Register for the iXsystems Community to get an ad-free experience and exclusive discounts in our eBay Store.

Guide - Setting up Jail to filter web advertisements using DNS

Joined
Oct 18, 2015
Messages
4
Hello,

I have used a few guides around the web to install a DNS jail to filter web advertisements on my home network. Feel free to make and suggestions you feel I may be missing.

This is running FreeNAS 9.3.1

Open your FreeNAS page
Navigate to Jails and Click "Add Jail"
Give your Jail a name and click Advanced > Set a static IPv4 for your Jail and hit OK to create the Jail.

Once Jail is created click on "View Jails" click your Jail and launch the shell.

enter this command below in shell to edit rc.conf:
edit /etc/rc.conf

Navigate to the bottom of the screen and add these lines:

named_enable="YES"
named_chrootdir=""


You have completed this file hold ESC and press enter and save changes on quit.

--------------------------------------------------------------------------------

Now we are back at the shell screen use the command below to edit the named configuration
edit /var/named/etc/namedb/named.conf

Look for the following line

listen-on { 127.0.0.1; };
Change it to:

listen-on { any; };

Then go all the way to the bottom and add the following line:

include "/etc/namedb/adblock/adblock_include.conf";

You have completed this file hold ESC and press enter and save changes on quit.

--------------------------------------------------------------------------------

Now we are back at the shell screen use the command below to create the directory for adblocking:
mkdir /var/named/etc/namedb/adblock

Now we run the next commands grab the configuration and adblock config - I will host these forever on my site below.

fetch -o /var/named/etc/namedb/working/null.zone.file http://HostingItAll.com/FreeNAS/null.zone.file

fetch -o /var/named/etc/namedb/adblock/adblock_include.conf http://HostingItAll.com/FreeNAS/adblock_include.conf


Now we need to start your named service run the command below in shell:
service named start

Test your configuration by running the command below in shell:
dig @localhost ad.doubleclick.com

it should return 127.0.0.1
--------------------------------------------------------------------------------

Once verified working log into your home router and set your DNS server to use the IP address of your new jail.

You may need to do an IPCONFIG /FLUSHDNS in the cmd prompt using Windows machines to immediately purge out all your old DNS. - No absolute need as it will eventually update for everyone.

Note: You can add more blocked sites by editing the adblock_include.conf file and following the format, be sure to restart named for it to take effect.
 
Last edited:

DrKK

FreeNAS Generalissimo
Joined
Oct 15, 2013
Messages
3,630
A couple of things, sir.

First of all "AD" means "Active Directory" in the FreeNAS universe. Suggest you write "ad" or "advertisement", not "AD", because the only reason I clicked this was because I thought you were doing something obscene with Active Directory.

Second of all, I am having a hell of an impossible time imagining someone that would, simultaneously:
  • want to do the thing you describe, and
  • doesn't already know how to do all of this, and
  • but yet somehow knows enough to reconfigure all his clients correctly for a LANside custom DNS daemon (after all, you say, at the end, "now go ahead and set up everyone to use this DNS server"), and
  • finds this solution better than one-click-installing the usual ad-blockers in his web browsers on affected client machine, which use dynamic filter lists and regular expressions (far more subtle and timely than what you're doing) that are updated frequently to stay ahead of the game.
I guess I just don't get it. No offense intended. I have a tough time imagining someone wanting use this strategy, and if they did, they would come in two types: people for which your guide is superfluous, and people for which your guide is not complete.
 
Joined
Oct 18, 2015
Messages
4
Hello, I made the advertisement changes you have suggested.

I am not suggesting each PC be touched, and would hope people change the DNS in their router thus affecting all devices.

I had wrote the guide as you mentioned above you would not think anyone would want to perform this - here are my reasons for doing this:

  • Full home advertisement blocking
  • Ability to block websites I do not want my kids to visit.
  • Not wanting to install separate software on each machine/mobile device on the network to perform blocks.
  • Being new to FreeNAS I also like to play in the system to feel out what it can do for us at home other than serve as file storage.
 
Last edited:
Top