is a small DNS server that spoofs blacklisted addresses and forwards all other
The idea is to be able to prevent connections to undesirable sites such as ad
servers, crawlers and other nasties.
It can be used locally, for the road warrior, or on the network perimeter in
order to protect machines from malicious sites.
replies to bad addresses with a spoofed DNS packet that has the NXdomain
This in effect prevents the application that is resolving the address from
trying to connect to this address.
Addresses that are not matched are forwarded to the normal nameserver,
as provided by
Note that when applications try to be smart
and resolve an address with the local domain name appended,
it will still spoof the answer.
All non-spoofed responses are cached for the duration of the provided DNS TTL
(Time To Live).
The cache will be purged when
section for more details.
The options are as follows:
This is the chroot directory.
If it is not specified, it uses the home_dir entry from
Do not daemonize.
Enable debug output.
This is a standard formatted resolv.conf file that contains the name server that
can resolve non-blacklisted entries.
This is the address
will listen on.
The default is all IP addresses.
This is the port number that
will bind to.
The default is 53.
Filename of a file that contains one regex expression per line e.g.
When the expression is matched,
the DNS response will be spoofed.
The regex engine runs before the hostsfile match.
for more information.
This is the user that
will drop privileges to after it binds to the listen address.
The default is _adsuck.
Enable verbose output.
This is a standard formatted hostsfile that contains all blacklisted entries.
Examples of good blacklist files: