How to wall garden the malicious domain

Blason R blason16 at gmail.com
Fri Apr 20 07:57:23 UTC 2018


Hi there,

What I am looking for is -

You correctly identified I have around 300k+ domain entries and would need
to divert it to IP address 192.168.1.10. One way proabably woud be to
malicious.com  A  192.168.1.10
bad.com  A  192.168.1.10
malware.co.in   A   192.168.1.10

Now instead putting IP address in front of every domain can we have
variable or any other method to be used? like

abc.test.com.  A  192.168.1.10
malicious.com  CNAME abc.test.com.
bad.com  CNAME abc.test.com.
malware.co.in   abc.test.com



On Fri, Apr 20, 2018 at 12:27 AM, Grant Taylor via bind-users <
bind-users at lists.isc.org> wrote:

> On 04/18/2018 11:37 PM, Blason R wrote:
>
>> I need to wall garden the malicious Domain request and instead route to
>> that server itself.
>>
>
> I assume that you are saying that you need to 1) filter malicious domains
> and 2) you want requests for them to be resolved to your (DNS?) server.
>
> e.g. my DNS server IP is 192.168.5.47 and would like to wall-garden the
>> request and provide the IP 192.168.5.47 since I have 0.3 million domains
>> specifying IP in front of them would not be a good option.
>>
>
> What do you mean by "specifying IP in front of them would not be a good
> option"?  Are you saying that you don't want to have "$domain A
> 192.168.5.47" entries for all 300k domains?
>
> Without doing anything, BIND will resolve the domains normally.  So you
> will need to do something to each of the domains to cause the RPZ to not
> resolve the domains normally.  This usually means that you will need to
> specify an alternate IP or CNAME for each and every one of them.  I don't
> see a way around this.
>
> Can you please suggest me the way to do that?
>>
>
> Please elaborate on what you are wanting to do and not do.
>
>
>
> --
> Grant. . . .
> unix || die
>
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20180420/0b43b44a/attachment.html>


More information about the bind-users mailing list