# FreeBSD 10.1 BIND 9.9 setup help



## warlocke (Mar 21, 2015)

Hello all.
I am trying to setup an internal DNS server on my network. My main reason for this is so that every device that is used on my network can use a single server to block stuff I don't want on the network. IE Ads, known malware sites, etc.. I have BIND 9.9 installed, and reading https://www.freebsd.org/doc/handbook/network-dns.html but it is kind of confusing to me. Would anyone be willing to help me out with this? Maybe over Skype?

The issues I'm running into are
1. setting up zones
2. setup the DNS server to filter certain info (ie ad.google.com) to work like a hosts file on Windows and block that address.

Thanks all.


----------



## tobik@ (Mar 21, 2015)

Have you considered using dns/dnsmasq? It is very easy to setup and good enough for a home network. I am using it for exactly the same thing you want.

With dnsmasq you just have to add every hostname you want to block to /etc/hosts and make sure to enable expand-hosts in the configuration file.


----------



## warlocke (Mar 21, 2015)

I had not seen this yet. Looking at it now. I know in Windows if the hosts file gets to big it can slow the machine down, does Linux have the same issue with a hosts file?


----------



## tobik@ (Mar 21, 2015)

warlocke said:


> I had not seen this yet. Looking at it now. I know in windows if the hosts file gets to big it can slow the machine down, does linux have the same issue with a hosts file?


You mean FreeBSD? I am using the hosts file from http://someonewhocares.org/ It has ~10000 lines and I've not noticed any slow down.


----------



## warlocke (Mar 21, 2015)

Yes FreeBSD sorry. Also I use a combination of files from different locations for a hosts file, how does dnsmasq handle if there are multiple entries for a single server? Does it just read the 1st one it finds and then blocks it? Sorry for the questions, First time I've used any type of Linux system in years.


----------



## tobik@ (Mar 21, 2015)

Can't answer that. It was never any concern for me as I am blocking all entries anyway (who cares if there are duplicate entries) by letting them resolve to 0.0.0.0.

FreeBSD is a not Linux system. Linux and FreeBSD are both completely distinct operating systems.


----------



## warlocke (Mar 21, 2015)

I'm sorry, I don't mean to keep calling it Linux, I am looking into options atm. While I am at it. Is there a way to set a user as `su` capable, but not have to have the root pass? Maybe a seperate root pw that is only for `su` commands?


----------



## junovitch@ (Mar 21, 2015)

Unbound is also an option if you just need recursive DNS and don't need to serve your own domain name.  It's also far simpler than BIND.  It's included in FreeBSD 10+ as well as available as dns/unbound for older releases or if the need to handle a large amount of users justifies compiling the port with the LIBEVENT option.

Some helpful info on using the including Unbound.
http://blog.des.no/2013/09/local-caching-resolver-in-freebsd-10/

Some info on using the ad blocking with Unbound along with a script to keep it update.
https://calomel.org/unbound_dns.html

As to the `su` question, typically the security/sudo package, available with `pkg install sudo`, is preferred here.  sudoers(5) describes the NOPASSWD keyword.  However, I would recommend that it only be used for specific commands that need it rather than giving the user a blanket ability to do whatever they want.


----------



## warlocke (Mar 23, 2015)

Ok, a co worker was able to help me on bind99 to get it setup. It's now up and running. My next question. What port does bind99 run on if I wanted to use the DNS server while on say 4g on my phone/tablet.

Also, to junovitch
A coworker runs FreeBSD for his main OS and is helping me set up my server. He showed me how to view the shell log and such and is very helpful with getting the server going. He has shown me step by step how to configure and set up everything as well.

So I do trust him with the `sudo` access, I did find what I needed though so I thank you for your response to that question.

So far yall have been a great help with info. I am sure I will be here quite a bit.


----------



## junovitch@ (Mar 23, 2015)

warlocke said:


> Ok, a co worker was able to help me on bind99 to get it setup. It's now up and running. My next question. What port does bind99 run on if I wanted to use the DNS server while on say 4g on my phone/tablet.



DNS is port 53 by default.  Are you referring to opening it up to the Internet so you can access it? Just my opinion but it doesn't seem worth the effort.  For one, I'm not even sure you could configure some phones or tablets to use your own DNS.  I'd also be weary as DNS servers open to recursion can unknowingly become part of a DDoS attack against someone.

Some helpful reading:
http://www.infoworld.com/article/26...-dns-servers-or-risk-aiding-ddos-attacks.html



warlocke said:


> Also, to junovitch
> A coworker runs FreeBSD for his main OS and is helping me set up my server. He showed me how to view the shell log and such and is very helpful with getting the server going. He has shown me step by step how to configure and set up everything as well.
> 
> So I do trust him with the `sudo` access, I did find what I needed though so I thank you for your response to that question.
> ...



Thanks, sounds like you got things on track there.  Quite a few things are pretty straight forward and covered in the man pages or FreeBSD Handbook.  It's always worth starting there.  Hopefully you can find an answer documented there but if not then feel free to ask for help.


----------

