bram@cbbg.nl~$ hexdump cbbg.bin 00 | CA BB A9 E0 00 42 72 61 6D 27 73 Ê»©à.Bram's 0B | 72 65 73 69 64 65 6E 63 65 00 00 residence.. 16 | 6F 6E 20 74 68 65 20 77 65 62 2E on the web.

DNS

Unbound as DNS Sinkhole

Inspired by the popular pi-hole project which sends advertisements and tracking scripts into oblivion, I decided to roll my own solution as an educational exercise. First place to look was at a DNS server, dnsmasq is a common choice for this kind of task, but I noticed that FreeBSD is shiped with the Unbound DNS server installed by default. As I like to keep my system as clean as possible, I decided to use this one. Below is the config file used for the unbound DNS server, the important lines are the local-zone: lines. This tells the server to return NXDOMAIN which stands for non-existent domain. Also frequently seen on the internet is to return 127.0.0.1 instead of NXDOMAIN, the downside of this solution is that the client will make an additional request to 127.0.0.1 to find the data it was looking for. Using the local-zone: approach also any subdomains are automatically blocked. Any non-blocked DNS queries are forwarded to upstream DNS servers in the forward-zone.