DNS Forwarding/Stub zones?

Peter Dambier peter at peter-dambier.de
Tue Aug 15 21:39:04 UTC 2006 

pthomp at gmail.com wrote:
> Greetings all,
> 
> I'm trying to write a document about how we could intercept requests to
> potentially malicious websites using DNS forwarding.  After doing some
> reading I stumbled across stub zones.  What I don't fully understand is
> the implementation of this or which would be better.
> 
> Example:
> 
> Client infected with malware tries to get to something.ru  So we tell
> our internal DNS servers to tell the client that instead of going out,
> my little server over here is actually something.ru effectively
> intercepting the request.
> 
> I assumed creating a simple forward zone for *.ru would be the best was
> to accomplish this, but  then I have to create a forward zone for every
> domain I want forwarded.  With the stub zone I understand that I could
> just provide the DNS admin the root.stubs.conf file and this would
> effectively accomplish the same thing?  Can you use wildcards in the
> root.stubs file? i.e. *.ru?
> 
> Could someone please clarify this for me as I'm confused if they work
> the same way.
> 
> Thanks in advance.
> 

This is how a stub zone works

In /etc/named.conf

...
#
# stub zones

zone "ewe" {
type stub;
file "stub/ewe";
masters { 71.132.98.41; 64.62.206.88; 64.62.206.91; };
};
...

now bind will query the masters and build the following file

/var/named/stub/ewe

$ORIGIN .
$TTL 3600       ; 1 hour
ewe                     IN SOA  lear.cavebear.com. karl.cavebear.com. (
                                 2006021100 ; serial
                                 172800     ; refresh (2 days)
                                 7200       ; retry (2 hours)
                                 3600000    ; expire (5 weeks 6 days 16 hours)
                                 172800     ; minimum (2 days)
                                 )
$TTL 172800     ; 2 days
                         NS      lear.cavebear.com.
                         NS      puck.iwl.com.
                         NS      ariel.iwl.com.



Now replace the masters with your own and copy and edit the zone file.

Dont forget to edit /etc/named.conf from "type stub;" to "type master;"
on your master and add whatever you like to the zonefile.

Dont forget to put in your NS records and delete the original.

It might be a good idea to increment the serialnumber.

Normally I do use stub zones for other things.


Kind regards
Peter and Karin


-- 
Peter and Karin Dambier
Cesidian Root - Radice Cesidiana
Graeffstrasse 14
D-64646 Heppenheim
+49(6252)671-788 (Telekom)
+49(179)108-3978 (O2 Genion)
+49(6252)750-308 (VoIP: sipgate.de)
mail: peter at peter-dambier.de
mail: peter at echnaton.serveftp.com
http://iason.site.voila.fr/
https://sourceforge.net/projects/iason/

More information about the bind-users mailing list