Selective DNS Spoofing
Jim Reid
jim at rfc1035.com
Sun Mar 25 17:41:32 UTC 2001
>>>>> "Bob" == Bob Steele <rsteele at 1stlink.net> writes:
Bob> I have a unique problem that I suspect will require the
Bob> modification of the BIND source to solve.
Nope.
Bob> I believe the only way to build this functionality into the
Bob> free dial service is to modify BIND in such a way that it
Bob> determines which inquiries to process normally, and which
Bob> inquiries to spoof. Because the guest users have a
Bob> distinguishable IP address there should not be a lot of
Bob> overhead in determining which inquiries require modification.
Use the views mechanism in BIND9. A name space can be tagged to IP
addresses. So if the guest account IP addresses are fixed and known in
advance, present them with a name space that only lets them see what
you want them to see.
Another way of doing this might be the NetReg scheme that was written
up at USENIX (or LISA?) a while ago. This was to allow new students to
register themselves on a campus LAN without having to hassle the
computer centre. Unknown MAC addresses were assigned IP addresses and
a special DNS server by the DHCP server. The name server pointed them
at a registration web page and nowhere else.
More information about the bind-users
mailing list