want to avoid, write a full path value if you want to put it somewhere else.
include "Full_Zones"; This file Full_Zones is where the authority zones information will be sent, in the same folder zones, files with the name db.<yourdomain>.txt
will be created, where reside the zone registers, in this case, we are writting a wildcard ( * ) so, any name before the zone name will held the same IP address.
If you query for:
a.yourdomain.com, you will get the IP 127.0.0.1
If you query for:
b.a.yourdomain.com you will get the IP 127.0.0.1
if you query for:
z.yourdomain.com you will get the IP 127.0.0.1
So just write the domain you want to avoid, you don't need to writte all the subdomains or the host in that domain as you woul have done with the windows host file.
5.- Run the script required to apply changes.In the step 1, you are queried to execute a bat file to apply changes,
This is :
Avoid webpages to redirect you to anoying sites, publicity you don't need, or if you want to restrict access so some pages without having a proxy server or software.
There are a vast number of web pages that when you click on something, they open a new window and connect you to a different web site, this other web sites may contain only unuseful content or dangerous content.
Ways to avoid it:
a) Include your URLs in your web browser restriction access list.
Limitations: It is needed to configure a per communication protocol domain restriction list, I find it not very flexible.
b) Configure your windows C:\Windows\System32\drivers\etc\hosts file .
This method overcomes option a) by adding only one line per web site protocol connection (ftp, http, https, etc), so you have to configure only one line to avoid whatever the type of connection is.
Limitations: You have to configure a line per domain, host of the domain and other subdomains, for example:
If you want to restrict access to the web site annoyinsales.com you have to write the following line:
127.0.0.1 annoyingsales.com
While trying to connect to this site, you won't connect, because you will be trying to connect you your own computer, so is a way of restriction, but if you want to be redirected to www.google.com, pick up one of their IP addresses and replace the 127.0.0.1 for it.
#173.194.37.115 is one direction of www.google.com
173.194.37.115 annoyingsales.com
But if you get redirected to www.annoyingsales.com the line you added is useless, you will be redirected to this site unless you add the following lines:
173.194.37.115 annoyingsales.com
173.194.37.115 www.annoyingsales.com
This will be enough, but if there is other web sites where only the first word changes, you have to add a line per word:
173.194.37.115 annoyingsales.com
173.194.37.115 www.annoyingsales.com
173.194.37.115 ftp.annoyingsales.com
173.194.37.115 images.annoyingsales.com
173.194.37.115 etc.annoyingsales.com
Also if there is a subdomain like www.subdomain.annoyingsales.com, guess what? You have to create all the previous paragraph for that subdomain too.
The way to avoid writting for every subdomain or host in a domain, is by using a wildcard register, this is writting only the line *.annoyingsales.com to block all the possibilties to the left of this domain.
Unhappily I haven't found a way to do this with windows hosts file.
This is quite frustrating, but there is another option.
c) Let your computer be a DNS server, so you could use this magical wildcard register to avoid the infinity possibilities for every annoying domain.
Looking in the services of a windows computer client, I didn't find one called DNS server, so there isn't.
Therefore, let's pick up a well known, trusted and free DNS server software, BIND, the ISC development, working in Linux enviroments.
With this software you will block at your desire.
The following lines describe how to do it, but in addition, how to improve a little with some windows batch scripts.
Requirements:
- Permission to download software from internet.
- Administrator rights on your computer.
- The current DNS servers configured in your computer's network card. (ipconfig /all)
- The list of the domains you want to block (Don't worry if you haven't all, you can add them easily later)
- In case of redirection, find out the IP address of where you want to go on redirection.
Setup BIND for windows
Globally you will see:
1.- Install DNS service on your computer, using BIND.
2.-Configure named.conf file as I suggest to you.
3.- Create a file named "zones.txt".
4.- Run the script I made to automate domain configuration.
5.- Run the script required to restart the DNS service.
6.- Test it.
7.- Repeat the test.
8.- Enjoy.
1.- Install DNS service on your computer, using BIND.I Don't deserve the glory of how to download or make the first configuration since I didn't do it alone, please follow the steps of this article and come back for the automation of the procedures. Why am I reposting? I don't, I'm improving what I saw to make things faster.
How to install and make the first configuration of BIND in windows:
http://alex.charrett.com/bind-on-windows
2.- Configure named.conf (If you already know it just copy and paste the script from step 3 )
Open the file named.conf and write the following:
options { directory "c:\named\zones"; allow-transfer { none; }; recursion yes; forward only; forwarders { 4.2.2.2; 8.8.8.8; }; }; include "Full_Zones"; ###The following lines should have been pasted from the steps in part 1.3.- Create a file named "zones.txt".
