Selective DNS Spoofing
Bob Steele
rsteele at 1stlink.net
Mon Mar 26 01:15:02 UTC 2001
Jim, This is a good idea. I was unaware that the views mechanism had been
implemented as it had not in the version I'm currently using. I am
upgrading tonight and will attempt some testing. I will let you know how
this goes. I'm not familiar with the NetReg scheme, do you know where I
can find out more about it?
Bob Steele
Jim Reid wrote:
> >>>>> "Bob" == Bob Steele <rsteele at 1stlink.net> writes:
>
> Bob> I have a unique problem that I suspect will require the
> Bob> modification of the BIND source to solve.
>
> Nope.
>
> Bob> I believe the only way to build this functionality into the
> Bob> free dial service is to modify BIND in such a way that it
> Bob> determines which inquiries to process normally, and which
> Bob> inquiries to spoof. Because the guest users have a
> Bob> distinguishable IP address there should not be a lot of
> Bob> overhead in determining which inquiries require modification.
>
> Use the views mechanism in BIND9. A name space can be tagged to IP
> addresses. So if the guest account IP addresses are fixed and known in
> advance, present them with a name space that only lets them see what
> you want them to see.
>
> Another way of doing this might be the NetReg scheme that was written
> up at USENIX (or LISA?) a while ago. This was to allow new students to
> register themselves on a campus LAN without having to hassle the
> computer centre. Unknown MAC addresses were assigned IP addresses and
> a special DNS server by the DHCP server. The name server pointed them
> at a registration web page and nowhere else.
More information about the bind-users
mailing list