Setting Up a Blackhole DNS Server on Ubuntu Server
I was recently tasked with setting up a blackhole (or sinkhole) DNS server on the network at the office. I was refered to an article that walked through setting one up using FreeBSD.
If you’re not familiar with blackhole/sinkhole DNS servers, basically what they do is when a DNS lookup is performed, the blackhole DNS server consults a list of known malicious domains, if the requested the domain is in the list, then any traffic to that domain is redirected. It provides a bit of extra security in that
Things seemed to go pretty smoothly, until I started the Bind service, at which point I started getting several errors. I couldn’t quite figure out why I was getting them, so I posted a question about it over in the FreeBSD forums.
While I was waiting for a response, I thought I would spin-up an Ubuntu Server VM in VirtualBox on my laptop and see if I could get it working that way. Turns out that I could, and I actually had it working before I got a response in the FreeBSD forums. (The problem, by the way, turns out to be that Bind is chroot in FreeBSD, which was causing problems with the configurations for the blackhole. I haven’t gone back to try to figure out how to get it working on FreeBSD, since I already had it done in Ubuntu Server.)
So here’s how to get Bind set-up and running using Ubuntu Server.
Install Ubuntu Server, making sure to select DNS, LAMP and OpenSSH installations
Refer to www.pintumbler.com/Code/dnsbl for the rest of the set-up.
NOTE: Turning on Bind Logging
Since named(bind) isn’t, by default, allowed to write to the newly created log directory, we need to tell apparmor that it is allowed to.
Edit /etc/apparmor.d/local/usr.sbin.named and add the following line:
Save and close the file
sudo apparmor_parser -r /etc/apparmor.d/usr.sbin.named
Restart the bind service:
sudo service bind9 restart
If you want to check the logs try something like:
sudo tail -20 /var/log/bind/bind.log