One of the solutions to increase your PC security and block ads, counters, malwares and etc is to use a HOSTS file on your windows so the DNS address of such sites is resolved to localhost (127.0.0.1) instead of correct address.
Simply using a HOSTS file is not a cure-all against all the dangers on the Internet, but it does provide another very effective “Layer of Protection”.
The original idea is explained on this link : http://www.mvps.org/winhelp2002/hosts.htm
As the above link explains , you can put HOSTS file inside your windows system files and it will do the trick , but this solution has its own complexities and downsides , a better solution is to have a DNS server which uses MVPS HOSTS file to block malware sites and then point your PC DNS entries to it.
like 1 year ago I explained how to install PowerDNS as a caching DNS server – HERE – now I want to explain how you can configure it to use MVPS HOSTS file to block malware site and update it automatically.
Please note you should have perl installed on your server for this script to work.
Go to /etc/powerdns folder and create the following files :
null.zone.file :
; BIND db file for ad servers - point all addresses to localhost
;
; This file comes from:
;
; http://adminsehow.com
$TTL 86400 ; one day
@ IN SOA ns0.example.net. hostmaster.example.net. (
2002061000 ; serial number YYMMDDNN
28800 ; refresh 8 hours
7200 ; retry 2 hours
864000 ; expire 10 days
86400 ) ; min ttl 1 day
NS ns0.example.net.
NS ns1.example.net.
A 127.0.0.1
* IN A 127.0.0.1
auth-zone.pl :
local $/=undef;
open FILE, "hosts.txt" or die "Couldn't open file: $!";
binmode FILE;
$subject = <FILE>;
close FILE;
$a='auth-zones=';
while ($subject =~ m/127\.0\.0\.1[ ]+(([a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,4})/ixg) {
$a=$a.$1."=null.zone.file,";
}
print "$a";
update-auth-zone :
cd /etc/powerdns rm -f hosts.txt wget -q "http://www.mvps.org/winhelp2002/hosts.txt" perl auth-zone.pl > auth.zone sed -i "/auth-zones=/d" recursor.conf cat auth.zone >> recursor.conf /etc/init.d/pdns-recursor restart > /dev/null 2>&1 rm -f hosts.txt rm -f auth.zone
make update-auth-zone executable :
chmod +x update-auth-zone
execute update-auth-zone once :
./update-auth-zone
open crontab by “crontab -e” command and add the following line to it :
@weekly /etc/powerdns/update-auth-zone
this cron job will automatically update your powerdns configuration based on MVPS HOSTS file weekly.
Currently I have configured my own DNS server 216.155.148.9 to use MVPS HOSTS file , feel free to use it as your primary DNS Server if you like 🙂