Upgrade to Pro — share decks privately, control downloads, hide ads and more …

DNSブロッキングで無駄な広告表示を減らそう

Ee4c337fbe0db506f2fa17568ba3c7c8?s=47 東平洋史
October 06, 2018

 DNSブロッキングで無駄な広告表示を減らそう

DNSキャッシュサーバーの実装であるUnboundを使用して広告サイトの問い合わせに対してnodataあるいはnxdomainを返すように設定することにより、Webブラウザで広告表示を減らした事について記述しました。

Ee4c337fbe0db506f2fa17568ba3c7c8?s=128

東平洋史

October 06, 2018
Tweet

Transcript

  1. DNS    

  2. Web  

  3. Web  https://ngk2018b.connpass.com/event/104965/ 

  4.   https://ngk2018b.connpass.com/event/104965/  

  5. Web    Web     

  6.  ?

  7.  ?

  8.   Web      

  9.  

  10. Web   https://ngk2018b.connpass.com/event/104965/ 

  11.     

  12. DNS   

  13. DNS   Web  DNS    DNS

                  Web     
  14. 

  15. %+!+ Mac(#-,UNIX like OS)(Windows'&. • DNS3@:7A6G<G+2F8;GD • Unbound+2F8;GD • Unbound+

    =12D+ •  62;+include+ • =B5?F; • DO bit 0 off (DNSSEC0/)" ) • EDNS+<:=16290512* • >E:4&. 62;+C8;+(#-, ) •  62;+C8;+ • >E:4&. +$ • +  https://tomocha.net/diary/?20180818#201808182 0
  16. Unbound !" 2018%12,11)*- +(. 1.8.3 • Windows • #&!""! "

    https://www.nlnetlabs.nl/projects/unbound/download/ • Mac • #&"! " https://www.nlnetlabs.nl/projects/unbound/download/ • "('1) • /Library/LaunchDaemons/ plist / "! 0$  ('1)
  17. $ tar xvf unbound-1.8.3.tar.gz $ ls unbound-1.8.3 $ cd unbound-1.8.3

    $ ./configure $ make $ make check $ sudo make install   
  18. <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-

    1.0.dtd"> <plist version="1.0"> <dict> <key>Label</key> <string>homebrew.mxcl.unbound</string> <key>KeepAlive</key> <true/> <key>RunAtLoad</key> <true/> <key>ProgramArguments</key> <array> <string>/usr/local/sbin/unbound</string> <string>-d</string> <string>-c</string> <string>/usr/local/etc/unbound/unbound.conf</string> </array> <key>StandardErrorPath</key> <string>/dev/null</string> <key>StandardOutPath</key> <string>/dev/null</string> </dict> </plist> plist
  19. • Mac  • /usr/local/etc/unbound/unbound.conf   include: "/usr/local/etc/unbound/blocking.conf” •

    Windows  • C:¥Program Files¥Unbound¥blocking.conf   include: "C:¥Program Files¥Unbound¥blocking.conf” Unbound  
  20. DO bit  off 2& Unbound 1.8.1   default

    DO biton  DNSSEC /$4 TCP 5'6"0() * harden-referral-path: no ↓ harden-referral-path: yes • Mac%# • /usr/local/etc/unbound/unbound.conf • Windows%# • C:¥Program Files¥Unbound¥blocking.conf 2&1,-3. !+ http://www.e-ontap.com/blog/20181031.html
  21. EDNS512 edns-buffer-size: 4096 ↓ edns-buffer-size: 512 • Mac • /usr/local/etc/unbound/unbound.conf

    • Windows • C:¥Program Files¥Unbound¥blocking.conf      http://www.e-ontap.com/blog/20181031.html EDNS 
  22. •  ?>A4C@A4 https://280blocker.net/download/ •  #?>A9: • %1-; 53"3

    */+)( • &5%'2,' (https://280blocker.net)<430<.- 47 1 -( • 14D&5 1-(=BC64!7$ 78 1-(  ?>A4C@A4
  23.   *) • -&(0' &( $  • blocking.conf

    + /1# local-zone: “ .” static ! ! ". !  nodatanxdomain%,
  24. • Mac •    sudo pkill -HUP unbound

    • Windows • Unbound DNS validator   
  25.  DNS   

  26.   

  27. ()googleadservices.com       

  28.    ()googleadservices.comGoogle Public DNS  

  29.   "Your_cache_server_is_vulnerable.”    DO bit  off

      
  30. EDNS  dig rs.dns-oarc.net txt    xxx.xxx.xxx.xxx 

      IP
  31.  DNS 

  32. Mac DNS 

  33.     

  34.   

  35. DNS  1. DNS 2. +

  36. DNS  1. 127.0.0.1

  37. DNS  1. 127.0.0.1 2. OK 

  38. DNS  

  39. Windows DNS 

  40.      

  41.         

  42. NIC   1.    2. NIC 

    3.  
  43. NIC  1.    4(TCP/IPv4) 2.  

    
  44. DNS   1. DNS    

  45. DNS  1. 127.0.0.1 2. OK

  46. DNS OK

  47. DNS  

  48.   https://ngk2018b.connpass.com/event/104965/ 

  49. DNS38/(9* %38/) • DNS(4/,5+:1:'9-0:7 • Unbound'9-0:7 • Unbound 2&'7 •

    +'0include • DO bit % off (DNSSEC%$ ) • EDNS1/2&+'.%512 • 38/)# +'06-0 (") • +'06-0 • 38/)#  •   ! https://tomocha.net/diary/?20180818#201808182 %