adsuck 2.5.0

A small DNS server
adsuck is a small DNS server that spoofs blacklisted addresses and forwards all other queries. The idea is to be able to prevent connections to undesirable sites such as ad servers, crawlers and other nasties. It can be used locally, for the road warrior, or on the network perimeter in order to protect machines from malicious sites. It also has the capability to match website names using regex and there is also a mechanism to spoof DNS queries to specified IP addresses.

Installation:

The code was written on OpenBSD and the port contains the installation procedure. For non OpenBSD installation it needs to be done by hand.
There are 2 methods of using adsuck:

 1) as a local resolver for the road-warrior
 2) as a perimeter resolver to protect local networks

Method 1
- Make and install adsuck somewhere that is available at boot
- Create a directory to chroot adsuck with 755 permissions and owner root (e.g. /var/adsuck)
- Create a _adsuck user and make its home directory the chroot directory
- Create a _adsuck group
- Copy the blacklist files (e.g. hosts.small) to the chroot directory
- Modify the dhclient script to not overwrite /etc/resolv.conf and instead write that file to the chroot directory
- Also modify the dhclient script to send SIGHUP to the adsuck daemon whenever it gets a new nameserver
- Modify the /etc/resolv.conf file to only one line reading: nameserver 127.0.0.1
- Add adsuck somewhere as a daemon so that it runs during boot (do this after dhclient and syslogd)
- Run adsuck, for example, with the following parameters: -c /var/adsuck -f /resolv.conf /hosts.small

Note: adsuck runs in a chroot environment and the above example would require 2 files in /var/adsuck; namely hosts.small and resolv.conf. Also note that in this example the dhclient script needs to overwrite /var/adsuck/resolv.conf every time it gets a new nameserver AND it has to send SIGHUP to the adsuck daemon to reread that file.

Method 2

- Make and install adsuck somewhere that is available at boot
- Create a directory to chroot adsuck with 755 permissions and owner root (e.g. /var/adsuck)
- Create a _adsuck user and make its home directory the chroot directory
- Create a _adsuck group
- Copy the blacklist files (e.g. hosts.small) to the chroot directory
- Create a resolv.conf file that contains your actual resolver information
- Add adsuck somewhere as a daemon so that it runs during boot (do this after dhclient and syslogd)
- Run adsuck, for example, with the following parameters: -l 192.168.0.1 -c /var/adsuck -f /resolv.conf /hosts.small

Note:
this has to be done on whichever machine runs a valid nameserver for that network. If there is a local nameserver make it listen on, for example, port 54 of localhost and make the adsuck resolv.conf point there.

last updated on:
September 28th, 2012, 22:56 GMT
price:
FREE!
developed by:
Marco Peereboom
license type:
BSD License 
category:
ROOT \ Internet \ DNS

FREE!

In a hurry? Add it to your Download Basket!

user rating

UNRATED
0.0/5
 

0/5

What's New in This Release:
  • Automatically watches for changes to resolv.conf and rereads it when that happens.
  • This removes the need for external stimuli to force the reread (SIGHUP).
  • Refreshes all the hosts files.
  • Starts using libevent2 in favor of libevent.
read full changelog

Add your review!

SUBMIT