Create a file named zones.txt in the zones directory (This should be the same that appears in the Step 2) , and write down the domains you want to avoid conecction, for example my file have the following content:
yourdomain.com
manxtreme.com
n-mobile.net
entertainment-factory.com
clkmon.com
vube.com
bet365.com
fastdist.net
Is important not to leave empty any line of this file, since I haven't written any validation sentence in the script to overcome special lines,
neither put special characters or lines different like the example above, it is not a secure software that is done to avoid a particular hacking,
is just a script to help. In addition you are smart enough to understand what I mean.
4.- Run the script I made to automate domain configuration.
Create a file with the extension .bat in the zones directory (This should be the same that appears in the Step 2) , let it be named zone_creation.bat, open this file with a notepad, I prefer notepad++ (Is better) and write down the following sentences:
REM Script made for creating DNS zones in BIND-Windows @echo off set Named_Directory=C:\named\etc\named.conf set User_Zones=zones.txt set Zones_File=Full_Zones REM echo %User_Zones% REM echo %Named_Directory% IF EXIST %User_Zones% IF EXIST %Zones_File% ( echo Reading %User_Zones% . echo. echo. > %Zones_File% for /f %%Z IN (%User_Zones%) DO ( REM Start of sending zone location to named.conf echo zone "%%Z" IN { >> %Zones_File% echo type master; >> %Zones_File% echo file "db.%%Z.txt"; >> %Zones_File% echo allow-transfer { none; }; >> %Zones_File% echo }; >> %Zones_File% echo. >> %Zones_File% REM End of sending zone location to named.conf ) for /f %%Z IN (%User_Zones%) DO ( REM Start of Creating zone information echo $TTL 6h > db.%%Z.txt echo @ IN SOA your-nameserver.yourdomain.com. hostmaster.yourdomain.com. ^( >> db.%%Z.txt echo 2005022201 >> db.%%Z.txt echo 10800 >> db.%%Z.txt echo 3600 >> db.%%Z.txt echo 604800 >> db.%%Z.txt echo 86400 ^) >> db.%%Z.txt echo @ NS your-nameserver.%%Z. >> db.%%Z.txt echo your-nameserver IN A 127.0.0.1 >> db.%%Z.txt echo * IN A 127.0.0.1 >> db.%%Z.txt REM End of creating zone information ) )Description of the script:
C:\named\etc\named.conf is the location of the named.conf file
User_Zones=zones.txt is the file where you wrote the zones you want to avoid, write a full path value if you want to put it somewhere else.
include "Full_Zones"; This file Full_Zones is where the authority zones information will be sent, in the same folder zones, files with the name db.<yourdomain>.txt
will be created, where reside the zone registers, in this case, we are writting a wildcard ( * ) so, any name before the zone name will held the same IP address.
If you query for:
a.yourdomain.com, you will get the IP 127.0.0.1
If you query for:
b.a.yourdomain.com you will get the IP 127.0.0.1
if you query for:
z.yourdomain.com you will get the IP 127.0.0.1
So just write the domain you want to avoid, you don't need to writte all the subdomains or the host in that domain as you woul have done with the windows host file.
5.- Run the script required to apply changes.In the step 1, you are queried to execute a bat file to apply changes,
This is :
@echo off c:\named\bin\rndc reload pause you can also do it automatically by copying the line c:\named\bin\rndc reload To the end of the script in step 4.
6.- Test it.
Want to see it working?
First start a prompt console (Run, cmd), and then type the following
nslookup
server 127.0.0.1
a.yourdomain.com
You should get a 127.0.0.1 reply, if you don't, probably you missed some part of the configuration, or I forget to write something.
Customization:
forwarders { 4.2.2.2; 8.8.8.8; };
Here I list the IP addresses of public DNS servers, you should change them for those that appear on your initial networking configuration,
where do you see them?
Run, cmd, ipconfig /all
You will see one or two lines where it says DNS servers, those numbers should be written instead of mine.
7.- Repeat the test.
If you have skipped this part thinking you are done, you're going to have a bad time, to make this work properly, you have to change the dns servers configuration of your network card to the address 127.0.0.1 so you can finally avoid those bothering sites.
Thanks for reading.
8.- Enjoy
Windows BIND Website Blocker by Bryan Percy Saldivar Espinoza (bsaldivar.emc2@gmail.com) is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
¿Desea donar?/Do you wish to give some money to the author?
Comentarios
Publicar un comentario