"Stealing" an outside domain within a LAN

Stephen John Smoogen smooge at gmail.com
Mon Nov 20 22:40:14 UTC 2006


On 11/18/06, Wes Groleau <groleau+news at freeshell.org> wrote:
> I am successfully running BIND 9.2.2 on MacOS 10.3.9
> to give all my machines 192.168 addresses with a TLD
> of "local"
>
> But I also want to "shanghai" some unsavory
> malware domains.  In other words,
> if my Windows box asks the Mac for
> subdom.I-spy.com the Mac should return
> "not found" instead of going out to the
> root nameservers.
>

In most cases, I set up new master zones for each domain I am going to
shanghai. Thus I have a zone for 'ispyourkeyboard.example.' and put in
a wildcard for it grab all things.. related to it. I make sure that
the internal DNS servers are 'authoritative' for these miscreant
zones... and that internal boxes aren't able to go to other DNS
servers.

> How do I do that?
>
> I should be able to just put them in my hosts file,
> but (1) that won't catch any subdomains I didn't predict
> and (2) there seems to be a bug in this version of Mac OS
> in that it ignores the config file commands to use
> /etc/hosts first and goes to DNS instead.
>
> --
> Wes Groleau
> -----------
>
>     "Thinking I'm dumb gives people something to
>      feel smug about.  Why should I disillusion them?"
>                              -- Charles Wallace
>                              (in _A_Wrinkle_In_Time_)
>
>
>


-- 
Stephen J Smoogen. -- CSIRT/Linux System Administrator
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"



More information about the bind-users mailing list