DNS Blocker
Dave's Naughty Stuff Blocker
----------------------------


Quick Start:

1. Unpack the tarball
2. Obtain and install libpcap and libnids if you haven't already
3. 'cd' into the DNS Blocker directory
4. 'make'
5. Edit the configuration files (described below)
6. 'su' to root and copy the configuration files into /etc
7. As root move the compiled binary to wherever you want it to live
   (/sbin's not a bad spot).  
8. Edit /etc/block_web_addr and insert the address of the machine that
   you wish to redirect traffic to.
9. To start the blocker, "/sbin/dns_block".

By default, the blocker will start on the lowest numbered interface.
You can set the blocker to listen on a specific interface with the
'-i' command line switch.  For instance, to start the blocker on
ethernet 1 on a linux system:

/sbin/dns_block -i eth1


Configuration Files
-------------------
ALL FILES ARE CASE SENSITIVE!!!  You should only use lower case.
The blocker software converts all DNS requests to lower case
to simplify all of our lives.

The configuration files are just plain text files.  With the exception of the
'block_web_addr' file, you may find the files that come with the distribution
to be a good starting point.  I am interested in any and all effective additions
to these files, so please post them on sourceforge.

block_web_addr
--------------
You -MUST- edit this file!!!  This file contains a single line that
defines the address to which you wish to redirect hosts.

blocked_names
-------------
This file is a list of sites that you wish to explicitly block access to.
This is for catching sites like "wego.com" (if you wanted to block a
primary site for Gnutella site lists).  This may be preferable to adding
'wego.com' to the strings list if you don't want to block things like
'oswego.com'.  The idea is, if you can't come up with a string that is
specific enough to block what you want without collateral blocking,
go with an explicit block.

blocked_strings
---------------
This file contains a list of strings used to match against site names.
If any of these strings fit into a DNS request, a spoofed reply will
be generated unless there is an entry in the allowed_sites file.

allowed_sites
-------------
This file is the opposite of the blocked_names file.  If a site name
appears in this list, it will be allowed explicitly no matter whether
it appears in either of the other two lists.