adsuck is a small DNS server that spoofs blacklisted addresses and forwards all other queries. The idea is to be able to prevent connections to undesirable sites such as ad servers, crawlers and other nasties. It can be used locally, for the road warrior, or on the network perimeter in order to protect machines from malicious sites. It also has the capability to match website names using regex and there is also a mechanism to spoof DNS queries to specified IP addresses.
Installation:
The code was written on OpenBSD and the port contains the installation procedure. For non OpenBSD installation it needs to be done by hand.
There are 2 methods of using adsuck:
1) as a local resolver for the road-warrior
2) as a perimeter resolver to protect local networks
Method 1
- Make and install adsuck somewhere that is available at boot
- Create a directory to chroot adsuck with 755 permissions and owner root (e.g. /var/adsuck)
- Create a _adsuck user and make its home directory the chroot directory
- Create a _adsuck group
- Copy the blacklist files (e.g. hosts.small) to the chroot directory
- Modify the dhclient script to not overwrite /etc/resolv.conf and instead write that file to the chroot directory
- Also modify the dhclient script to send SIGHUP to the adsuck daemon whenever it gets a new nameserver
- Modify the /etc/resolv.conf file to only one line reading: nameserver 127.0.0.1
- Add adsuck somewhere as a daemon so that it runs during boot (do this after dhclient and syslogd)
- Run adsuck, for example, with the following parameters: -c /var/adsuck -f /resolv.conf /hosts.small
Note: adsuck runs in a chroot environment and the above example would require 2 files in /var/adsuck; namely hosts.small and resolv.conf. Also note that in this example the dhclient script needs to overwrite /var/adsuck/resolv.conf every time it gets a new nameserver AND it has to send SIGHUP to the adsuck daemon to reread that file.
Method 2
- Make and install adsuck somewhere that is available at boot
- Create a directory to chroot adsuck with 755 permissions and owner root (e.g. /var/adsuck)
- Create a _adsuck user and make its home directory the chroot directory
- Create a _adsuck group
- Copy the blacklist files (e.g. hosts.small) to the chroot directory
- Create a resolv.conf file that contains your actual resolver information
- Add adsuck somewhere as a daemon so that it runs during boot (do this after dhclient and syslogd)
- Run adsuck, for example, with the following parameters: -l 192.168.0.1 -c /var/adsuck -f /resolv.conf /hosts.small
Note: this has to be done on whichever machine runs a valid nameserver for that network. If there is a local nameserver make it listen on, for example, port 54 of localhost and make the adsuck resolv.conf point there.
What is new in this release:
- Automatically watches for changes to resolv.conf and rereads it when that happens.
- This removes the need for external stimuli to force the reread (SIGHUP).
- Refreshes all the hosts files.
- Starts using libevent2 in favor of libevent.
What is new in version 2.4.3:
- Updated hosts files.
- OS X support has been added.
What is new in version 2.4.2:
- This version updates all hosts files (the previous hosts.yoyo was in the wrong format).
- It adds install targets to makefiles.
What is new in version 2.4.1:
- This version updates hosts files.
- It has switched to git from cvs.
- It add additional stats.
- It fixes the dhclient script for OpenBSD where sometimes resolv.conf did not get updated.
What is new in version 2.2:
- This version fixes the documentation and provides more examples.
What is new in version 2.1:
- It adds an awesome caching mechanism that makes the whole websurfing experience a bit faster.
What is new in version 2.0:
- Added caching capability.
- libevent is now used in order to speed up processing.
What is new in version 1.8:
- A problem in which WebKit issues bogus DNS requests was worked around.
- This also fixes a crash in that same code path when a bad packet flows through.
What is new in version 1.7:
- There is a reliability fix in the reaping code. The Linux build has been improved.
Comments not found