How to wall garden the malicious domain
Blason R
blason16 at gmail.com
Fri Apr 20 07:57:23 UTC 2018
Hi there,
What I am looking for is -
You correctly identified I have around 300k+ domain entries and would need
to divert it to IP address 192.168.1.10. One way proabably woud be to
malicious.com A 192.168.1.10
bad.com A 192.168.1.10
malware.co.in A 192.168.1.10
Now instead putting IP address in front of every domain can we have
variable or any other method to be used? like
abc.test.com. A 192.168.1.10
malicious.com CNAME abc.test.com.
bad.com CNAME abc.test.com.
malware.co.in abc.test.com
On Fri, Apr 20, 2018 at 12:27 AM, Grant Taylor via bind-users <
bind-users at lists.isc.org> wrote:
> On 04/18/2018 11:37 PM, Blason R wrote:
>
>> I need to wall garden the malicious Domain request and instead route to
>> that server itself.
>>
>
> I assume that you are saying that you need to 1) filter malicious domains
> and 2) you want requests for them to be resolved to your (DNS?) server.
>
> e.g. my DNS server IP is 192.168.5.47 and would like to wall-garden the
>> request and provide the IP 192.168.5.47 since I have 0.3 million domains
>> specifying IP in front of them would not be a good option.
>>
>
> What do you mean by "specifying IP in front of them would not be a good
> option"? Are you saying that you don't want to have "$domain A
> 192.168.5.47" entries for all 300k domains?
>
> Without doing anything, BIND will resolve the domains normally. So you
> will need to do something to each of the domains to cause the RPZ to not
> resolve the domains normally. This usually means that you will need to
> specify an alternate IP or CNAME for each and every one of them. I don't
> see a way around this.
>
> Can you please suggest me the way to do that?
>>
>
> Please elaborate on what you are wanting to do and not do.
>
>
>
> --
> Grant. . . .
> unix || die
>
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20180420/0b43b44a/attachment.html>
More information about the bind-users
mailing list