Selective DNS Spoofing

Bob Steele rsteele at 1stlink.net
Mon Mar 26 01:10:37 UTC 2001 

I had thought about this but had dismissed it partially based upon reasons of
limited experience with BIND and an uncertainty if the portmaster 3 is capable
of assigning differing sets of name servers based upon the account classes.
If such a capability is present in the portmaster, then such a configuration
would be a good idea.

Jim Reid has suggested that I use the views mechanism to resolve them to the
correct page.  This functionality is not present in the version of BIND that
I'm currently using.  Hence I'm upgrading BIND tonight and will try such.
Should my tests fail, then this would probably be the next course of action.

Out of curiosity, do you know if the PM3 is capable of user classes and
assignment of differing name servers?
Bob Steele


Brad Knowles wrote:

> At 2:44 AM +0000 3/25/01, Bob Steele wrote:
>
> >  I believe the only way to build this functionality into the free dial
> >  service is to modify BIND in such a way that it determines which
> >  inquiries to process normally, and which inquiries to spoof.   Because
> >  the guest users have a distinguishable IP address there should not be a
> >  lot of overhead in determining which inquiries require modification.
>
>         No, there's a much better way to handle this problem.  Use two
> sets of name servers, and configure the Portmaster to hand out the
> two different sets of name servers based on the type of account --
> free accounts get the "captive" name servers that use the
> internal-only records (probably implemented best with wildcard
> records on an internal root), while the unlimited accounts get the
> "real" name servers.
> --
> Brad Knowles, <brad.knowles at skynet.be>
>
> /*        efdtt.c  Author:  Charles M. Hannum <root at ihack.net>          */
> /*       Represented as 1045 digit prime number by Phil Carmody         */
> /*     Prime as DNS cname chain by Roy Arends and Walter Belgers        */
> /*                                                                      */
> /*     Usage is:  cat title-key scrambled.vob | efdtt >clear.vob        */
> /*   where title-key = "153 2 8 105 225" or other similar 5-byte key    */
>
> dig decss.friet.org|perl -ne'if(/^x/){s/[x.]//g;print pack(H124,$_)}'

More information about the bind-users mailing list