Sign in Subscribe

Creating a Domain Name System (DNS) Server

Jake

3 min read
Creating a Domain Name System (DNS) Server
Photo by Aman Pal / Unsplash

The DNS server we will create is to block advertisements, trackers, and telemetry for privacy reasons. Telemetry is the meta data of what you do online. Like diagnostic data sent to vendors. For our personal data center, we will be running the Pi-Hole. It's supposed to be a black hole for advertisements.

Install Pi-Hole

First step is to create an Ubuntu 24.o4 VM.

Second step is to run this script

curl -sSL https://install.pi-hole.net | bash

Follow the steps on the screen. Your IP address will already be static if you are following the guides I've created.

Write down the admin password. It will only be shown once. If you missed it you can reset it with pihole -a -p.

Adjust Your Firewall

Make sure your UFW is scoped down to providing DNS to your home and to your data center. 

sudo ufw allow in on [PUBLIC INTERFACE] from [YOUR HOME IPv4/6 NETWORK] to any
sudo ufw allow in on [PUBLIC INTERFACE] from [YOUR HOME IPv4/6 NETWORK] to any

Add Block Lists

Now log in to the admin portal https://[PUBLIC IP]/admin.

Go to "Lists" on the left.

Add the following lists as blocklists. 

https://raw.githubusercontent.com/PolishFiltersTeam/KADhosts/master/KADhosts.txt
https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.Spam/hosts
https://v.firebog.net/hosts/static/w3kbl.txt
https://adaway.org/hosts.txt
https://v.firebog.net/hosts/AdguardDNS.txt
https://v.firebog.net/hosts/Admiral.txt
https://raw.githubusercontent.com/anudeepND/blacklist/master/adservers.txt
https://v.firebog.net/hosts/Easylist.txt
https://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&showintro=0&mimetype=plaintext
https://raw.githubusercontent.com/FadeMind/hosts.extras/master/UncheckyAds/hosts
https://raw.githubusercontent.com/bigdargon/hostsVN/master/hosts
https://v.firebog.net/hosts/Easyprivacy.txt
https://v.firebog.net/hosts/Prigent-Ads.txt
https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.2o7Net/hosts
https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/spy.txt
https://hostfiles.frogeye.fr/firstparty-trackers-hosts.txt
https://raw.githubusercontent.com/DandelionSprout/adfilt/master/Alternate%20versions%20Anti-Malware%20List/AntiMalwareHosts.txt
https://v.firebog.net/hosts/Prigent-Crypto.txt
https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.Risk/hosts
https://bitbucket.org/ethanr/dns-blacklists/raw/8575c9f96e5b4a1308f2f12394abd86d0927a4a0/bad_lists/Mandiant_APT1_Report_Appendix_D.txt
https://phishing.army/download/phishing_army_blocklist_extended.txt
https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-malware.txt
https://v.firebog.net/hosts/RPiList-Malware.txt
https://raw.githubusercontent.com/Spam404/lists/master/main-blacklist.txt
https://raw.githubusercontent.com/AssoEchap/stalkerware-indicators/master/generated/hosts
https://urlhaus.abuse.ch/downloads/hostfile/
https://lists.cyberhost.uk/malware.txt

Update "Gravity"

On the left under "Tools" click on "Update Gravity" then the "Update" button.

It will then provide a decent amount of themed updates.

Loosen Restrictions on Responses

Click "Settings," "DNS," "Basic," and choose Permit all origins.

This will allow it to respond on the public interface and internal interface.

Make sure you have your firewall restricting who can interact with your DNS server. If others are using your DNS server, it will overload it.

Custom Name Servers

Next click on "Custom Name Servers" and add the following

1.1.1.2
1.0.0.2
2606:4700:4700::1112
2606:4700:4700::1002

This is the CloudFlare malware prevention DNS servers. If you need to set something more restrictive for children, consider using these to block most adult content. 

1.1.1.3
1.0.0.3
2606:4700:4700::1113
2606:4700:4700::1003
You are done! Change your DNS server settings on your home router and VPN settings.