Poisoning & error messages question...
Peter Dambier
peter at peter-dambier.de
Fri Jul 8 14:02:49 UTC 2005
Carl Holtje wrote:
> All-
>
> I'm looking for a way to prevent certain names from being resolved on a
> small home network (host files are too cumbersome to keep synchronized,
> so a network-wide solution is a must). I've currently employed a technique
> by which I pose as the authority of a DNS zone, and query a null zone
> file.
how about ip 127.0.0.1
The host would contact itself. If it is about http and you had no server
running on that host then you would be done.
> This works, but resolves to a "valid" IP (it does not reference an actual
> system, but DNS doesn't reflect that fact.. so a program will resolve to
> this non-existant address, and then try to contact it). What I'd like is
> for my BIND9 server to reply with something akin to a 'host not found'
> error message, and stop the attempt cold.
You are not talking about zeroconfig '.local' zone, are you?
Then returning ip 0.0.0.0 might be an idea but I have not testet.
> Is it possible to do this? I was thinkin' instead of resolving to an
> address, not resolve anything (by removing the A entry).. While this seems
> like it would work, it also seems like a big hack..
It is not a hack, it is the way to do it.
> Suggestions, ideas?
>
> Thanks!
>
> Carl
>
>
--
Peter and Karin Dambier
Public-Root
Graeffstrasse 14
D-64646 Heppenheim
+49-6252-671788 (Telekom)
+49-179-108-3978 (O2 Genion)
+49-6252-750308 (VoIP: sipgate.de)
+1-360-448-1275 (VoIP: freeworldialup.com)
+1-360-226-6583-9563 (INAIC)
mail: peter at peter-dambier.de
http://iason.site.voila.fr
http://www.kokoom.com/iason
More information about the bind-users
mailing list