I’m confused – does the OP want to block or does he want to redirect. “block/redirect” are two different things. What I wrote will block. If he wants to redirect that’s fine but I don’t think he’d want to redirect to his real webserver – why send bogus traffic there and also take the risk that being so directed the bad user will be able to hack? Dropping the packet in DNS stops it cold. (Not saying they can’t get to web server’s via legitimate paths but it appears the OP has know malefactors.) Is the OP building a honeypot?
________________________________ From: bind-users-bounces+jlightner=water....@lists.isc.org [mailto:bind-users-bounces+jlightner=water....@lists.isc.org] On Behalf Of Ryan Novosielski Sent: Monday, October 17, 2011 3:52 PM To: babu dheen; Bind Users Mailing List; c...@cam.ac.uk Subject: Re: DNS Sinkhole in BIND I do this. There may now be a smarter way, but I have a small number so this is manageable for me: configure zones for each of the evil zones. Your server will appear authoritative and you can direct clients wherever you like. I direct some of mine to a virtualhost handing out 503 errors. -- Sent from my Palm Pre ________________________________ On Oct 17, 2011 13:46, babu dheen <babudh...@yahoo.co.in> wrote: YOu are obsolutely correct Chris.. I want to block/redirect all malware domain request intiated by clients by setting up DNS SINKHOLE in Redhat BIND server. --- On Mon, 17/10/11, Chris Thompson <c...@cam.ac.uk> wrote: From: Chris Thompson <c...@cam.ac.uk> Subject: Re: DNS Sinkhole in BIND To: "Bind Users Mailing List" <bind-users@lists.isc.org> Cc: "babu dheen" <babudh...@yahoo.co.in> Date: Monday, 17 October, 2011, 8:19 PM On Oct 16 2011, babu dheen wrote: > Can anyone help me how to setup DNS Sinkhole in BIND on Linux 32 bit edition. All the replies to this so far seem to assume that he wants to block evil entities from using his nameservers. But Google seems to suggest that "DNS Sinkhole" usually refers to redirecting names that are being used for evil purposes to e.g. a local monitoring station - not the same thing at all. -- Chris Thompson Email: c...@cam.ac.uk<http://in.mc1373.mail.yahoo.com/mc/compose?to=c...@cam.ac.uk> Athena®, Created for the Cause™ Making a Difference in the Fight Against Breast Cancer --------------------------------- CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you. ----------------------------------
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
