Articles April 2, 2005 at 3:14 pm

Using DNS in OS X Server to Block Ads

Right, we all hate ads, don’t we?

Good. Then if we could use the DNS built in to OS X server to block the ads from appearing on any client that uses
that DNS server, it would be a good thing, wouldn’t it?
Well, in my experience the vast majority of ad servers serve only to increase page loading times and infuriate me by telling me that:

a) my machine is not running as fast as it could be and needs its registry cleaned
b) my machine is broadcasting its presence on the web and needs some amazing security product installed on it
c) that I have won some prize if the image is flashing

There are several sites out there telling you how to block ad servers with host files and through css in Safari, but I haven’t seen anything dedicated to OS X Server’s DNS, so I wrote this.

To get this working, we really only need two things:

1. A list of addresses/domains that we want to block.
2. A zone file telling the service what to do when a request is made by a client to go to one of these sites.

I can’t claim to have created the list used in 1, but there is a site out there that maintains a list, which is a great starting point.

This file is in the wrong format to be read into DNS, though. The same site also has a handy utility that will convert that list into a BIND compatible format.

So, now we have our BIND-friendly list.

Part 2 – we need to tell DNS where to direct clients making a request to any of these addresses.

The list created above points all entries to null.zone.file. There is a sample file available on the same page. Feel free to customise the file with your settings, but I have tested it ‘as is’ and it works just fine. It points requests to 127.0.0.1, so if client machines are running Apache, it will throw up the default page wherever an ad would have appeared.

If this is a problem, the best way around it that I have found (feel free to point out something better), is to have Apache on the server listening on a specific IP address with a blank page as index.htm and editing this null.zone.file to point to that IP address instead of 127.0.0.1.

Now the important part – getting these 2 files in the right place. First, the server list.

I’m going to assume the files are already on the server somewhere and you’ve ssh’d in or have ARD access and Terminal open 🙂

The contents of the bind-friendly server list needs to me copied into named.conf which lives in /private/etc

Before you do anything take a backup:

sudo cp /private/etc/named.conf /private/etc/named.conf.bak

Open named.conf in your favourite editor (using sudo as it’s read-only) and paste the contents of the file into it. If you already have zones, you’ll want to put this list in after them for a number of reasons, not least of which is readability. I put it after my internal zone entries and before the logging section.

Next, we need to copy the null.zone.file into the right location. That place is /private/var/named/

Check the permissions, which should be root:wheel 644

Finally we need to restart DNS. As we’re in the terminal we can use:

sudo serveradmin stop dns
sudo serveradmin start dns

You should now be able type in something like doubleclick.net into Safari’s address bar and get nothing more than a blank page.

4 Comments

  • I followed the directions on a client install and restarted. Though I can still
    link directly to the add servers, it appears that the config. additions have
    negated any pop under ads under Safari. So that is pretty cool. I’ll set it up on
    my DNS and see if I can then no longer link directly.

  • I had set this up under 10.3.8. Worked great. After the upgrade to 10.3.9 the ads weren’t getting blocked anymore. I noticed my null.zone.file had been deleted. Well, thank you very little. Easy to fix, obviously… Just a heads up.

    Anybody else have this happen to them?

  • Jordan Wierengo

    Can this be updated for current macOS Sierra running Server 5.2?

Leave a reply

You must be logged in to post a comment.