A simple DNS Proxy that returns NXDOMAIN if the master offers an IP from a specified blacklist.
[cc lang='bash']
\$ yum install python-twisted
\$ wget https://github.com/lamby/dns-filter/zipball/master
\$ unzip master
\$ cd lamby-dns-filter-9c5d40d
\$ vi dns-filter.conf
\$ ./run.sh &
\$ netstat -tulnp | grep 53
udp 0 0 0.0.0.0:53 0.0.0.0:* 5736/python
\$ tail -f /var/log/messages
2012-06-02 01:31:27+0300 [-] twistd 8.2.0 (/usr/bin/python 2.6.6)
starting up.
2012-06-02 01:31:27+0300 [-] reactor class:
twisted.internet.selectreactor.SelectReactor.
2012-06-02 01:31:27+0300 [-]
2012-06-02 01:31:27+0300 [-] Starting protocol
[/cc]
dns-filter.conf
[cc land='bash']
[dns-filter]
# DNS server to get results from
master = 8.8.8.8
# Invalid 'A' record IP addresses. The program will return "no such
# domain" if one of these addresses is offered.
invalid =
10.20.30.41,
10.20.30.42
[/cc]