DNS proxy
Ray Wallace
rwallace at nic.mil
Wed Oct 5 12:41:52 UTC 2005
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
In the normal course of business (in theory), the local DNS server at the
base level will get a query for something.tld. It will then query one of the
root-level servers to find out who is authoritative for that tld and will
recurse until it finds an IP address for the original query. What will be
the impact if the DoD was to inject a DNS proxy server between the local
servers and the root-level servers? This would help obfuscate some of the
queries that traverse the public Internet helping to improve our OPSEC. It
would also allow us to add domains to this "proxy" server that route to
127.0.0.1. Null routing domains that are known to proliferate spam, spyware,
other malware, or are just deemed "undesirable" would help prevent the
spread of spyware and other maladies and increase in available bandwidth for
mission related traffic. Would this work? What are you expert opinions on
the pros/cons of doing something like this?
More information about the bind-users
mailing list