On 10/17/2011 06:38 PM, babu dheen wrote:
YOu are obsolutely correct Chris.. I want to block/redirect all malware
domain request intiated by clients by setting up DNS SINKHOLE in Redhat
BIND server.
In older versions of bind, you needed to create a local zone per malware
domain (or hostname). There's no special config - just a really big,
long, list of zones. One problem - there can be hundreds or thousands,
even tens of thousands of zones - and this makes bind slow to start, and
use more RAM.
Example:
zone "www.badstuff.com" {
type master;
file "data/malware-common";
};
...and in data/malware-common:
$TTL 3H
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 127.0.0.1
AAAA ::1
...adjust the A/AAAA records if you want to redirect.
In newer versions of bind, there is RPZ - response policy zone - where
you create a zone e.g. "malware-list.example.com" and put policy records
in it e.g. "www.badstuff.com.malware-list.example.com". Bind honours the
RPZ when clients make a query
Example - see section 6.2.16.20 of the Bind 9.8 ARM:
http://ftp.isc.org/isc/bind9/cur/9.8/doc/arm/Bv9ARM.pdf
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
