One of my security controls in my home lab is to block certain DNS traffic (and IP address-based traffic, of course). It is basically ads and malware related traffic that I filter. A convenient place to do this, is the network perimeter. Adding protection here, safeguards all clients (laptops, gaming consoles, smartphones, etc.) within the network. Currently, I am using a pfsense package called pfBlockerNG [1], which blocks DNS traffic for me. pfBlockerNG blocks whatever domain names (and IP addresses) are configured. For this purpose I consume block lists, which are continually updated.
Some of the block lists I use and recommend:
- IP address-based
- Emerging Threat (https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt)
- Emerging Threat compromised IPs (https://rules.emergingthreats.net/blockrules/compromised-ips.txt)
- Spamhaus (https://www.spamhaus.org/drop/drop.txt)
- Spamhaus extended (https://www.spamhaus.org/drop/edrop.txt)
- Abuse.ch Ransomware (https://ransomwaretracker.abuse.ch/blocklist/)
- Firehol (https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level3.netset)
- DNS-based
- Someonewhocares (http://someonewhocares.org/hosts/hosts)
- hpHosts by Malwarebytes (https://hosts-file.net/ad_servers.txt)
- Quidsup (https://raw.githubusercontent.com/quidsup/notrack/master/trackers.txt)
- Adaway (https://adaway.org/hosts.txt)
- Cameleon (http://sysctl.org/cameleon/hosts)
- Abuse.ch Ransomware (https://ransomwaretracker.abuse.ch/downloads/RW_DOMBL.txt)
- Yoyoads (http://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&mimetype=plaintext)
- Easylists (https://easylist.to/)
This list is incomplete, but demonstrates many available options to implement cheap/free IP address and DNS-based filtering using up-to-date threat intel. information.
[1] https://github.com/pfsense/FreeBSD-ports/commits/devel/net/pfSense-pkg-pfBlockerNG