DNSブロッキングで無駄な広告表示を減らそう

Transcript

1. DNS    
   

2. Web 
   

3. Web 
   https://ngk2018b.connpass.com/event/104965/ 

4. 
     https://ngk2018b.connpass.com/event/104965/ 
   
   

5. Web    Web  
   
    

6. 
    ?

7. 
    ?

8. 
    Web      

9.  
   

10. Web  
    https://ngk2018b.connpass.com/event/104965/ 

11. 
       

12. DNS  
    

13. DNS   Web  DNS    DNS

                  Web    
    

14. 
    

15. %+!+ Mac(#-,UNIX like OS)(Windows'&. • DNS3@:7A6G<G+2F8;GD • Unbound+2F8;GD • Unbound+

    =12D+ •  62;+include+ • 
    =B5?F; • DO bit 0 off (DNSSEC0/)" ) • EDNS+<:=16290512* • >E:4&. 62;+C8;+(#-, ) •  62;+C8;+ • >E:4&. +$ • +  https://tomocha.net/diary/?20180818#201808182 0

16. Unbound !" 2018%12,11)*- +(. 1.8.3 • Windows • #&!""! "

    https://www.nlnetlabs.nl/projects/unbound/download/ • Mac • #&"! " https://www.nlnetlabs.nl/projects/unbound/download/ • "('1) • /Library/LaunchDaemons/ plist /
    "! 0$  ('1)

17. $ tar xvf unbound-1.8.3.tar.gz $ ls unbound-1.8.3 $ cd unbound-1.8.3

    $ ./configure $ make $ make check $ sudo make install   
    

18. <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-

    1.0.dtd"> <plist version="1.0"> <dict> <key>Label</key> <string>homebrew.mxcl.unbound</string> <key>KeepAlive</key> <true/> <key>RunAtLoad</key> <true/> <key>ProgramArguments</key> <array> <string>/usr/local/sbin/unbound</string> <string>-d</string> <string>-c</string> <string>/usr/local/etc/unbound/unbound.conf</string> </array> <key>StandardErrorPath</key> <string>/dev/null</string> <key>StandardOutPath</key> <string>/dev/null</string> </dict> </plist> plist
    

19. • Mac  • /usr/local/etc/unbound/unbound.conf   include: "/usr/local/etc/unbound/blocking.conf” •

    Windows  • C:¥Program Files¥Unbound¥blocking.conf   include: "C:¥Program Files¥Unbound¥blocking.conf” Unbound 
    

20. DO bit  off 2& Unbound 1.8.1  
    default

    DO biton  
    DNSSEC /$4 TCP 5'6"0(
    ) * harden-referral-path: no ↓ harden-referral-path: yes • Mac%# • /usr/local/etc/unbound/unbound.conf • Windows%# • C:¥Program Files¥Unbound¥blocking.conf 2&1,-3. !+ http://www.e-ontap.com/blog/20181031.html

21. EDNS512 edns-buffer-size: 4096 ↓ edns-buffer-size: 512 • Mac • /usr/local/etc/unbound/unbound.conf

    • Windows • C:¥Program Files¥Unbound¥blocking.conf     
     http://www.e-ontap.com/blog/20181031.html EDNS 

22. •  ?>A4C@A4 https://280blocker.net/download/ • 
    #?>A9: • %1-; 53"3

    */+)( • &5%'2,' (https://280blocker.net)<430<.- 47 1 -( • 14D&5 1-(=BC64!7$ 78 1-(  ?>A4C@A4

23.   *) • -&(0' &( $ 
    • blocking.conf

    + /1# local-zone: “ .” static ! ! ". !  nodatanxdomain%,
    

24. • Mac •    sudo pkill -HUP unbound

    • Windows • Unbound DNS validator 
     

25. 
     DNS   

26.   
    

27. ()googleadservices.com  
        

28.    (
    )googleadservices.comGoogle Public DNS  

29.   "Your_cache_server_is_vulnerable.”   
    DO bit  off

      

30. EDNS  dig rs.dns-oarc.net txt  
      xxx.xxx.xxx.xxx 

      IP

31.  DNS
    

32. Mac DNS 
    

33.    
     

34.  
    

35. DNS
     1. DNS 2. +

36. DNS
     1. 127.0.0.1

37. DNS  1. 127.0.0.1
     2. OK 

38. DNS
     

39. Windows DNS 
    

40.    
      

41.  
        
       

42. NIC   1.    2. 
    NIC 

    3.  

43. NIC
      1.    4(TCP/IPv4) 2.  

    

44. DNS   1. DNS   
    

45. DNS
     1. 127.0.0.1 2. OK

46. DNS
     OK

47. DNS  
    

48. 
      https://ngk2018b.connpass.com/event/104965/ 

49. DNS38/(9* %38/) • DNS(4/,5+:1:'9-0:7 • Unbound'9-0:7 • Unbound 2&'7
    •

    +'0include • DO bit % off (DNSSEC%$ ) • EDNS1/2&+'.%512 • 38/)# +'06-0
    (") • +'06-0 • 38/)#  •   ! https://tomocha.net/diary/?20180818#201808182 %