GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
ADSUCK(1) FreeBSD General Commands Manual ADSUCK(1)

adsuck
DNS blacklisting daemon

adsuck [-Ddv] [-c directory] [-f resolv.conf] [-l listen] [-p port] [-r regexfile] [-u userhostsfile ...

adsuck is a small DNS server that spoofs blacklisted addresses and forwards all other queries. The idea is to be able to prevent connections to undesirable sites such as ad servers, crawlers and other nasties. It can be used locally, for the road warrior, or on the network perimeter in order to protect machines from malicious sites.

adsuck replies to bad addresses with a spoofed DNS packet that has the NXdomain flag set. This in effect prevents the application that is resolving the address from trying to connect to this address. Addresses that are not matched are forwarded to the normal nameserver, as provided by resolv.conf(5).

Note that when applications try to be smart and resolve an address with the local domain name appended, it will still spoof the answer.

All non-spoofed responses are cached for the duration of the provided DNS TTL (Time To Live). The cache will be purged when adsuck receives a HUP or USR1 signal. See the SIGNALS section for more details.

The options are as follows:

directory
This is the chroot directory. If it is not specified, it uses the home_dir entry from /etc/passwd.
Do not daemonize.
Enable debug output.
resolv.conf
This is a standard formatted resolv.conf file that contains the name server that can resolve non-blacklisted entries.
listen
This is the address adsuck will listen on. The default is all IP addresses.
port
This is the port number that adsuck will bind to. The default is 53.
regexfile
Filename of a file that contains one regex expression per line e.g. banner|ads|stat|track|click. When the expression is matched, the DNS response will be spoofed. The regex engine runs before the hostsfile match. See regex(3) and re_format(7) for more information.
user
This is the user that adsuck will drop privileges to after it binds to the listen address. The default is _adsuck.
Enable verbose output.
hostsfile
This is a standard formatted hostsfile that contains all blacklisted entries. Examples of good blacklist files:
http://rlwpx.free.fr/WPFF/hosts.htm
http://www.mvps.org/winhelp2002/
    

The adsuck daemon reacts to the following signals:
reevaluate resolv.conf and purge cache
reread hosts and regex files and purge cache
output runtime stats using syslog

hostsfile
Blacklist entries in standard hostsfile format. The entries must point to 127.0.0.1. E.g. 127.0.0.1 badsite.com.

If the entry points to a different address then the spoofing will not be done via NXdomain but will instead return the provided IP address. This enables the administrator to forward specific sites to an IP address that might contain a warning. In order to spoof badsite.com to 192.168.0.1 add "192.168.0.1 badsite.com" to a hostsfile.

resolv.conf
Standard resolv.conf file that contain the actual resolving nameserver and options.

Note: due to the way ldns works one can NOT specify a port in the resolv.conf file.

resolv.conf(5)

adsuck was written to do some smarter ad blocking without using individual browser components and to avoid lengthy hostsfile lookups.

adsuck was written by Marco Peereboom ⟨marco@peereboom.us⟩.

Currently adsuck depends on ldns.
March 16, 2011 FreeBSD 13.1-RELEASE

Search for    or go to Top of page |  Section 1 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.