Selective DNS Spoofing

[Bob Steele]

Jim, This is a good idea. I was unaware that the views mechanism had been
implemented as it had not in the version I'm currently using.  I am
upgrading tonight and will attempt some testing. I will let you know how
this goes.  I'm not familiar with the NetReg scheme, do you know where I
can find out more about it?
Bob Steele

Jim Reid wrote:

> >>>>> "Bob" == Bob Steele <rsteele at 1stlink.net> writes:
>
>     Bob> I have a unique problem that I suspect will require the
>     Bob> modification of the BIND source to solve.
>
> Nope.
>
>     Bob> I believe the only way to build this functionality into the
>     Bob> free dial service is to modify BIND in such a way that it
>     Bob> determines which inquiries to process normally, and which
>     Bob> inquiries to spoof.  Because the guest users have a
>     Bob> distinguishable IP address there should not be a lot of
>     Bob> overhead in determining which inquiries require modification.
>
> Use the views mechanism in BIND9. A name space can be tagged to IP
> addresses. So if the guest account IP addresses are fixed and known in
> advance, present them with a name space that only lets them see what
> you want them to see.
>
> Another way of doing this might be the NetReg scheme that was written
> up at USENIX (or LISA?) a while ago. This was to allow new students to
> register themselves on a campus LAN without having to hassle the
> computer centre. Unknown MAC addresses were assigned IP addresses and
> a special DNS server by the DHCP server. The name server pointed them
> at a registration web page and nowhere else.