Question about Records not authoritative for
Ben Croswell
ben.croswell at gmail.com
Thu Dec 11 18:19:22 UTC 2008
This is exactly what we have done in the past to mitigate malware. Just
load somebaddomain.com with no A records or with a wildcard pointing to
127.0.0.1.
--
-Ben Croswell
On Thu, Dec 11, 2008 at 11:29 AM, Baird, Josh <jbaird at follett.com> wrote:
> You could just create an authoritative zone for the domain on your
> internal view to override recursion. You can then create a wildcard 'A'
> record or such to resolve to 127.0.0.1, etc.
>
>
>
> Josh
>
>
>
> *From:* bind-users-bounces at lists.isc.org [mailto:
> bind-users-bounces at lists.isc.org] *On Behalf Of *Casartello, Thomas
> *Sent:* Thursday, December 11, 2008 10:25 AM
> *To:* 'bind-users at isc.org'
> *Cc:* Childs, Aaron
> *Subject:* Question about Records not authoritative for
>
>
>
> I was wondering if Bind allows you to override certain records for zones we
> are not authoritative for. Essentially we have a virus that some users have
> been infected with, and we want to temporarily blockout the domain name of
> the server that this virus connects to to send its information out.
> (Basically by having this domain name point to 127.0.0.1) I know it is a
> protocol violation, but I was just wondering if it is possible to do this
> and what would be the best way of going about it. We essentially have two
> servers with two views. One view serves our DNS zones to the outside world
> (With recursion disabled) and the other performs recursive queries for our
> on campus users. Obviously we would only be doing this on our internal view.
>
>
>
> Thomas E. Casartello, Jr.
>
> Staff Assistant - Wireless Technician/Linux Administrator
>
> Information Technology
>
> Wilson 105A
>
> Westfield State College
>
> (413) 572-8245
>
>
>
> Red Hat Certified Technician (RHCT)
>
>
>
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20081211/9466c83e/attachment.html>
More information about the bind-users
mailing list