idea about forging dns data
/dev/rob0
rob0 at gmx.co.uk
Wed Aug 31 14:09:10 UTC 2005
On Wednesday 2005-August-31 08:15, Sami Kerola wrote:
> I am hostmaster and while ago co-worker asked is it possible to
> lie 2000-3000 names in resolver. His noble cause was kiddie porn
> sites which should resolve as some other IP than the real site
> where immoral materal exists.
>
> First idea was to declare zone as a master on resolver and make it
> empty. Unfortunately all other hosts in same domain will stop
Correct.
> working. This "solution" is also quite hard to keep clear because
> of many many zone files.
Not correct. Use a single zone file for all such zones. Sample:
@ IN SOA ns.your.zone. hostmaster.your.zone. (
2004012000 ; serial number YYMMDDNN
28800 ; refresh 8 hours
7200 ; retry 2 hours
864000 ; expire 10 days
86400 ) ; min ttl 1 day
NS ns.your.zone.
A 10.10.10.1
* IN A 10.10.10.1
You could use whatever you want in place of the IP. You might want to
have a Web server there to catch HTTP attempts. Ours serves a default
404 page saying "this site is blocked by company policy, please see
administrator if you need access." Or you might want to use a null-
routed IP and log all attempts to route to it.
My null.zone file above is a very blunt instrument! It clobbers
everything under the hijacked domain with a wildcard. Precision in
censorship of this nature is not easy.
Here's a short excerpt of our named.conf (an included file actually):
zone "gator.com" { type master; notify no; file "null.zone"; };
zone "bonzibuddy.com" { type master; notify no; file "null.zone"; };
--
mail to this address is discarded unless "/dev/rob0"
or "not-spam" is in Subject: header
More information about the bind-users
mailing list