Selective DNS Spoofing

[Brad Knowles]

At 2:44 AM +0000 3/25/01, Bob Steele wrote:

>  I believe the only way to build this functionality into the free dial
>  service is to modify BIND in such a way that it determines which
>  inquiries to process normally, and which inquiries to spoof.   Because
>  the guest users have a distinguishable IP address there should not be a
>  lot of overhead in determining which inquiries require modification.

	No, there's a much better way to handle this problem.  Use two 
sets of name servers, and configure the Portmaster to hand out the 
two different sets of name servers based on the type of account -- 
free accounts get the "captive" name servers that use the 
internal-only records (probably implemented best with wildcard 
records on an internal root), while the unlimited accounts get the 
"real" name servers.
-- 
Brad Knowles, <brad.knowles at skynet.be>

/*        efdtt.c  Author:  Charles M. Hannum <root at ihack.net>          */
/*       Represented as 1045 digit prime number by Phil Carmody         */
/*     Prime as DNS cname chain by Roy Arends and Walter Belgers        */
/*                                                                      */
/*     Usage is:  cat title-key scrambled.vob | efdtt >clear.vob        */
/*   where title-key = "153 2 8 105 225" or other similar 5-byte key    */

dig decss.friet.org|perl -ne'if(/^x/){s/[x.]//g;print pack(H124,$_)}'